March | Updates from the SOC

Welcome to the March Edition of The Watch, featuring cyber intel from Deepwatch Labs, information security news, industry insights, and upcoming Deepwatch events.

Hit the subscribe button to stay in the know!

?? IN THIS ISSUE:

1. 2024 ATI Threat Report
2. Deepwatch Insights: A Guide to Building a Resilient Security Operations Program
3. Curated Cyber Threat Intelligence
4. Deepwatch 2024 CKO
5. An Effective SOC
6. Infosec Updates
7. ICYMI: New Podcast Episode
8. Recognizing Women’s History Month!

Observations, Metrics, Trends & Forecast from the Deepwatch Adversary Tactics & Intelligence Team

We are pleased to provide the Deepwatch Adversary Tactics and Intelligence 2024 Threat Report, including observations and our forecast for what organizations can expect in 2024.?

The annual ATI Threat Report is based on in-depth analysis of our open-source intelligence reporting, nearly 1.5? million security-related events detected across our customer environments, and ATI response engagements.?

Examine our most predominant threats, techniques, and trends, as well as our most significant observations in 2023. Read how the threat landscape will change in 2024, and how teams must prepare to become more cyber resilient..

Dive into the full report.

?? Insights Blog: A Guide to Building a Resilient Security Operations Program

Written by: Brian Magner , VP of Solutions Architecture

Get guidance from one of the largest SOCs in the business on key components to building a resilient security operations program.

Read the full blog post here.

?? Deepwatch Threat Intelligence

Deepwatch provides curated cybersecurity threat intelligence to keep your organization and SOC ahead of the latest security threats and zero-day vulnerabilities. Below are a few top cyber threats & insights from the past month.

?? Another Ivanti Connect Secure and Policy Secure Vulnerability, Details on the Cloudflare Attack, a New Variant of Mispadu Stealer, and Valid Account Abuse Challenges

• Infected USB Drives Lead to Backdoor Infection, Spreading, and Follow-on Activity.
• Details Emerge From Cloudflare’s Thanksgiving 2023 Attack.
• Suspected New Variant of Mispadu Stealer Discovered.
• Another Ivanti Connect Secure and Policy Secure Vulnerability (CVE-2024-21893) Exploited.
• Navigating the Landscape of Valid Account Abuse.
• Threat Actors Still Using Microsoft Excel Files to Deliver Malware.

Read more on these topics here.

?? CISA Warns of Chinese Pre-Positioning for Attacks, New Raspberry Robin Variant, Bumblebee and Pikabot Return, Ivanti Vulnerability Deploys Unknown Webshell, and Nearly 100 New Ransomware Victims in a Week.

• Chinese Threat Actors Pre-Positioning for Disruptive or Destructive Cyberattacks Against US Critical Infrastructure.
• New Raspberry Robin Variant Discovered, Employing New Techniques and Exploits.
• Ivanti Vulnerability (CVE-2024-21893) Exploited to Deploy Unknown Web Shell.
• Pikabot Returns With Significant Changes.
• Bumblebee Returns After 4-Month Hiatus in New Phishing Campaign.

Read more on these topics here.

?? TicTacToe Dropper Is No Game, No Malware Needed for Access to Government Victim, and Tycoon Group Offers New Phishing-as-a-Service

• New Malware Dropper Family, Delivering Various Payloads, Discovered.
• Cyber Attack With No Malware, Compromised Account Used to Access and Exfiltrate Sensitive Data.
• New Phishing-as-a-Service Platform Discovered.

Read more on these topics here.

?? Russian Turla Deploys New Arsenal, ConnectWise ScreenConnect Exploit Delivers Malware, and Cozy Bear Goes Cloud

• ?Russian APT Turla Deploys New Arsenal and C2 Mechanism with Web Shell Capabilities?
• Threat Actors Exploit ConnectWise ScreenConnect to Deliver Malware
• How APT29 is Adapting to Government and Corporations Move to Cloud Infrastructure

Subscribe to Deepwatch Labs to stay up-to-date on the latest cyber threat intelligence, advisories, and recommendations.

?? Deepwatch 2024 CKO was a Home Run!

The 2024 Deepwatch Company Kick-Off took place last month, where the team came together to highlight the updates and insight on how we're continuing to innovate our security operations through 2024!?

??? Wondering what makes an effective security operations center (SOC)?

Our very own Director of SOC Analyst Operations, Kyle S. , sheds some light on three pillars that can be attributed to a successful SOC. Watch below!

?? Trending Infosec Updates

?? ICYMI...

In episode two of the Deepwatch Overwatch Podcast , security leaders have a candid discussion regarding their expectations for the 2024 security operations and cybersecurity industry.?

Watch the full episode by clicking below!

♀? Recognizing the Women of Deepwatch During Women’s History Month!

Supporting women in cybersecurity, the Women of Deepwatch Affinity Group provides an environment to support, promote, and empower a diverse group of women at Deepwatch both personally and professionally through shared experiences, resources, and encouragement.

Learn more about the Women of Deepwatch here.

#WomensHistoryMonth

About Deepwatch

Deepwatch? is the leading managed security platform for the cyber resilient enterprise. The Deepwatch Managed Security Platform and security experts provide enterprises with 24/7/365 cyber resilience, rapid detections, high fidelity alerts, reduced false positives, and automated actions. We operate as an extension of cybersecurity teams by delivering exceptional security expertise, visibility across your attack surface, precision response to threats, and a compelling return on your security investments. The Deepwatch Managed Security Platform is trusted by many of the world’s leading brands to improve their security posture, cyber resilience, and peace of mind. Learn more at www.deepwatch.com .

Follow Deepwatch on LinkedIn and X (formerly Twitter) .