September | The Watch: A New Commitment to Cyber Resilience

Welcome to the September Edition of The Watch, featuring cyber intel from Deepwatch Labs, information security news, industry insights, and upcoming Deepwatch events. Hit the subscribe button to stay in the know!

?? IN THIS ISSUE:

1. The Deepwatch Managed Security Platform
2. Deepwatch Insights
3. Curated Threat Intelligence
4. September Events: See Where We've Been
5. The Cyber Resilient Enterprise
6. ICYMI
7. Deepwatch Careers: Join Us!
8. InfoSec News?
9. Employee Spotlight
10. Upcoming Events!

The Deepwatch Managed Security Platform

The Deepwatch Managed Security Platform is our holistic approach to cybersecurity, combining industry-leading technology, security experts, and patented processes to improve your organization’s cyber resiliency.?

Our managed security platform combines the technology, people, and processes for a hybrid, collaborative approach to measuring and improving your security program. Three key components include:

• Threat Management Capabilities encompass the security technology stack utilized by Deepwatch to proactively identify and address cyber threats.
• The Deepwatch Security Center provides an advanced engagement window to facilitate strategic and tactical conversations between you and your squad of Deepwatch Experts, providing improved visibility for proactive protection.
• Deepwatch Experts, including named analysts, engineers, and threat hunters do more than cover shifts 24/7/365, they become an extension of your organization.

Access the eBook .

?? Insights Blog: Your Role is Not to Prevent Every Attack

Written by: Bill Bernard , AVP Security Strategy

“Your program has to be aware of current threats, be ready to survive those threats with a minimum of impact, and improve your program to better survive the next event.”

In this blog, Deepwatch AVP of Security Strategy Bill Bernard talks about the need for new thinking in cybersecurity.

Read the full blog post here .

?? Deepwatch Threat Intelligence

Deepwatch provides curated cybersecurity threat intelligence to keep your organization and SOC ahead of the latest security threats and zero-day vulnerabilities. Below are a few top cyber threats & insights from the past month.

?? Voice Phishing’s Success with Resetting Single Sign-on Portal Passwords Sees Sudden Surge

Threat actors, especially Scattered Spider (UNC3944), have been using voice phishing techniques (vishing) to reset users' passwords, including single sign-on MFA factors. According to VX Underground, Scattered Spider used this technique recently to compromise MGM Resorts. The threat actors contacted organizations' help desks with phone numbers potentially listed on public-facing sign-in help pages. Furthermore, they likely performed open-source research of social media profiles, like LinkedIn and X (Twitter), posts, and similar platforms, of target companies to identify strategic users who likely have a privileged account. By contacting the IT help desk, the threat actors can manipulate help desk personnel into resetting accounts with access to sensitive applications with higher privileges. The threat actors could then log in to single sign-on portals from the internet, giving them access to sensitive applications and systems.

?? Threat Actors Use New Infiltration Technique to Deliver NetSupport RAT

In an ongoing campaign detected by Trellix’s Advanced Research Center, threat actors use fake Chrome browser updates to lure users into installing the NetSupport Manager, a remote administration tool. This malicious tool allows them to steal data and gain full control over the victim’s computer. Drawing similarities with a prior campaign that used the SocGholish malware, this campaign employs a series of staged downloads and scripts to achieve its nefarious goals. While there’s no direct evidence connecting the two campaigns, it’s evident that the modus operandi of using browser updates as bait persists, albeit with variations in the tools and scripts used for execution.

?? Analysis of LAPSUS$ and Affiliated Threat Groups: TTPs and Mitigation Strategies

A new CISA report finds that threat actors, including the Lapsus$, Yanluowang, and Karakurt, conduct extensive research to familiarize themselves with their targets before launching operations. Standard methods include port scanning and traditional research methods. They exploit trust relationships between third-party service providers, bypass multi-factor authentication systems using varied techniques, and, once inside, escalate privileges through multiple means ranging from simple password theft to advanced tool usage.?

?? Midnight Blizzard Compromises Small-Business Microsoft 365 Tenants for Targeted Teams Phishing Campaign

According to Microsoft Threat Intelligence, Midnight Blizzard, a Russia-based threat actor attributed to the Foreign Intelligence Service of the Russian Federation (SVR), has conducted a targeted social engineering campaign using Microsoft Teams. The campaign involves compromising Microsoft 365 tenants owned by small businesses to create phishing lures, engaging users with multi factor authentication (MFA) prompts to steal credentials. We believe the threat poses a significant risk to targeted organizations and potentially the broader governmental landscape, with potential national security implications.

?? Weak Credentials in Apache Tomcat Deliver Mirai Botnet

According to a 2023 Weak Password Report, the top base word in leaked Nvidia passwords is “Nvidia.”? We all know weak passwords aren’t just the sin of office workers, they’re also a problem for people with critical access to networks.?

A recent blog post from Aqua Security provides analysis of the TTPs employed by threat actors to infect Apache Tomcat servers with the Mirai malware to enroll the servers into the Mirai botnet. Threat actors used a brute force attack to guess the password of an account with weak credentials, accessing the web application manager of an Aqua Tomcat honeypot. They then deployed a WAR file containing a web shell, enabling remote code execution. The threat actors then downloaded and executed a shell script, which downloaded and ran the Mirai malware.

Subscribe to Deepwatch's Cyber Intel Brief to stay up-to-date on the latest cyber threat intelligence, advisories, and recommendations.

?? Deepwatch September Events?

Black Hat 2023!

The team at Deepwatch spent the week connecting with other industry professionals at Black Hat , and two lucky winners took home an electric guitar!?

?? Deepwatch is the Leading Managed Security Platform for the Cyber Resilient Enterprise

Learn how we are creating a safer and more resilient digital economy by visiting our website here .

?? ICYMI...

?? VIRTUAL EVENT | Move Beyond Detection and Response to Accelerate Cyber Resilience

Watch Now as we unveil the evolution of security operations beyond detection and response that will redefine the way you improve your security posture and reduce risk to ensure protection and peace of mind.

?? PRESS RELEASE | Deepwatch Announces New Platform Enhancements to Maximize Cyber Resilience

"The new platform enhancements are designed to move Deepwatch and its customers beyond legacy Managed Detection and Response (MDR) to a state of maximum cyber resilience. The new Deepwatch Managed Security Platform enables a 3x increase in true positives, a 98% reduction in false positives, acceleration of response actions, and an increased return on investment from current security architecture and teams."

Read the full press release .

?? Find Your Career With Deepwatch!

Our core values drive everything we do at Deepwatch, including our vision to be the cybersecurity partner every enterprise relies on to deliver mission-critical cyber resilience in an increasingly digital world. We seek out tenacious individuals who are passionate about solving complex problems and protecting our customers.

View all open positions on our website here .

?? Trending Infosec Updates

?? Employee Spotlight

Successful cybersecurity involves a dedicated team implementing effective processes and technology. We value teamwork here at Deepwatch, as collaboration is a foundation of our services.

September’s Employee Spotlight, Eric Ford, Sr. Threat Intelligence Analyst, shares what he believes makes a great team. Read below!

"A great team is built on trust, open communication, and a shared vision. Each member should feel valued for their unique skills and contributions and aligned with the team's collective goals. Diversity of thought and a culture of continuous learning are also crucial for a team's success."

?? UPCOMING EVENTS...

.conf GO Atlanta | September 21st

.conf Go will be in Atlanta on September 21 this year. Hear about the latest product innovations from Splunk leaders, plus new ways our customers are securing their systems while delivering exceptional customer experiences and innovating for the future.

Whether your organization is a longtime Splunk customer or yet to begin your Splunk journey (or somewhere in between), .conf Go is your chance to join in on the fun and learning. Join us in Atlanta!

Register today !

About Deepwatch

Deepwatch? is the leading managed security platform for the cyber resilient enterprise. The Deepwatch Managed Security Platform and security experts provide enterprises with 24/7/365 cyber resilience, rapid detections, high fidelity alerts, reduced false positives, and automated actions. We operate as an extension of cybersecurity teams by delivering exceptional security expertise, visibility across your attack surface, precision response to threats, and a compelling return on your security investments. The Deepwatch Managed Security Platform is trusted by many of the world’s leading brands to improve their security posture, cyber resilience, and peace of mind. Learn more at www.deepwatch.com .

Follow Deepwatch on LinkedIn and X (formally Twitter) .