It would just take an XDR to begin with

Another week in cyber, and there is a lot to share and to do ! There is too much to fit, so I did stick to the key points I wanted to highlight :D That should wrap the week !

(I link to my linkedin posts, from there you can see my take, sorry if there is some rant in it :P and read the linked article)

Saturday April 3rd - Brown University hit by cyberattack, some systems still offline

Satruday April 3rd again, we learned that Asteelflash electronics maker hit by REvil ransomware attack and much more ransomware victims sadly.... all of these could have been stopped

Sunday April 4th - Malware attack is preventing car inspections in eight US states

Sunday April 4th - It's not a bug, it's a feature ! 533 million Facebook users’ phone numbers leaked on hacker forum

Sunday April 4th - Google’s Pixel & Apple’s iPhone Track & Transmit Telemetry Data, Despite The User Explicitly Opting Out – New Report

Tuesday April 6th - More Sophisticated Ukraine Attack | The Top 20 Cyber Attacks on Industrial Control Systems #7 | iSi

Tuesday April 6th - Spy Operations Target Vietnam with Sophisticated RAT

Wednesday April 7th - Scraped Data of 500 million LinkedIn users sold online

Wednesday April 7th - Critical Auth Bypass Bug Found in VMware Data Center Security Product

Wednesday April 7th - Active since 2019 ! Experts uncover a new Banking Trojan targeting Latin American users

Thursday April 8th - Did 4 Major Ransomware Groups Truly Form a Cartel? An analysis of well-known extortion groups and their cryptocurrency transactions reveals the answer

Thursday April 8th - Patch Management as a Service: Giving MSPs an Edge in SMB Security

Thursday April 8th - Azure Functions Weakness Allows Privilege Escalation

Friday April 9th - Ransomware Gangs Using a new Method to Collect Ransom Payments from Victims

There is a common point in most of these attacks, either ransomware or malware, it moves laterally in your infrastructure and systems. Even if employees are remote, attack take place then by email, or locally on the network depending on what the payload detects.

I'm involved in incident response quite a lot (actually this newsletter got a bit late because of an emergency), as organizations tend to call after an incident and not before. Sadly, it costs a lot more fixing, than preventing.

I'm not saying XDR is bullet proof, but honestly, XDR would have stopped, or a least limited the impact in a lot of incidents we see. This is about reducing the risk. At VARS we picked a solution that we saw in action, it stopped exchange afnium, it stopped unknown attacks, where others totally missed it. I'm not sharing the name (reach out to know more), as this newsletter will stay, and what is the best today, might no longer be the best tomorrow. As MSSP, we proceed with due diligence, and when a solution is getting old, or something better comes, we drive you toward what's best when needed. Security is also being agile in the security posture.

Have a great weekend all, feel free to leave a comment, always happy to read feedback !

Linkedin tells me there is more than 14K subscribed to my newsletter, so I'm a bit stressed releasing this, always a few typos and all, but you know me, used to my posts anyhow !

Let's see how this goes ;)