Cyber 360 integrates threat intelligence
Our Cyber 360 XDR solution integrates threat intelligence for detection and enrichment from leading 3rd party feeds and proprietary sources that auto-enrich endpoint incidents with real-time threat intelligence. It empowers security teams to get additional contextual risk scores on Indicators of compromise (IOCs).
Small businesses are attractive targets for cybercriminals because they frequently lack the cybersecurity defences of larger organizations. Forty-three percent of all cyber attacks target small businesses, and the consequences of these breaches can be devastating. In fact, 60% of all small businesses victims of a data breach permanently close their doors within six months of the attack.
The best way to reduce the damage of a cyber attack is to prepare for one. This may include measures such as having a comprehensive cybersecurity plan that engages experts as necessary.
For many small businesses, a cyberattack may seem highly unlikely and so they ignore the risk. This is a huge misconception and can result in devastating consequences.
EU agencies warn of malicious cyber activities by APT groups
The European Union Agency for Cybersecurity (ENISA) and Computer Emergency Response Team (CERT-EU) jointly published an alert about sustained cyber activity by specific threat actors.
It warned that the threat groups APT27, APT30, APT31, Ke3chang, Gallium and Mustang Panda had been observed targeting business and governments in the EU, with recent activity focused on information theft, primarily via establishing persistent footholds within networks.
The EU has already urged the Chinese authorities to take action against malicious cyber activities undertaken from their territory.
ENISA and CERT-EU have both called on all organisations to take action to reduce the risk of being compromised and improve their cyber resilience by following the recommended mitigations in the report.
Organisations of all sizes can be targeted by a range of cyber actors so it is vital they put defences in place.
Royal Mail refused to pay £66m LockBit ransom demand. It has said it continues to experience service disruption as a result of the incident, while it continues to “make progress” by using alternative solutions and systems not affected by the cyberattack, it remains unable to process international parcels at Post Office branches across the United Kingdom.
“Our teams are continuing to work around the clock to reinstate remaining export services as quickly as we can.” Some reports claimed that Royal Mail was the target of ransomware that compromised machines used to print customs labels for parcels sent to overseas destinations.
Royal Mail ships to more than 200 countries and territories, and sent about 200,000 parcels overseas every day last year, according to the BBC.
SCARLETEEL Campaign Steal Proprietary Data from Cloud
A new advanced hacking operation, dubbed SCARLETEEL, has been found targeting Kubernetes hosted on AWS to steal sensitive proprietary data. However, cybercriminals camouflage their campaigns as cryptojacking operations.
The SCARLETEEL attack increased their attack surface with continuous attempts to gain additional resources from the compromised account and perform enumeration on different AWS resources in the connected cloud account. Organizations and individuals are suggested to adopt extra measures, such as conducting frequent audits and securing vulnerable applications to reduce the potential attack surface and prevent lateral movement in the cloud.
TA569 and its SocGholish Payload
TA569 is a highly active malicious entity that is primarily recognized for its utilization of website injections to introduce the SocGholish payload. Recently, researchers from Proofpoint have noted alterations in the TTPs adopted by TA569. The modifications involve a surge in the number of injection types and a shift to other payloads.
Proofpoint has published domain rules for TA569-controlled domains that can be monitored and blocked to prevent the download of malware payloads. Defendants are suggested to remain vigilant while evaluating alerts. Furthermore, educate end users about the TTPs used by this threat group.