Enterprises that use endpoint security and management technologies face a problem of growing marketplace “sprawl,” as new tools proliferate and options multiply, according to a study released today by the Enterprise Services Group.

Between the ongoing influence of remote work and IoT, the number and diversity of devices that have to be managed by endpoint security tools is on the rise. As a consequence, the number of available tools to manage them has also risen.

An ESG survey of 380 security professionals in North America, commissioned by cybersecurity company Syxsense, showed that companies using larger numbers of different tools to manage their endpoints had larger proportions of unmanaged endpoints, compared to those with fewer. Put simply, the complexity of the current-day device environment is leading to worse security, according to the research.

To read this article in full, please click here

Researchers warn that a new threat actor has been targeting over a thousand organizations since October with the goal of deploying credential-stealing malware. The attack chain also involves reconnaissance components including a Trojan that takes screenshots of the desktops of infected computers.

Tracked as TA866 by researchers from security firm Proofpoint, the group’s tooling seems to have similarities to other campaigns reported in the past under different names going as far back as 2019. Even though this latest activity appears to be financially motivated, some of the possibly related attacks seen in the past suggest that espionage was also a motivation at the time.

To read this article in full, please click here

Security teams are comprised primarily of operations, compliance, and policy-related roles. Security engineering teams, on the other hand, are builders. They build services, automate processes, and streamline deployments to support the core security team and its stakeholders. Security engineering teams are typically made up of software and infrastructure engineers, architects, and product managers.

The collective security/security engineering team mindset is also that of a builder, quite different from that of a penetration tester or third-party risk management assessor. This presents a challenge to security leaders. As security engineering teams continue to grow in prominence, CISOs need to be intentional with their structure and development.

To read this article in full, please click here

The recent kerfuffle surrounding the Chinese surveillance balloon that sailed above Canada and the United States before meeting its demise off the southeastern coast of the United States has tongues wagging and heads scratching in equal measure. While some may write this off as geopolitical shenanigans by China and nothing to fret about, I submit that it is emblematic of a nation-state using all resources available to acquire pieces of information and fill in the blanks on the mosaic they are building about a potential adversarial nation.

The physical threat posed by this balloon and the collection platform that dangled below it was negligible unless the balloon fell from the sky and landed in a populated area. It did not. When it met its demise, it was shot down by a US F-22 Raptor and fell into US territorial waters off the coast of South Carolina.

To read this article in full, please click here

Trustwave SpiderLabs researchers have cited an increased prevalence of HTML smuggling activity whereby cybercriminal groups abuse the versatility of HTML in combination with social engineering to distribute malware. The firm has detailed four recent HTML smuggling campaigns attempting to lure users into saving and opening malicious payloads, impersonating well-known brands such as Adobe Acrobat, Google Drive, and the US Postal Service to increase the chances of users falling victim.

HTML smuggling uses HTML5 attributes that can work offline by storing a binary in an immutable blob of data (or embedded payload) within JavaScript code, which is decoded into a file object when opened via a web browser. It is not a new attack method, but it has grown in popularity since Microsoft started blocking macros in documents from the internet by default, Trustwave SpiderLabs wrote. The four malware strains that have recently been detected using HTML smuggling in their infection chain are Cobalt Strike, Qakbot, IcedID, and Xworm RAT, the firm added.

To read this article in full, please click here

A UK/US campaign to tackle international cybercrime has seen Seven Russian cybercriminals linked to a notorious ransomware group exposed and sanctioned. The sanctions were announced today by the UK’s Foreign, Commonwealth and Development Office (FCDO) alongside the US Department of the Treasury’s Office of Foreign Assets Control (OFAC). This follows a lengthy investigation by the National Crime Agency (NCA) into the crime group behind Trickbot malware, as well as the Conti and RYUK ransomware strains, among others, a NCA posting read.

To read this article in full, please click here

Ask nearly any security leader whether they have adequate resources to protect their organization effectively and consistently, and you’ll likely hear an emphatic “No.” Given that an estimated 3.4 million people are needed to fill the global cybersecurity workforce gap, it’s no surprise that CISOs feel that they need more staff to safeguard their networks, let alone focus on more strategic priorities. And nearly 70% of leaders say this skills gap creates additional cyber risks for their business.  

To read this article in full, please click here

It’s that time of year again when many of your favorite security professionals and vendors roll out their predictions for the coming year. Although not all of us have clairvoyant abilities, seasoned pros can spot a trend early and inform the rest of us before we’re caught off guard. Because adversaries continually adapt and change, security practitioners must also adapt their thinking, understanding, and defenses to combat innovation by using tools such as threat intelligence, threat hunting, and proactive suppression. In this spirit, we have identified a few trends to look out for before it’s too late.

1. Geopolitical unrest

Although distributed denial-of-service (DDoS) attacks have steadily increased over the past 20 years, recent data firmly establishes the reality that network operators need to understand, prepare for, and expect attacks related to politics, religion, and ideology. Nation-state actors  often directly target internet infrastructure to take out critical communications, e-commerce, and other vital infrastructure dependent on internet connectivity. This, of course, means targeting internet service provider (ISP) networks to hobble internet connectivity.

To read this article in full, please click here

Uncertainty and instability marked the end of 2022 for many in the tech sector, a trend that bled into the beginning of 2023. Following on the heels of a drought in IT talent came mass layoffs at many of the world’s biggest tech companies as predictions of recession loomed and war in Ukraine dragged on with no end in sight.

Global concern over cybersecurity has never been higher, with attacks coming fast and furious and in ever-growing numbers, and 65% of organizations planned to increase cybersecurity spending in 2023. That means CISOs may be pressured to do more with what they have as budgets shrink even as demand for security increases. And they should be aware of what could change if one of their vendors is acquired in this climate.

To read this article in full, please click here