Article Topic – North Korean Spies Are Infiltrating U.S. Companies Through IT Jobs
Article Summary: The article focuses on how the United States (US) Government has identified another North Korean-state-sponsored cyber warfare operation involving advanced persistence threat attackers (APT) infiltrating US tech companies as information technology (IT) new hires while serving as cyber spies for Pyongyang.
Historical relevance: Since the ceasefire between North and South Korea, US-led sanctions from the International Community (IC) have been levied against the state. First, because of North Korea’s continued threats of aggression against US allies within the Korean Peninsula region. Secondly, as a result of the state’s continued nuclear proliferation, as well as weapons of mass destruction (WMD) pursuits. Before Russia began its military engagement with Ukraine, North Korea spent decades as the most sanctions and isolated member of the IC; these diplomatic measures have had devastating economic ramifications for the state. North Korea likely views the US as its primary target for conducting cyber warfare operations.
Article Highlights: The article highlights how North Korea has capitalized on a post-COVID boom in remote work with the tech industry and has been able to secure IT jobs using the stolen identity if foreign. Through classic APT tactics, IT-savvy North Korean operatives have proven capable of conducting the research required to locate and bypass the administrative and technical procedures of the US targets.
Research conducted by an analyst with Google Cloud’s Mandiant cyber-threat division suggests that North Koreans have been hired for hundreds – and potentially thousands – of low-level IT positions within the past few years.
These operations target entertainment networks, tech companies, the defense contract industry, retail and manufacturing industries, and US government agencies. They have netted the Kim Jong Un regime hundreds of millions of dollars annually.
In addition to cooperating with agencies within the intelligence community (IC), US tech companies have implemented advancements to their countermeasures that combat state-sponsored cybercriminals and cyberwarfare operations. Though not in the tech company’s interest to be forthcoming, the articles highlight the machine-learning capabilities of artificial intelligence (AI) as key to assisting US IT workers and researchers in combating suspicious cyber activities and anomalies within their hiring processes.
Trend Identified: This is not a new revelation. Cybercrime and cyber warfare are lucrative enterprises, with revenues estimated at tens of trillions of dollars annually. While the US and its Western allies frequently top the list of states suffering the most state-sponsored cyber threats annually, North Korea isn’t included on the list of the most advanced threat nations in terms of cyberattacks and technological capabilities.
What I found alarming is the rise of US citizens willingly or unwillingly assisting foreign agents in their attempts to engage in cyber espionage against the US. This article includes more federal indictments against US citizens for their role in helping suspected North Korean state-sponsored agents in their attempts to infiltrate US tech companies.
Earlier this year, the Department of Justice unsealed court documents that revealed the conviction of US citizens for their role in assisting foreigners (some of whom included North Koreans) in obtaining stolen identities and credentials of US citizens for profits between 2023 and 2024.
Adobe evolves its risk management strategy with homegrown framework
Adobe has taken its cybersecurity game to the next level with a new approach called the Security Risk Management Framework (SRMF). It’s designed to help the company’s leadership make smarter decisions about tackling cybersecurity risks while keeping everyone in the loop on the latest challenges.
With digital business evolving so fast, new risks pop up all the time. So, Adobe built the SRMF to be agile and responsive, taking what they learned from their previous system (the Common Controls Framework) and adding more automation and data-driven insights. The goal is to spot security risks quickly, measure them, and decide how to deal with them more effectively.
To make it work, Adobe set up different committees that focus on risk management, threat analysis, and keeping everything running smoothly. The SRMF has helped them streamline security planning and have better conversations about risk across their teams, which are spread all over the world. They’re also investing in new tech and security practices to stay ahead of the curve, like “shifting left” in product development meaning they catch security issues earlier in the process.
This new framework is still new, but Adobe is already seeing benefits in how they handle cybersecurity. It’s all about collaboration, data, and making sure the right decisions are made to keep everything safe.
In early April 2024, Microsoft launched its Purview Data Governance solution set to be generally accessible on September 1st, 2024. The platform has gained popularity with more than 1,500 commercial entities actively participating in data governance activities using AI technology to automate essential governance functions like data categorization and metadata management. Purview now includes an integrated Copilot feature and improved collaboration, with Microsoft Fabric to facilitate data governance tasks. The federated governance model powered by AI allows different business units to oversee their data efficiently in line with regulations and in sync with contemporary data classification methods and frameworks.
The article I chose focuses on ransomware attacks on critical infrastructure, the effects these attacks have, and how we are working to lower the number of attacks. The article collected data on ransomware attacks in 2023 and found that from 2022 to 2023 ransomware attacks were up 18%, with a 74% increase in losses. The main target for ransomware attacks is healthcare, and the article uses the example of Change Healthcare. The IT platform was a victim of a ransomware attack and remained non-operational for weeks after AlphV intruded the company’s IT systems. The main issue highlighted in the article, is that even though so many businesses are being attacked, they fail to report these incidents to the FBI. When the FBI infiltrated the Hive ransomware group’s infrastructure, they discovered that only 20% of Hives victims reported to law enforcement. The article is interesting as it reveals that not only is there a massive increase in ransomware attacks on critical infrastructure, but that many businesses are failing to report attacks, leading to skewed data, and making it difficult for the FBI to operate.
WH launches cyber hiring sprint to fill open tech roles
The White House has launched a cyber hiring sprint, led by the Office of the National Cyber Director (ONCD), to address the roughly 3,000 open federal cybersecurity, technology, and artificial intelligence positions. National Cyber Director Harry Coker emphasized that these jobs are not only critical to national security but also offer meaningful and well-paying opportunities. The initiative includes events, such as a National Cybersecurity Virtual Career Fair on September 27, and a dedicated website for job listings across federal agencies.
This article was about how password reset attacks have surged four-fold in the past year. Attackers are increasingly using bots, leading to a 1680% rise in bot-based attacks. The most common targeted areas are streaming services, e-commerce, and mobile services. The elderly are more susceptible to falling victim to these attacks. Over the last two weeks we have discussed the risk of human error in information security. This is a good example of that. Vulnerable groups do not even realize they are doing anything harmful by clicking the link and putting in their password. This article also highlights the importance of multifactor authentication, which I think we can all agree can be rather annoying and inconvenient. However, it is a powerful tool in mitigating these risks.
When Cyber Security Breaches Are Inevitable, It’s Time To Call For A New Approach
This article talks about the new way technology leaders in Fortune 500 companies are starting to view cybersecurity and resilience. Chief Information Officers (CIO) and Chief Information Security Officers (CISO) are becoming aware of the use of AI and quantum computer technologies to scale up attacks on organizations.
It was researched that 92% of cloud customers have been targeted across 2023 with 63% of those organizations experiencing successful attacks. The view on resiliency is now that an attack is inevitable and that organizations should now be focused on ensuring business continuity during and after attacks. Companies should do the work required to create policies, controls, and implement measures that will strengthen their systems after each attack rather than just stopping the attack.
The solutions posed in this article to defend against inevitable attacks, are to have frequent backups in offsite facilities, conduct trainings on plan of actions in the event of an attack, implement controls that flag suspicious access of information systems and protect as it moves through the network. Organizations are also advised to dare to adapt new information security measures, policies, and controls despite the vendor relations established and budgets set.
This article talked about the SpyAgent malware infecting Android phones. The malware disguises itself as typical android apps. The apps uses loading screens, redirects, and buffering blank screens to work to access all the images on the device. The malware works to then find patterns in the data it stole to find a 12-24 length passphrase that will be used to access users’ crypto wallet and steal their cryptocurrency. A version of the malware titled iPhone was found but no further evidence of an iphone version was found. Google has since released “Google Play Protect live threat detection” that utilizes AI to detect anomalies in apps.
FBI Fails to Secure Sensitive Storage Media Destined for Destruction, Audit Reveals
The Department of Justice’s office of the Inspector General (OIG) recently conducted an audit that uncovered deficiencies in how the FBI managed retired electronic storage devices containing sensitive and classified data. The audit found that the FBI failed to properly label and safeguard devices such as internal hard drives and thumb drives that held a mix of sensitive yet unclassified police data along, with classified national security information. These decommissioned storage devices were left unsecured on pallets for extended periods and were within reach of about 400 individuals including contractors which led to worries about unauthorized access. The FBI’s inadequate tracking and labeling practices meant these devices were not consistently monitored or properly accounted for, especially those removed from Top Secret computers. To mitigate these risks, the OIG recommended that the FBI enhance its protocols by properly labeling, tracking, and securing storage devices, as well as improving physical security measures at destruction facilities to prevent unauthorized access and data loss.
The mobile game, Clash of Clans, has garnered hundreds of thousands of downloads from the Google Play store. However, it had put its users at risk of data manipulation and potential attacks after the exposure of the company’s hardcoded secrets and Firebase database. Although highly sensitive data was not exposed, attackers could exploit the Google storage bucket and critical app secrets to interrupt services and compromise user security. Since the impact of the risk was not deemed too severe, the company did not implement any mitigation strategies. They accepted the risk and the consequences of it. This incident relates to risk evaluation by underlining the vulnerabilities when it comes to involving third-party apps within the popular mobile game.
This articles talked about the resurface of predator spyware, sanctions and public exposure silenced Intellexa for months, predator is a handwork of European-based Intellexa, they have targeted members of the U.S congress, united nations officials and more, Insikt group in a published research shared exclusively with CyberScoop said, it has observed new infrastructure and domains connected to the infamous spyware. Findings from the report shows that while Predator operators did modify certain aspects of their infrastructure in response to public reporting, including elements of their higher-tier infrastructure and tactics for detection evasion, they maintain their operations with minimal changes and often reuse previously identified infrastructure, in line with previous observations. The firm was able to trace three of the clusters to likely customers in Angola, Saudi Arabia and Congo.
News Article: Leaked Disney data reveals financial and strategy secrets, WSJ reports
Disney suffered a data breach involving over a terabyte of sensitive information, including financial details, employee and customer data, and strategy documents. The leaked data contained personally identifiable information, such as passport numbers and addresses of staff and Disney Cruise Line passengers. Additionally, the breach exposed details about Disney’s revenue, park pricing, and even login credentials for some cloud systems. The hacking group NullBulge released data from Disney’s Slack channels, including 44 million messages. This article highlights the importance of cybersecurity in organizations of all sizes. In relation to class last week this threat can be classified as SC information system [ confidentiality, high, integrity, low, availability, low]. The threat source is adversarial committed by an established hacking group.
Source: https://www.reuters.com/technology/cybersecurity/leaked-disney-data-reveals-financial-strategy-secrets-wsj-reports-2024-09-05/
Since this week’s theme is risk assessment I thought that it would be a good idea to submit a, slightly outdated, global threat report that I read at the beginning of the year.
Report Title: Crowdstrike 2024 Global Threat Report.
Synopsis: This is a threat report that Crowdstrike puts out every year in order to analyze the patterns in attacks from the previous year to both explain to investors how they are going to attempt to mitigate those threats going forward as well as informing clients.
Key Takeaways: The main takeaways from the 61 page report are as follows. The trend of state sponsored actors being the most prevalent threats continues. With the advent of better prevention software and response teams, many adversaries are switching to a focus on stealth. They are also focusing on credential capture through social engineering. There is also a continued increase in third party vendors and cloud-native applications becoming a major vector of attack going forward.
Article: Small Firms need to Work Smarter to Stretch Budgets
I found this article relating to the last question of the week regarding small start-ups and how we could create an information risk profile. This article notes how it’s not just financial constraints that limit options in smaller organizations, but the lack of people allocated to the IT department/security team. According to John France, CISO at ISC2 “In Small to Medium-sized Enterprises, 95% have no one, or less than half a person, dedicated to cybersecurity.” The article details how smaller organizations should focus on the basics such as patching as you do not need specific skills. SMEs should look at the tools that they have and see how they map on to their risk profile – products that are not being used can be removed and money saved. Nonetheless, spending money is not always the way to improve security, small organizations can bolster defenses through training, awareness and utilizing free resources. Smaller organizations can use free resources such as suppliers, universities and are able to get government-funded cyber awareness.
Jocque Sims says
Article Topic – North Korean Spies Are Infiltrating U.S. Companies Through IT Jobs
Article Summary: The article focuses on how the United States (US) Government has identified another North Korean-state-sponsored cyber warfare operation involving advanced persistence threat attackers (APT) infiltrating US tech companies as information technology (IT) new hires while serving as cyber spies for Pyongyang.
Historical relevance: Since the ceasefire between North and South Korea, US-led sanctions from the International Community (IC) have been levied against the state. First, because of North Korea’s continued threats of aggression against US allies within the Korean Peninsula region. Secondly, as a result of the state’s continued nuclear proliferation, as well as weapons of mass destruction (WMD) pursuits. Before Russia began its military engagement with Ukraine, North Korea spent decades as the most sanctions and isolated member of the IC; these diplomatic measures have had devastating economic ramifications for the state. North Korea likely views the US as its primary target for conducting cyber warfare operations.
Article Highlights: The article highlights how North Korea has capitalized on a post-COVID boom in remote work with the tech industry and has been able to secure IT jobs using the stolen identity if foreign. Through classic APT tactics, IT-savvy North Korean operatives have proven capable of conducting the research required to locate and bypass the administrative and technical procedures of the US targets.
Research conducted by an analyst with Google Cloud’s Mandiant cyber-threat division suggests that North Koreans have been hired for hundreds – and potentially thousands – of low-level IT positions within the past few years.
These operations target entertainment networks, tech companies, the defense contract industry, retail and manufacturing industries, and US government agencies. They have netted the Kim Jong Un regime hundreds of millions of dollars annually.
In addition to cooperating with agencies within the intelligence community (IC), US tech companies have implemented advancements to their countermeasures that combat state-sponsored cybercriminals and cyberwarfare operations. Though not in the tech company’s interest to be forthcoming, the articles highlight the machine-learning capabilities of artificial intelligence (AI) as key to assisting US IT workers and researchers in combating suspicious cyber activities and anomalies within their hiring processes.
Trend Identified: This is not a new revelation. Cybercrime and cyber warfare are lucrative enterprises, with revenues estimated at tens of trillions of dollars annually. While the US and its Western allies frequently top the list of states suffering the most state-sponsored cyber threats annually, North Korea isn’t included on the list of the most advanced threat nations in terms of cyberattacks and technological capabilities.
What I found alarming is the rise of US citizens willingly or unwillingly assisting foreign agents in their attempts to engage in cyber espionage against the US. This article includes more federal indictments against US citizens for their role in helping suspected North Korean state-sponsored agents in their attempts to infiltrate US tech companies.
Earlier this year, the Department of Justice unsealed court documents that revealed the conviction of US citizens for their role in assisting foreigners (some of whom included North Koreans) in obtaining stolen identities and credentials of US citizens for profits between 2023 and 2024.
Works Cited
Volz, D. (2024, September 5). North Korean Spies Are Infiltrating U.S. Companies Through IT Jobs. Retrieved from
Wall Street Journal: https://www.wsj.com/tech/north-korean-spies-are-infiltrating-u-s-companies-through-it-jobs-e45a1be8?st=8td7v00yavah7tl&reflink=article_email_share
Christopher Williams says
Adobe evolves its risk management strategy with homegrown framework
Adobe has taken its cybersecurity game to the next level with a new approach called the Security Risk Management Framework (SRMF). It’s designed to help the company’s leadership make smarter decisions about tackling cybersecurity risks while keeping everyone in the loop on the latest challenges.
With digital business evolving so fast, new risks pop up all the time. So, Adobe built the SRMF to be agile and responsive, taking what they learned from their previous system (the Common Controls Framework) and adding more automation and data-driven insights. The goal is to spot security risks quickly, measure them, and decide how to deal with them more effectively.
To make it work, Adobe set up different committees that focus on risk management, threat analysis, and keeping everything running smoothly. The SRMF has helped them streamline security planning and have better conversations about risk across their teams, which are spread all over the world. They’re also investing in new tech and security practices to stay ahead of the curve, like “shifting left” in product development meaning they catch security issues earlier in the process.
This new framework is still new, but Adobe is already seeing benefits in how they handle cybersecurity. It’s all about collaboration, data, and making sure the right decisions are made to keep everything safe.
https://www.csoonline.com/article/3507191/adobe-evolves-its-risk-management-strategy-with-homegrown-framework.html
James Nyamokoh says
Title: Microsoft Purview Data Governance
In early April 2024, Microsoft launched its Purview Data Governance solution set to be generally accessible on September 1st, 2024. The platform has gained popularity with more than 1,500 commercial entities actively participating in data governance activities using AI technology to automate essential governance functions like data categorization and metadata management. Purview now includes an integrated Copilot feature and improved collaboration, with Microsoft Fabric to facilitate data governance tasks. The federated governance model powered by AI allows different business units to oversee their data efficiently in line with regulations and in sync with contemporary data classification methods and frameworks.
Link:
https://www.microsoft.com/en-us/security/blog/2024/07/16/microsoft-purview-data-governance-will-be-generally-available-september-1-2024/
Vincenzo Macolino says
The article I chose focuses on ransomware attacks on critical infrastructure, the effects these attacks have, and how we are working to lower the number of attacks. The article collected data on ransomware attacks in 2023 and found that from 2022 to 2023 ransomware attacks were up 18%, with a 74% increase in losses. The main target for ransomware attacks is healthcare, and the article uses the example of Change Healthcare. The IT platform was a victim of a ransomware attack and remained non-operational for weeks after AlphV intruded the company’s IT systems. The main issue highlighted in the article, is that even though so many businesses are being attacked, they fail to report these incidents to the FBI. When the FBI infiltrated the Hive ransomware group’s infrastructure, they discovered that only 20% of Hives victims reported to law enforcement. The article is interesting as it reveals that not only is there a massive increase in ransomware attacks on critical infrastructure, but that many businesses are failing to report attacks, leading to skewed data, and making it difficult for the FBI to operate.
https://www.cybersecuritydive.com/news/ransomware-hitting-critical-infrastructure-fbi/709814/#:~:text=More%20than%202%20in%205%20ransomware%20attacks%20reported,FBI%20last%20year%2C%201%2C193%20hit%20critical%20infrastructure%20organizations.
Andrea Baum says
WH launches cyber hiring sprint to fill open tech roles
The White House has launched a cyber hiring sprint, led by the Office of the National Cyber Director (ONCD), to address the roughly 3,000 open federal cybersecurity, technology, and artificial intelligence positions. National Cyber Director Harry Coker emphasized that these jobs are not only critical to national security but also offer meaningful and well-paying opportunities. The initiative includes events, such as a National Cybersecurity Virtual Career Fair on September 27, and a dedicated website for job listings across federal agencies.
https://federalnewsnetwork.com/cybersecurity/2024/09/wh-launches-cyber-hiring-sprint-to-fill-open-tech-roles/
Brittany Pomish says
Rapid Growth of Password Reset Attacks Boosts Fraud, Account Takeovers – Infosecurity Magazine
This article was about how password reset attacks have surged four-fold in the past year. Attackers are increasingly using bots, leading to a 1680% rise in bot-based attacks. The most common targeted areas are streaming services, e-commerce, and mobile services. The elderly are more susceptible to falling victim to these attacks. Over the last two weeks we have discussed the risk of human error in information security. This is a good example of that. Vulnerable groups do not even realize they are doing anything harmful by clicking the link and putting in their password. This article also highlights the importance of multifactor authentication, which I think we can all agree can be rather annoying and inconvenient. However, it is a powerful tool in mitigating these risks.
https://www.infosecurity-magazine.com/news/password-reset-attacks-fraud/
Gbolahan Afolabi says
When Cyber Security Breaches Are Inevitable, It’s Time To Call For A New Approach
This article talks about the new way technology leaders in Fortune 500 companies are starting to view cybersecurity and resilience. Chief Information Officers (CIO) and Chief Information Security Officers (CISO) are becoming aware of the use of AI and quantum computer technologies to scale up attacks on organizations.
It was researched that 92% of cloud customers have been targeted across 2023 with 63% of those organizations experiencing successful attacks. The view on resiliency is now that an attack is inevitable and that organizations should now be focused on ensuring business continuity during and after attacks. Companies should do the work required to create policies, controls, and implement measures that will strengthen their systems after each attack rather than just stopping the attack.
The solutions posed in this article to defend against inevitable attacks, are to have frequent backups in offsite facilities, conduct trainings on plan of actions in the event of an attack, implement controls that flag suspicious access of information systems and protect as it moves through the network. Organizations are also advised to dare to adapt new information security measures, policies, and controls despite the vendor relations established and budgets set.
Source: https://www.forbes.com/sites/keithferrazzi/2024/09/03/when-cyber-security-breaches-are-inevitable-its-time-to-call-for-a-new-approach/
David Lanter says
BY: Sarah Maher
“New And Dangerous Android Attack Warning Issued”
This article talked about the SpyAgent malware infecting Android phones. The malware disguises itself as typical android apps. The apps uses loading screens, redirects, and buffering blank screens to work to access all the images on the device. The malware works to then find patterns in the data it stole to find a 12-24 length passphrase that will be used to access users’ crypto wallet and steal their cryptocurrency. A version of the malware titled iPhone was found but no further evidence of an iphone version was found. Google has since released “Google Play Protect live threat detection” that utilizes AI to detect anomalies in apps.
https://www.forbes.com/sites/daveywinder/2024/09/09/new-and-dangerous-android-attack-12-words-are-targeted-by-hackers/
Aisha Ings says
FBI Fails to Secure Sensitive Storage Media Destined for Destruction, Audit Reveals
The Department of Justice’s office of the Inspector General (OIG) recently conducted an audit that uncovered deficiencies in how the FBI managed retired electronic storage devices containing sensitive and classified data. The audit found that the FBI failed to properly label and safeguard devices such as internal hard drives and thumb drives that held a mix of sensitive yet unclassified police data along, with classified national security information. These decommissioned storage devices were left unsecured on pallets for extended periods and were within reach of about 400 individuals including contractors which led to worries about unauthorized access. The FBI’s inadequate tracking and labeling practices meant these devices were not consistently monitored or properly accounted for, especially those removed from Top Secret computers. To mitigate these risks, the OIG recommended that the FBI enhance its protocols by properly labeling, tracking, and securing storage devices, as well as improving physical security measures at destruction facilities to prevent unauthorized access and data loss.
Source: https://www.securityweek.com/fbi-exposing-sensitive-data-via-improper-handling-of-storage-devices-audit/
Neel Patel says
The mobile game, Clash of Clans, has garnered hundreds of thousands of downloads from the Google Play store. However, it had put its users at risk of data manipulation and potential attacks after the exposure of the company’s hardcoded secrets and Firebase database. Although highly sensitive data was not exposed, attackers could exploit the Google storage bucket and critical app secrets to interrupt services and compromise user security. Since the impact of the risk was not deemed too severe, the company did not implement any mitigation strategies. They accepted the risk and the consequences of it. This incident relates to risk evaluation by underlining the vulnerabilities when it comes to involving third-party apps within the popular mobile game.
Link: https://cybernews.com/security/clash-of-clans-third-party-app-leak/
Nelson Ezeatuegwu says
This articles talked about the resurface of predator spyware, sanctions and public exposure silenced Intellexa for months, predator is a handwork of European-based Intellexa, they have targeted members of the U.S congress, united nations officials and more, Insikt group in a published research shared exclusively with CyberScoop said, it has observed new infrastructure and domains connected to the infamous spyware. Findings from the report shows that while Predator operators did modify certain aspects of their infrastructure in response to public reporting, including elements of their higher-tier infrastructure and tactics for detection evasion, they maintain their operations with minimal changes and often reuse previously identified infrastructure, in line with previous observations. The firm was able to trace three of the clusters to likely customers in Angola, Saudi Arabia and Congo.
https://cyberscoop.com/predator-spyware-resurfaces-with-signs-of-activity-recorded-future-says/?utm_source=dlvr.it&utm_medium=linkedin
David Lanter says
News Article: Leaked Disney data reveals financial and strategy secrets, WSJ reports
Disney suffered a data breach involving over a terabyte of sensitive information, including financial details, employee and customer data, and strategy documents. The leaked data contained personally identifiable information, such as passport numbers and addresses of staff and Disney Cruise Line passengers. Additionally, the breach exposed details about Disney’s revenue, park pricing, and even login credentials for some cloud systems. The hacking group NullBulge released data from Disney’s Slack channels, including 44 million messages. This article highlights the importance of cybersecurity in organizations of all sizes. In relation to class last week this threat can be classified as SC information system [ confidentiality, high, integrity, low, availability, low]. The threat source is adversarial committed by an established hacking group.
Source: https://www.reuters.com/technology/cybersecurity/leaked-disney-data-reveals-financial-strategy-secrets-wsj-reports-2024-09-05/
David Lanter says
This In The News post is from Cyrena N Haynes.
Benjamin Rooks says
Since this week’s theme is risk assessment I thought that it would be a good idea to submit a, slightly outdated, global threat report that I read at the beginning of the year.
https://go.crowdstrike.com/global-threat-report-2024.html?utm_campaign=brand&utm_content=crwd-brand-amer-us-en-psp-x-trl-x-tct-x_x_x_reports-x&utm_medium=sem&utm_source=goog&utm_term=crowdstrike%20annual%20threat%20report&cq_cmp=19616633164&cq_plac=&gad_source=1&gclid=CjwKCAjw3P-2BhAEEiwA3yPhwATQVUZS_Gx4mYEF8rCr54INhrNQ0PkxC05Up5MsMXipoaUm5vop6xoCPjwQAvD_BwE#form
Report Title: Crowdstrike 2024 Global Threat Report.
Synopsis: This is a threat report that Crowdstrike puts out every year in order to analyze the patterns in attacks from the previous year to both explain to investors how they are going to attempt to mitigate those threats going forward as well as informing clients.
Key Takeaways: The main takeaways from the 61 page report are as follows. The trend of state sponsored actors being the most prevalent threats continues. With the advent of better prevention software and response teams, many adversaries are switching to a focus on stealth. They are also focusing on credential capture through social engineering. There is also a continued increase in third party vendors and cloud-native applications becoming a major vector of attack going forward.
Ericberto Mariscal says
Article: Small Firms need to Work Smarter to Stretch Budgets
I found this article relating to the last question of the week regarding small start-ups and how we could create an information risk profile. This article notes how it’s not just financial constraints that limit options in smaller organizations, but the lack of people allocated to the IT department/security team. According to John France, CISO at ISC2 “In Small to Medium-sized Enterprises, 95% have no one, or less than half a person, dedicated to cybersecurity.” The article details how smaller organizations should focus on the basics such as patching as you do not need specific skills. SMEs should look at the tools that they have and see how they map on to their risk profile – products that are not being used can be removed and money saved. Nonetheless, spending money is not always the way to improve security, small organizations can bolster defenses through training, awareness and utilizing free resources. Smaller organizations can use free resources such as suppliers, universities and are able to get government-funded cyber awareness.
Source: https://www.infosecurity-magazine.com/news/infosec-2024-sme-security-budgets/