For the first time ever, the U.S. Justice Department announced the existence of an FBI-developed decryption tool that has been used to save hundreds of victim organizations attacked by one of the most prolific ransomware variants in the world. In an announcement made last month, the Justice Department made the world aware of the existence of a decryption tool to be used by those organizations hit by Blackcat – also known as ALPHV or Noberus.

An attack surface is the total number of channels, pathways, or areas that threat actors can utilize to gain unauthorized access to networks. The result is that they can obtain private information or carry out a cyber-attack. An attack surface comprises the organizational assets a threat actor can exploit to gain unauthorized access. Attack surfaces include systems that are directly involved in mission-critical operations, as well as those that provide peripheral services or access to important data.

Cyberattacks continue to be a cause for concern for businesses. Although great strides have been made to combat this issue, the ability of threat actors to adapt, combined with other factors such as the rise in remote working or the increase in the number of devices with Internet access, means that cybercrime persists. According to a study by Cybersecurity Ventures, a cyberattack took place every 39 seconds in 2023, which translates into over 2,200 cases per day.

In the cyber realm, where digital defense and offense is an ongoing game of cat and mouse, one of the most potent weapons in an attacker's arsenal is the web shell. A seemingly innocuous piece of code that, once embedded in a server, allows an attacker to maintain their access and control. The hidden danger of web shells is their stealthiness and versatility, making them a challenging threat to uncover and neutralize.

With over half of organizations being the victim of password-based attacks in the last year, new data sheds light on the risk of phishing attacks and the use of password-based credentials. If you don’t think credentials are a key element in cyber attacks, I refer you back to an article of mine from the middle of last year where 15 billion (with a ‘b’) credentials are on sale on the dark web.

Recent research identifying nearly 100,000 exposed industrial control systems (ICS) around the world should serve as a critical wake-up call to national government policymakers responsible for ensuring national security, public health, and safety within their borders. These systems, fundamental to our critical infrastructure, underpin essential services that sustain modern society… and they should not be publicly exposed on the Internet!

Working from home (WFH) has brought with it advantages such as flexibility and access to global talent, but it has also introduced new security threats to organizations. The shift to a remote or hybrid workforce has forced companies to adopt more software-as-a-service (SaaS) applications, which has caused almost 40% of companies to lose control of their IT and security environments, according to data from a Cloudflare study.

With so much of an attack riding on a cybercriminals ability to gain access to systems, applications and data, experts predict the trend of rising impersonation is only going to get worse.

We live in a highly digitized world, and small businesses and solopreneurs have become prime targets for cybercriminals. The 2023 Business Impact Report, conducted by the Identity Theft Resource Center (ITRC), sheds light on a concerning trend: a sharp rise in cyberattacks on these smaller entities. This annual report reveals that 73% of small business owners and leaders experienced data breaches or cyberattacks in the past year, a significant increase.

With November demonstrating multiple increases when compared to various previous time periods, new data signals that we may be in for a bumpy ride in 2024. It’s nice when we get to see reports that are published relatively quickly to let us get a sense of where cyberattacks are today versus, say, a quarter or two ago (or even last year!). The NCCGroup’s Cyber Threat Intelligence Report was just published and covers ransomware attacks through November of this year.