There was some good news on the cybersecurity front in August, starting with a joint effort by U.S. and European authorities that broke up a far-reaching network of compromised computers used in attacks on healthcare organizations around the world. The takedown also netted more than $8 million in illicit cryptocurrency from Russian-affiliated hacking groups.

Earlier this year, analysts in the AT&T Cybersecurity Managed Threat Detection and Response (MTDR) security operations center (SOC) were alerted to a potential ransomware attack on a large municipal customer. The attack, which was subsequently found to have been carried out by members of the Royal ransomware group, affected several departments and temporarily disrupted critical communications and IT systems.

In this blog post, we will take a comprehensive dive into a real-world cyber attack that reverberated across the digital realm – SCARLETEEL. Through an in-depth analysis of this notorious incident using the MITRE ATT&CK framework, we aim to unearth invaluable insights into the operational tactics of cyber adversaries.

Discover insights from Sophos' 2023 Active Adversary Report. Credential leaks are now the leading way in for attackers and dwell times are getting shorter.

Just last week the UK’s NCSC issued a warning, stating that it sees alarming potential for so-called prompt injection attacks, driven by the large language models that power AI. The NSCS stated “Amongst the understandable excitement around LLMs, the global tech community still doesn‘t yet fully understand LLM’s capabilities, weaknesses, and (crucially) vulnerabilities.

Security Operations teams are the cornerstone of the fight against last-mile cybercrime in any organization. This is why they need the most advanced technologies possible.But the fight against cybercriminals isn’t simply a question of technology. Having a proactive attitude against possible cyberattacks is also key. This is where we see two essential concepts for all Security Operations teams: IoCs (indicators of compromise) and IoAs (indicators of attack). What is the difference?

Software supply chain attacks, or digital supply chain attacks, have become increasingly prevalent over the last couple of years. According to a study by KPMG, 73% of organizations have experienced at least one significant disruption from a third-party in the last three years. What’s the best way to protect against potential software supply chain attacks? To get the answer, let’s define what those attacks are, how they happen, and how you can defend against them.

Arguably, the most used device by an organization’s employees is their smartphone. Ensuring that anyone, from the CEO to a newcomer being onboarded, knows how to keep this device safe should be paramount. Why? Globally, more than 2 million attacks on mobile devices are reported each month, according to Statista. While the number of attacks has dropped precipitously from its peak of 6.5 million in October 2020, it is still dangerously high and a favorite threat actor attack vector.