In this blog post, we will take a comprehensive dive into a real-world cyber attack that reverberated across the digital realm – SCARLETEEL. Through an in-depth analysis of this notorious incident using the MITRE ATT&CK framework, we aim to unearth invaluable insights into the operational tactics of cyber adversaries.

Discover insights from Sophos' 2023 Active Adversary Report. Credential leaks are now the leading way in for attackers and dwell times are getting shorter.

Just last week the UK’s NCSC issued a warning, stating that it sees alarming potential for so-called prompt injection attacks, driven by the large language models that power AI. The NSCS stated “Amongst the understandable excitement around LLMs, the global tech community still doesn‘t yet fully understand LLM’s capabilities, weaknesses, and (crucially) vulnerabilities.

Security Operations teams are the cornerstone of the fight against last-mile cybercrime in any organization. This is why they need the most advanced technologies possible.But the fight against cybercriminals isn’t simply a question of technology. Having a proactive attitude against possible cyberattacks is also key. This is where we see two essential concepts for all Security Operations teams: IoCs (indicators of compromise) and IoAs (indicators of attack). What is the difference?

Software supply chain attacks, or digital supply chain attacks, have become increasingly prevalent over the last couple of years. According to a study by KPMG, 73% of organizations have experienced at least one significant disruption from a third-party in the last three years. What’s the best way to protect against potential software supply chain attacks? To get the answer, let’s define what those attacks are, how they happen, and how you can defend against them.

Arguably, the most used device by an organization’s employees is their smartphone. Ensuring that anyone, from the CEO to a newcomer being onboarded, knows how to keep this device safe should be paramount. Why? Globally, more than 2 million attacks on mobile devices are reported each month, according to Statista. While the number of attacks has dropped precipitously from its peak of 6.5 million in October 2020, it is still dangerously high and a favorite threat actor attack vector.

New data shows a massive uptick in attacks across all industries, but a particularly worrisome growth in interest in targeting the public sector – and the indicators of who’s responsible may surprise you.

While spam tends to be dismissed as being more an annoyance, new research shows that there is a very real and ever-present threat in emails that are marked as “spam”. I’ve written plenty about phishing attacks that target bank customers. It’s nothing new. What’s interesting is a recent article by security researchers at BitDefender where banking-related phishing attacks are considered spam.

Financial services institutions (FSIs) have become an increasingly common target for malicious actors. According to Boston Consulting Group, FSIs are 300 times more likely to face cyber attacks than other sectors, and the 2022 VansonBourne report noted that 94% of the FSIs it surveyed experienced a cyber attack in the last 12 months.