In the realm of cybersecurity, danger hides where we least expect it and threats never, ever, go out of style! Over the past few months, Trustwave SpiderLabs has seen a rising trend in threat actors employing PDF documents to gain initial access through email-borne attacks. Though the use of PDF files as a malicious vector is not a novel approach, it has become more popular as threat actors continue to experiment with techniques to bypass conventional security controls.

The Cybersecurity & Infrastructure Security Agency (CISA) has released its 2024-2026 Cybersecurity Strategic Plan, which the agency says will change the trajectory of our national cybersecurity risk by focusing not just on how to defend but developing metrics to measure progress.

There are few security tasks more important, yet more difficult, to conduct than a vulnerability scanning program. A properly conducted scanning program requires a team of human-led experts with the technology to search for issues that might give a threat actor access to a network. Only the largest organizations with equally large wallets can afford to take on this task, but there is an option.

In this blog post, we will explore how the computer security landscape has expanded to reach below the operating system levels, aiming to address areas that are often overlooked or completely neglected in cybersecurity. Attackers have discovered techniques to establish long-term persistence in compromised hosts by injecting malicious code to run before the operating system loads in areas commonly referred to as Basic Input Output System (BIOS).

QR Codes, the square images that contain coded information that can be scanned by a smartphone, are becoming increasingly popular. With the number of smartphone users reaching 6.92 billion this year, access to the information within these ingenious images is within reach by around 86% of the world’s population. Since most, if not all, of the smartphones today feature QR scanners and for those that don’t come so equipped, free apps can be downloaded to add this functionality.

As the world shifted into remote work and distant learning during the pandemic lockdown, e-commerce accelerated as more consumers turned to online shopping apps and websites. Customers who shop online are familiar with email confirmation for their orders. But what if you receive an email confirmation for something that you never bought? It might be a fake order scam, and they are now being sent through Google Groups.

Anyone who has played a Tower Defense-style game, (Plants Vs. Zombies being a favourite) knows the only way to hold off the hoard of brain-eating zombies is to know your weaknesses before the next wave attacks and to plan accordingly. Oddly, preparing a cybersecurity defense is somewhat similar: the player/organization knows attacks are coming, they have an idea from where and how they will be conducted, and they need to place the proper pieces on the board at the right place to stay safe.

Business Email Compromise (BEC) remains a lucrative threat vector for attackers. The FBI’s IC3 reported that in 2022, they received 21,832 complaints with adjusted losses of over $2.7 billion. When it comes to targeted attacks, threat actor sophistication is evident in their ever-evolving tactics, even as detection capabilities and preventative measures improve. Let’s take a look at the current BEC landscape for the first half of 2023.

Cybersecurity is the pressing concern most organizations face when it comes to securing data, but not every hacker launches an attack from thousands of miles away; sometimes, the threat can walk right in through the front door to gain access to your IT system. Adversaries are not shy about using a more direct approach, which is why an organization should not overlook its physical security plan.

If you're a Microsoft-focused organisation you may be able to leverage the technology you already have to become more secure. Nirvana, for many of the organisations I speak with on a daily basis is to maximise what is already included in their licensing agreement and use the current people already in their IT and security department. This presents a challenge for smaller organisations without the extensive security analyst teams of a big financial institution.