No single organization is prepared to stop an attack from a nation-state Not so long ago, I woke up every morning focused on one thing: finding and exploiting vulnerabilities. During my 10 years working for the U.S. National Security Agency (NSA), my single objective was to identify and exploit networks to collect foreign intelligence. I was fortunate to work alongside the world’s best professional vulnerability and exploit developers. My time serving my government was formative and humbling.

Insights from the 2022 Results That Matter study “88% of boards regard cybersecurity as a business risk rather than solely a technical IT problem.”1 Regardless of geography, industry, sector, or use cases, most would agree that reducing risk is a top priority for their organization. Whether it’s decreasing phishing scams, ransomware, and malware attacks or reducing the risk of customer churn due to breaches, security is everyone’s concern.

Elastic Security has long been open — with open source roots, open development, and the release of our SIEM in 2019. In 2020, we further embraced the openness of Elastic and released our open detection-rules repo to collaborate with our users and be transparent about how we protect customers. That repo is focused on our SIEM and Security Analytics use cases and did not yet include Elastic Endpoint Security artifacts.

On July 27, 2022, Microsoft Threat Intelligence Center (MSTIC) disclosed a private-sector offensive actor (PSOA) that is using 0-day exploits in targeted attacks against European and Central American victims. MSTIC and others are tracking this activity group as KNOTWEED. PSOAs sell hacking tools, malware, exploits, and services. KNOTWEED is produced by the PSOA named DSIRF.

When the average organization experiences 26 cyber attacks per year, being prepared for the aftermath of a breach is just as important as prevention.

As financial institutions migrate to modern infrastructure and cloud services, bad actors have extended their skills and capabilities to achieve their missions. This is compounded by the fact that financial and payment vehicles continue to go virtual. Even the slightest breach can result in fines and reputational harm. Many financial institutions are successfully taking a risk-based approach to cybersecurity, according to our recent co-sponsored study with ThoughtLab.

Retailers are facing a more challenging cybersecurity environment than ever, according to a new study, Cybersecurity solutions for a riskier world. With physical and digital worlds colliding, greater levels of regulation, and more savvy cybercriminals, executives agree that we have entered a new era of cyber risk. In fact, 30% of retailers say they are not prepared for the threats ahead. In response to these changes, the role of the retail CISO is expanding.

Cyber attacks on corporate networks were up 50% in 2021, and it’s expected that 2022 will see more of the same. Elastic Endpoint Security includes a variety of protection layers to ensure maximum coverage against different types of malware. There have been a few examples recently of the need for fast, accurate updates of user environments in order to protect against the latest malware.

Using the NIST framework, ThoughtLab recently concluded a cybersecurity benchmark study that spanned across industries, including telecommunications. There is an urgent call to action for organizations to think and implement cybersecurity processes and technologies more strategically. The study shed some positive light for telecom companies as compared to peer industries.

On May 27, 2022, the nao_sec independent security research group shared a VirusTotal link to a weaponized Microsoft Office document revealing a previously unknown vulnerability in the Microsoft Support Diagnostic Tool (MSDT). This vulnerability is most likely to be exploited via phishing lure attachments and is triggered when a document is opened.