Over the last month there have been some updates about the mysterious 7777 botnet—which was first mentioned in this post in October 2023. Until now, it was known that the botnet was made up of TP-LINK routers and that it was being used to execute very low volume and controlled brute force attacks on Microsoft 365 services targeting corporate accounts. In our continuous efforts to have all sorts of malware families under our radar, the 7777 botnet is no exception.

Supply chain resilience has never been more critical. Recent cyber outages have underscored a harsh reality—supply chains are vulnerable, and disruptions can have far-reaching impacts. But what does it mean to be supply chain resilient, especially in the context of cyber threats? In this post, we will explore lessons learned from recent cyber outages, offering actionable insights for enhancing supply chain resilience.

Estimating the potential impact of a successful cyber attack may seem impossible, especially given the rapid expansion of organizations’ digital footprint (and, consequently, their attack surface). One example are attacks which pertain to the contact points between businesses and clients, such as websites and mobile apps. In particular, these assets can be cloned and used for phishing attacks.

The first Network and Information Systems (NIS) Directive, introduced in 2016, was a key regulation that enhanced the EU’s cybersecurity posture, laying the foundation for protecting critical infrastructure and essential services from cyber threats. However, as cyber threats have evolved, so too must the regulations that protect against them. Enter NIS2—an updated and more comprehensive directive designed to address the gaps and limitations of its predecessor.

The Network and Information Systems Directive 2 (NIS 2) is a cornerstone of European cybersecurity regulation, imposing stringent requirements on critical infrastructure sectors. To ensure their resilience, NIS 2 mandates specific cybersecurity risk management measures. Let's break down these ten essential measures and understand their implications.

Cyber Essentials is a UK government-supported certification scheme that helps organizations protect themselves against cyber threats by providing a framework of basic security controls for safeguarding systems. Cyber Essentials Plus builds on this foundation by requiring a more in-depth, hands-on assessment by an independent auditor. This audit not only verifies that essential cybersecurity controls are in place but also ensures they are functioning effectively in practice.

Recognizing the indicators of insider risk before they turn into threats requires a paradigm shift in the way we operate. It necessitates moving from a reactive mode of operation to proactive. And it requires data that is continuously captured and analyzed to enable security teams to easily see patterns and anomalies and gauge the level of risk of specific behaviors.

Businesses are under an ever-increasing pressure to maintain exceptional experiences for their customers, making seamless connectivity across tools a must. This is true for industries like financial services that need to provide enhanced digital payments, or for healthcare organizations that need to share critical data across systems quickly. The need for connected infrastructures has become the norm.

Last month, my colleague Arzu Ozbek Akay shared some insights about the impact that Bitsight Groma, our next-generation scanner, is already having on our products. Today, I’m going to follow that up with an update on the momentum we’re seeing with the second core component of our data engine: Bitsight Graph of Internet Assets (GIA). As a quick refresher, GIA uses advanced graph technology and AI models to map assets to specific organizations and build Ratings Trees at a global scale.