A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. In an act of ‘revenge’ or retaliation against the unpaid or even unaccredited use of FOSS by commercial entities, one developer did something that has created a large amount of discussion (which is a good thing) but at what cost?

Reuters reported on Friday that the Russian Federal Security Service (FSB) and local police launched a series of raids against members of the REvil/Sodinokibi ransomware gang at the request of the United States. More than a dozen arrests were made with millions in cash and goods being confiscated by authorities. This unprecedented action from the Russian Federal Security Service aligns with the fear that we've observed while conducting cybercriminal chatter reconnaissance on the Dark Web.

Welcome to the first edition in 2022 of our Cloud Threats Memo! One of the key findings of our Cloud and Threat Report – January 2022 is the leadership of Google Drive as the most exploited cloud app for the distribution of malware (and for the record, guess which service ranks at number two—spoiler alert: it is a cloud storage service from Microsoft). Unsurprisingly, this is not the only way in which threat actors can exploit these and other cloud services.

SSH servers are a common target for brute-force attacks. This is even more true if your infrastructure sits behind an SSH bastion because attackers have no choice but to compromise the bastion host either by exploitation or denial of service. In this article, we will list a few controls which will help you harden your SSH servers from brute- force attacks.

Companies are increasingly moving their IT operations to IaaS (infrastructure-as-a-service) solutions. Gartner estimates that by 2022, about 60% of business entities will be leveraging cloud-managed offerings, doubling the recorded use in 2018. Cloud offerings like Amazon Web Services (AWS) are generally secure. But since IaaS uses a shared security model, there's a great chance of data security issues, including cybersecurity and workload concerns.

Data is among the most valuable assets that need to be safeguarded at all costs. But in the digitally-driven business world, cybercrimes are prevalent, making data protection and data privacy a main focal point. The increasing use of technology and the growing exposure to evolving cyber threats have dramatically changed the data security and privacy landscape. For these reasons, international regulatory bodies around the world have created stringent data privacy laws for businesses to meet.

As we enter 2022, it’s important that organizations invest in cybersecurity for their operational technology (OT) systems. Why? One of the reasons is that Industry 4.0 can sometimes introduce more risk for OT. This is evident in several Industry 4.0 market trends. For example, there’s digital twin infrastructure. That’s where you make a digital copy of your production facility or your machine.

Mega-breaches, or reported breach incidents that impact more than one million records, have increased dramatically. Our analysis shows that, on average, mega-breaches increased 36% year over year since 2016. In total, mega-breach incidents that we analyzed cost at minimum a combined $8.8 billion and exposed 51 billion records.

Passwords are dying as a sole security measure, particularly within financial services. It is widely expected (and in the UK, mandatory) that any institution responsible for finances, from banks to brokers and even crypto wallets, should be implementing multi factor authentication (MFA) to prevent fraudsters gaining access to accounts using automated attacks, even if they know the user’s password.

With the recent release of Sysmon (System Monitor) for Linux by Microsoft, new opportunities for monitoring, detection development, and defense are now possible. Sysmon for Windows is a very popular tool among detection developers and blue teamers as it provides extensive details from system activity and windows logs. Due to the extensive information this service/driver provides in Microsoft Windows, it is very useful when researching attacks and replicating malicious payloads on lab machines.