The United States, is a prime target for cyber attacks. The U.S. retail sector, which holds nearly one-third of the global market share, has seen a significant rise in ransomware incidents, accounting for 45% of global retail ransomware cases in the past three quarters—a 9% increase from 2023. New groups like Ransomhub and Hunters have emerged and supply chain threats have increased. Social engineering tactics are on the rise, with attackers impersonating IT personnel.

In this blog we will cover what we know about the Finastra breach, what we know about who might have been compromised and an analysis of the validity of the Threat Actor abyss0.

The Akira ransomware group has been active since March 2023, targeting diverse industries across North America, the UK, and Australia. Operating as a Ransomware-as-a-Service (RaaS) model, Akira employs a double-extortion strategy by stealing sensitive data before encrypting it. According to their leak site, the group claims to have compromised over 350 organizations.

The National Institute of Standards and Technology (NIST) has released version 2.0 of its Cyber security Framework (CSF), significantly elevating cyber security guidelines. This update brings in major changes that will affect several actors like Chief Information Security Officers (CISOs), Managed Security Service Providers (MSSPs), and individual users, among others.

Hacktivism – the practice of carrying out cyberattacks to advance political or social goals – is not new. Hacktivist attacks go as far back as the 1980s. Yet today’s hacktivists often look and operate in ways that are markedly different from their predecessors. They’ve embraced new techniques, they often have more resources at their disposal and they can prove more challenging to stop.

The typical Security Operations Center (SOC) faces a wide variety of responsibilities. In addition to monitoring internal systems for signs of threats and breaches, modern SOCs are tasked with managing external risks through practices such as: Each of these practices addresses different types of risks, and it would be wrong to say that any one practice is fundamentally more important than the others.