Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

March 2022

SecurityScorecard Analysis of Lapsus$ Threat Group

SecurityScorecard’s CISO Mike Wilkes and Threat Researcher Ryan Slaney discuss their latest insights on the Lapsus$ threat group, the recent Okta breach, and what CISOs should do to protect their organizations. SecurityScorecard is the global leader in cybersecurity ratings and the only service with over 12 million companies continuously rated. The company is headquartered in New York and operates in 64 countries around the globe.

Things to Remember While Scaling Your Business

Here are 2 things that helped us successfully scale SecurityScorecard: Having a customer-first mentality: You need to understand your customers deeply. You need to adopt Amazon’s empty-chair approach where the most important voice is the customers’ voice, not the CEOs’. Beginning with the right foundation: Here’s what most companies get wrong: When they start up and have 10-20 people, they focus on their customers.

Working with At-Risk Businesses: How It Can Dismantle Your Zero Trust Strategy

Nowadays, building a zero-trust network has become a standard protocol in the era of evolving business models, multiple workforce platforms, cloud adoption, and increased device connectivity. But, if a business continues to work with at-risk organizations, the zero-trust policy crumbles. Working with well-secured third parties that uphold a zero-trust strategy is crucial for optimal cybersecurity within any business.

Move aside, Conti, Lapsus$ coming through!

-In the hours after news broke that Lapsus$ claimed to have breached Okta, an enterprise identity and access management firm, SecurityScorecard’s Threat Research and Intelligence team conducted a rapid investigation into Lapsus$ to provide customers and partners with the very latest in actionable security intelligence and insights related to this emerging cybercrime group. -Lapsus$’s targets have quickly evolved from Brazilian and Portuguese organizations to high-profile U.S.

The 3G network shutdown impacts more than just phones

As you have probably heard, 3G is phasing out. On February 22, AT&T shut down its 3G network. T-Mobile Sprint will retire its 3G network next week on March 31, 2022. Verizon, the last of the pack, will retire 3G by the end of 2022. What does this mean for your business and your security? The obvious answer is that older phones should be replaced as soon as possible, but the 3G shutdown’s impact will reach beyond phones, and that reach may affect your organization’s security.

What Sets SecurityScorecard Apart!

According to Forrester and Gartner, we are the leader in the security rating space. 3 reasons why: Massive data set: We’ve rated 12 million organizations worldwide. If an organization is not on the data set, it takes us just a few minutes to rate it while our competitors take days to do the same. Huge marketplace of applications and services: We have 100s of partners that enrich the value of our platform.

Alleged Okta Breach - What Can You Do?

Early in the morning of March 22nd a threat group known as LAPSUS$ posted screenshots on their Telegram account that allegedly show access to Okta internal systems such as Slack, Cloudflare, Jira, Salesforce and other “Okta cards.” Okta’s CEO Todd McKinnon apparently confirmed an event in January in a tweet:: “In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors.

How to Prevent Whaling Attacks: A Complete Guide

Senior-level executives handle sensitive data and information daily – making them an enticing target for cybercriminals. One of the most complex schemes to date is the whaling attack, in which hackers impersonate high-ranking employees to gain access to computer systems and networks. Whaling attacks have seen a dramatic 131% increase between Q1 2020 and Q1 2021, costing enterprises around $1.8 billion in damages.

What Are Attack Surfaces and How to Protect Them

Attack surfaces are the different endpoints, subsidiaries, business units, and devices that a hacker could go after. For example: We have a client who had a Japanese subsidiary that spun up a server for QA testing. They used it for a couple of years and then forgot about it and stopped maintaining it. But the server was still there. And the attackers found it and tried to use it to break into the client’s infrastructure.

Banish Shadow IT With Digital Footprint

It’s out there. In the deep, dark corners of your IT estate, it’s been hiding. Maybe it’s that “killer app” one of the department heads brought back from a trade show. Or maybe it’s that campaign microsite that marketing had a contractor develop for a “skunkworks” launch. Shadow IT is more than an asset management problem. It’s a security problem because you can’t secure what you can’t see.

This Is the Reason Behind 70% Of Data Breaches

70% of the data breaches involve the negligence of a 3rd party. Let’s understand this with Target’s classic example. In 2013, they were using a contractor, Fazio, to do maintenance of their air conditioning systems. The hackers got into the Fazio systems and used it as a jumping pod to infiltrate and hack into Target’s infrastructure. Big companies like Audi and Volkswagen have also suffered such cyberattacks due to 3rd party negligence.

SecurityScorecard Discovers new botnet, 'Zhadnost,' responsible for Ukraine DDoS attacks

SecurityScorecard (SSC) has identified three separate DDoS attacks which all targeted Ukrainian government and financial websites leading up to and during Russia’s invasion of Ukraine. Details of these DDoS attacks have not yet been publicly identified.

Understanding the Basics of Cyber Insurance: What You Need to Know

Data breaches and cybercrime are all too common. And in recent years, ransomware attacks have caused many organizations to face hefty extortion payments, legal fees, and reputational damage – not to mention the major headache that comes with each. Cyber insurance has become a powerful tool in the world of cyberattacks to help protect organizations from the implications of a ransomware attack, but many don’t understand what a cyber insurance policy actually covers.

Breach Costs - Millions of Lost Revenue

At the end of 2021, Capital One agreed to pay a settlement of $190 million to 98 million customers whose personal data was stolen in a 2019 data breach. Similar class-action lawsuits were filed in 2021 against T-Mobile, Shopify, and Ledger. When it comes to the cost of breaches, however, those are just the legal fees. Every year, businesses lose millions of dollars in revenue to cyberattacks and data breaches.

Gain a full view of your vendor ecosystem with Automatic Vendor Detection

SecurityScorecard is the global leader in cybersecurity ratings, empowering you with trusted data and the confidence to make smarter and faster decisions. Security ratings give you an outside-in view of the cybersecurity posture of any organization in the world across ten key risk factor groups. Our Automatic Vendor Detection (AVD) instantly gives you a view of your entire third and fourth-party ecosystem, enabling you to visualize and take proactive steps to mitigate risk.

What is Cyber Hygiene? Definition, Benefits, & Best Practices

You’ve likely been practicing good personal hygiene since childhood, but have you heard of cyber hygiene? Similar to personal hygiene practices which maintain good health and well-being, cyber hygiene practices maintain the health and well-being of your sensitive data and connected devices. This blog will define cyber hygiene, discuss the importance of maintaining cyber hygiene and explore best practices for ensuring cybersecurity.