Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Over the past few years, ransomware attack rates and ransom amounts have climbed so significantly that the cyber attack has broken out of the IT and security community to capture headlines around the world. In early May 2021, a suspected Russian hacking group took Colonial Pipeline — which provides 45% of the East Coast’s supply of gasoline, diesel fuel, and jet fuel — offline for more than three days in an attack that made ransomware a household word.

On July 24, 2024, Progress published a knowledge base article disclosing a critical vulnerability (CVE-2024-6327) impacting Telerik Report Server, a product by Progress designed for streamlined report management within organizations. This vulnerability can lead to remote code execution (RCE) due to the deserialization of untrusted data. Arctic Wolf has not identified a publicly accessible proof of concept (PoC) exploit or active exploitation of this vulnerability. However, most notably.

Financial service organizations face a growing challenge. Their customers expect 24×7 access and self-service convenience, meaning these organizations must move to the cloud and embrace new technologies. However, those moves also expand their attack surface, increase cyber risk, and make achieving and maintaining compliance more challenging.

Back in 2013, Gartner’s Anton Chuvakin set out to name a new set of security solutions to detect suspicious activity on endpoints. After what he called, “a long agonizing process that involved plenty of conversations with vendors, enterprises, and other analysts,” Chuvakin came up with this phrase: endpoint threat detection and response.

Security operations solutions are essential to stopping today’s cyber threats.

On July 17, 2024, Cisco publicly disclosed critical vulnerabilities in Cisco Secure Email Gateway (SEG) and Cisco Smart Software Manager On-Prem (SSM), identified as CVE-2024-20401 and CVE-2024-20419 respectively. Both of these vulnerabilities may allow for unauthenticated administrative actions to be taken by threat actors when exploited.

Beginning in early July 2024, Arctic Wolf responded to multiple SocGholish/FakeUpdate intrusions that resulted in a seemingly benign payload being delivered as a second-stage download. The zip file payload contained software from the Berkeley Open Infrastructure for Network Computing (BOINC) project, open-source software that allows users to contribute computing power to scientific research projects focused on solving complex calculations.

Recent research by Arctic Wolf has revealed that, within the last 12 months, 48% of organizations identified evidence of a successful breach within their environment. As The State of Cybersecurity: 2024 Trends Report highlights, “To fully understand the gravity of this statistic, it is important to understand that, although 48% of these environments found evidence of a data breach, that does not inversely mean that 52% of organizations did not suffer a breach.”

Our team at Arctic Wolf has been following the CrowdStrike issue affecting Windows endpoints since approximately 12 AM EST on July 19th, 2024. Although Arctic Wolf’s service is not impacted, some of our customers who leverage CrowdStrike for endpoint security are experiencing widespread outages. Arctic Wolf continues to protect and monitor these customers’ environments while they focus their attention on recovering from this event.

Cyber threats are increasing and, unfortunately, local and state government entities have become top targets. In 2023, the FBI reported that government entities were the third most-targeted sector by ransomware, and Arctic Wolf’s own research saw the average ransom for government organizations top $1 million USD. And that’s just one kind of cyber attack.