RedTail is a sophisticated malware designed for unauthorized cryptocurrency mining with a focus on Monero. It was first identified in January 2024, but it has been circulating since at least December 2023. Its latest iterations show improvements in evasion and persistence mechanisms, underscoring the significant expertise and resources driving its development.

Ten years ago, the National Institute of Standards and Technology (NIST) released the Cybersecurity Framework (CSF) 1.0 following an Executive Order from President Obama to help companies and governments facing cybersecurity attacks. In 2014, data breaches were escalating. Major Fortune 500 companies and household names, such as Target, Yahoo, 7-11, Visa, and more, experienced heaps of customer data theft, online fraud and attacks from malware.

The Digital Operational Resilience Act (DORA) is a robust cybersecurity regulation in the European Union (EU) taking effect next year. It is designed to help protect against evolving digital threats to financial systems. Like GDPR, the scope of DORA isn’t only limited to financial services companies and banks. Service providers in Information, Communications and Technology (ICT) and third-party vendors are also on the hook. If you haven’t been preparing, the time to be is now.

As cyber threats continuously evolve, hackers are refining their attack tactics and the frequency of assaults. Over the past several years, 63% of Security Operations Center (SOC) analysts report the size of their attack surface has increased, according to Security Magazine. Similarly, our 2023 Threat Roundup research discovered the enterprise is experiencing 13 attacks every second.

For security professionals and CISOs, reading about operational technology (OT) security risk feels like nothing new. We know a lot of OT is insecure by design. Despite advisory warnings and perceptions around operational security air gaps, industrial control systems (ICS) and Supervisory Control and Data Acquisition (SCADA) are being targeted more frequently via digital assets on the network. Vulnerabilities in OT systems are not brand new.

By 2028, connected Internet of Things (IoT) devices will expand to over 25 billion. Yet, today’s connected devices are raising the stakes for assessing risk and managing cybersecurity. They have significantly expanded the attack surface creating new challenges and vulnerabilities. The need for accurate, rapid information from systems across every industry is essential for business operations.

On May 9, the North American Electric Reliability Corporation (NERC) officially adopted new Critical Infrastructure Protection (CIP) requirements for Internal Network Security Monitoring (INSM). This is one of the last steps before Federal regulators make it an official standard for utilities and the electrical power grid industry. What does it mean? Compliance for CIP-015-1 is coming to your utility. Utilities will need monitoring tools with deep and wide asset intelligence and network control.

The security of embedded devices is in the news over the last few years, especially IoT assets and OT systems. From connected medical devices to industrial control systems to smartwatches and building automation, connected IoT devices will expand to over 25 billion by 2028.

Here is the story of how we caught a ransomware attack in our research honeypot. Ransomware attacks on enterprise organizations lead the news. See Change Healthcare and Ascension. Attackers spend their time on the victim’s network, exfiltrate gigabytes of sensitive data, then lock victim’s systems — and ask for millions of dollars in ransom payment. We also hear news about how AI is used maliciously.

As the full scope of the Change Healthcare cyber attack and ransomware story unfolds, a new leading gang has emerged known as ‘RansomHub’. This ‘new’ group has been claiming more victims since the massive February ransomware and data breach attack. On April 8, Forescout Research – Vedere Labs obtained samples used by RansomHub affiliates in a separate incident.