What is Adversarial Simulation?
We’re transforming adversarial simulation by extending the limited, short-term scope of conventional consultancy exercises.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
OSINT-backed Supply Chain Assessments
You’ve probably encountered them. Self-reported ‘supplier security assessments’ – documents where fact and fiction can easily overlap if the requisite information cannot be readily validated. In reality, supplier questionnaires do offer an (albeit limited) indication of an organisation’s level of cyber maturity and are a necessary process.
Preparing for DORA
A number of JUMPSEC clients have expressed a degree of confusion about their preparedness for the new Digital Organisational Resilience Act (DORA). Enacted in December 2022, DORA has mandated regulations for financial sector organisations and their critical third-parties.
JUMPSEC team inspires local primary school children to consider a future career in cyber-security
Acton-based cyber security company, JUMPSEC, recently visited a local primary school to share how its team protects some of the world's biggest brands from hackers, malware, and other cyber-attacks. As Ealing Borough's security partner, JUMPSEC has teamed up with the council to collaborate and deliver social value to the community. This kicked off on Friday 22nd of September, at Dairy Meadow Primary School in Southall as part of its first careers event of the academic year.
JUMPSEC research reveals ransomware attacks rising again
In the first half of 2023, UK ransomware attacks rose by 87% and by 37% globally. UK is the most targeted country outside the US and 20% of European ransomware attacks occur there. There has been increased exploitation of the financial services, insurance and IT sectors.
Compound Extortion: UnSafeLeaks
Among the range of data leak sites monitored by JUMPSEC, our attention has been drawn to a recent variant called “UnSafeLeaks”, due to its distinctively malicious and personalised approach, setting it apart from typical leak sites that focus primarily on explicit financial extortion. Perhaps more remarkably, a number of targeted organisations also appear to have previously been compromised by closely affiliated groups, suggesting the potential re-extortion of victim organisations.
The under-appreciated value of Purple Teaming
Having recently finished an extensive and eye-opening purple team engagement, I took some time to reflect on the sheer amount of ground that we had covered in just 6 short weeks.
Ransomware trends: the European transport sector
As Aviation, Maritime, Rail and Road transport organisations are reportedly experiencing increased levels of ransomware activity across Europe as per ENISA’s recent report, JUMPSEC analysts have combined the findings with JUMPSEC’s attacker reported data scraped from a variety of sources (including the dark web) providing further context to the risks currently posed to European transport organisations.
Microsoft Direct Send - Phishing Abuse Primitive
This vector abuses Microsoft Direct Send service in order to propagate phishing emails from an external sender to an internal user, whilst spoofing the properties of a valid internal user. This “feature” has existed since before 2016. However, threat intelligence available to JUMPSEC has only observed it being abused recently.
Revisiting the Detection and Response Gap
Matt Lawrence, Head of Defensive Security, and Dan Green, Head of Solutions, write about why compromise is inevitable – and the practical steps that organisations can take to build a security operating model capable of weathering the storm of cyber threats today.