This weeks' briefing covers.

Bharath Kashyap helped create a lightweight, programmatic approach to performing a maturity assessment using free MITRE tools (like ATT&CK framework, D3FEND, and MITRE Centre for Threat Informed Defense (CTID)) to provide a starting point for you to understand your organization’s coverage against the framework, identify areas for improvement and prioritize them for implementation. In this video, Bharath walks through a few ways to make the assessment tool work for your organization.

This weeks' briefing covers.

Throughout Q2 and Q3 2023, we observed an increased use of the malicious “SYSTEMBC” tool to maintain access in a compromised network. In this video, Kroll Threat Intelligence expert, Dave Truman, provides an initial walkthrough of our research into SYSTEMBC, focusing in its C2 server.

This weeks' briefing covers: Dive deeper: Additional Resources: July 11 2023 Cyber Threat Intelligence Briefing: July 10 2023 Cyber Threat Intelligence Briefing.

Kroll actively tracks malware command and control infrastructure, submissions to public sandboxes and active incident response (IR) and managed detection and response (MDR) case data to generate lists of the most active malware strains for comparison.

“In Q3, we did see an uptick in incidents impacting the manufacturing and construction sector largely led by business email compromise (BEC) or email compromise attacks. One of the reasons for this uptick in BEC attacks has to do with the reliance on third parties and suppliers.” – Laurie Iacono.

“From using QR codes in emails to sharing links via Microsoft Teams, threat actors are evolving their methodology to manipulate humans to click on the bait. This is not phishing through email; it's phishing through an instant messaging platform.” – Laurie Iacono.

In Q2 2023, Kroll reported a notable shift towards increased supply chain risk, largely driven by the CLOP ransomware gang’s exploitation of the MOVEit transfer vulnerability. The MOVEit exploitation rendered even organizations with mature cybersecurity controls helpless and vulnerable to financial and reputational damage. Only a handful were able to detect the exfiltration, and even fewer could handle the consequences once a trusted partner fell victim.

Watch Kroll expert Rahul Raghavan (Senior Vice President, Cyber Risk) highlight how organizations can scale their application security assessments with agile penetration testing. In this webinar, Rahul discusses how CISOs, CTOs, product engineers and security leaders can elevate their security posture by integrating effective security testing within the agile development process. Key sections.