The 21st century has seen a dramatic increase in the number and sophistication of cybersecurity threats. Here are the 7 biggest threats that businesses and individuals need to be aware of.

Enterprises have benefited from encapsulating applications into lightweight, independent units called microservices. By adopting an architectural pattern of loosely coupled and independently deployed services, microservices can rapidly deliver complex applications at scale without the typical technical debt of legacy applications.

The year 2021 had the dubious distinction of being the most prolific for ransomware on record, and the onslaught didn’t stop in 2022. It’s now estimated that every 14 seconds, a business falls victim to a ransomware attack. Ransomware attacks aren’t just happening more often.

A new adversary simulation tool is steadily growing in the ranks of popularity among red teamers and most recently adversaries. Brute Ratel states on its website that it "is the most advanced Red Team & Adversary Simulation Software in the current C2 Market." Many of these products are marketed to assist blue teams in validating detection, prevention, and gaps of coverage.

RedLine is an infostealer malware discovered in 2020. Often sold in underground forums, it is capable of stealing data such as credit card numbers, passwords, VPN and FTP credentials, gaming accounts, and even data from crypto wallets. In May 2022, Netskope Threat Labs analyzed a RedLine stealer campaign that was using YouTube videos to spread, luring victims into downloading a fake bot to automatically buy Binance NFT Mystery Boxes.

National Cybersecurity Awareness Month (NCSAM), held every October, highlights a key theme each year. For 2022, the theme is: “See Yourself in Cyber.” Cybersecurity is more than a set of principles or tools—people are a major component, helping keep businesses safe by complying with multi-factor authentication, using strong passwords, keeping devices updated with the latest software, not installing unapproved software on devices, and reporting phishing.

Mimikatz provides a variety of ways to , but one of the most alarming is the DCSync command. Using this command, an adversary can simulate the behavior of a domain controller and ask other domain controllers to replicate information — including user password data. In fact, attackers can get any account’s NTLM password hash or even its plaintext password, including the password of the KRBTGT account, which enables them to create Golden Tickets.

The CrowdStrike Falcon Complete™ managed detection and response (MDR) team recently uncovered a creative and opportunistic interpretation of a watering hole attack that leverages GitHub to gain access to victim organizations. In the observed cases, there were no phishing emails, no exploitation of public-facing vulnerabilities, no malvertising and no compromised credentials.