April 2020, Zoom was booming. The start of the COVID pandemic forced employees to work from home, meetings in person migrated to a videoconferencing model, and Zoom was the preferred tool. The massive and fast growth led into an opportunity for attackers. A vulnerability in Zoom could allow an attacker to steal a user’s Windows credentials, as long as the target user would click on a link provided through a Zoom session. The question was then how to get into those private sessions.

Threat actors are continuously honing their skills to find new ways to penetrate networks, disrupt business-critical systems and steal confidential data. In the early days of the internet, adversaries used file-based malware to carry out attacks, and it was relatively easy to stop them with signature-based defenses. Modern threat actors have a much wider variety of tactics, techniques and procedures (TTPs) at their disposal.

Endpoint devices played a big part in malware and ransomware attacks in 2021. According to a study covered by Help Net Security, security researchers detected more malware and ransomware endpoint infections in the first nine months of the year than they did for all of 2020. Attack scripts leveraging PowerSploit, Cobalt Strike, and other tools were particularly prevalent in that nine-month period, having grown 10% over the previous year after having already climbed 666% compared to 2019.

In today's ecosystems, a single enterprise can operate multiple internal networks, remote offices with their own local infrastructure, remote and/or mobile individuals and Cloud services. According to the study published by NIST, this level of complexity is too much for legacy network security models that are based on the location of the company infrastructure and there isn’t a single, easily identifiable perimeter for all elements.

Implementing robust defense strategies helps to mitigate the risk of cyberthreats in the early stages of an attack. Threat hunting, as part of this strategy, enables organizations to find those unknown threats that manage to bypass technology-based controls by detecting abnormal behaviors. With a number of challenges associated with executing a defense approach, how are IT leaders approaching this problem? Pulse and WatchGuard surveyed 100 IT leaders to find out.

Working closely with the FBI, CISA, DOJ, and UK NCSC1, WatchGuard has investigated and developed a remediation for Cyclops Blink, a sophisticated state-sponsored botnet, that may have affected a limited number of WatchGuard firewall appliances. WatchGuard customers and partners can eliminate the potential threat posed by malicious activity from the botnet by immediately enacting WatchGuard’s 4-Step Cyclops Blink Diagnosis and Remediation Plan.

There are tens of thousands of clandestine pages and forums on the dark web that are not indexed by search engines, so they remain hidden unless the user knows the address in advance. This includes discussion forums where techniques or tools are shared with which cyberattacks can then be launched, but these sites also serve as a black market for buying and selling illicitly obtained data.