Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Arctic Wolf and SC Media surveyed an audience of more than 500 North American IT security professionals in the fall of 2023 and discovered that, among those who currently have cyber insurance policies, 47% of them have had coverage for 12 months or less. A significant increase among the insured reflects the kind of growth one might expect from an industry that has seen monumental change in just a few short years.

The past few years have been hard on cybersecurity professionals. An onslaught of new attack innovations and evolutions have raised the risk — and the costs — of an attack. More organizations than ever before are attempting to transfer a portion of that risk through cyber insurance. However, cyber insurance policies, once easy to get and robust in coverage, have become challenging to obtain, difficult to maintain, and costly to keep.

As the goals of securing as much ransom money and sowing as much discord as possible continues to grow, one of the most preferred methods threat actors have to accomplish these goals is to target the supply chain.

Endpoints are critical to the success of cyber attacks. While the definition what an endpoint is, exactly, has shifted over time, the threat has remained the same: Threat actors need a device to spread malware, encrypt assets, and harvest application credentials — they need an endpoint.

On February 20, 2024, we published a security bulletin detailing newly disclosed authentication bypass and path traversal vulnerabilities in ConnectWise ScreenConnect. Shortly after the bulletin was sent, ConnectWise updated their security bulletin with IOCs from observed active exploitation of these vulnerabilities. On February 21, 2024, the vulnerabilities were assigned the following CVE numbers.

On February 20, 2024, the National Crime Agency (NCA) of Britain and the Federal Bureau of Investigation (FBI) announced the successful disruption of the Lockbit ransomware gang, marking a significant milestone in the fight against cybercrime. This operation, known as Operation Cronos, was a collaborative effort involving law enforcement agencies from the UK, the US, and several other countries, with support from private sector partners.

As cybercrime evolves, one avenue for attack has risen to prominence across the world: Ransomware. According to Arctic Wolf’s State of Cybersecurity 2023 Trends Report, 48% of organizations view ransomware as the top attack vector concern. A concern comes with just cause, as the Arctic Wolf Labs 2024 Threats Report showed 48.6% of incidents investigated by Arctic Wolf were ransomware attacks.

On February 13, 2024, Microsoft published their February 2024 security update with patches for 73 vulnerabilities. Among these vulnerabilities, Arctic Wolf has highlighted 5 vulnerabilities in this bulletin that were categorized as critical or zero-day vulnerabilities. Two of these vulnerabilities have been reported to be exploited in the wild.

On February 19, 2024, ConnectWise published a security bulletin detailing two critical vulnerabilities within their on-premises ScreenConnect software. At the time of writing, these vulnerabilities do not have CVE numbers assigned to them. ConnectWise has stated that the vulnerabilities have the potential to result in remote code execution (RCE). Vulnerability #1 (CVSS: 10): Allows a threat actor to achieve authentication bypass by leveraging an alternate path/channel.