Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Redscan

Kroll named as winner at Computing Security Awards 2022

We were recognised in all four of the categories we were shortlisted in: With penetration testing playing a key role in enabling organisations to understand and significantly reduce their cyber security risk, we are delighted that our CREST-accredited services have again been recognised by customers as a leading solution in the industry.

LOLBins: executing payloads through DNS records

In this blog post, we outline the research our Threat Intelligence team has undertaken into this new attack vector. A new LOLBins tactic for executing payloads through PowerShell was released by Alh4zr3d, a security researcher, on Twitter in September 2022. In the tweet, the security researcher recommended that organisations stay away from IEX and Invoke-WebRequest when using PowerShell commands and, as a substitute, host a text record with their payload on a domain.

Kroll CFO report reveals high cost of business overconfidence around cyber risk

Our new CFO cybersecurity survey, which surveyed 180 CFOs, CEOs and other financial executives worldwide, has highlighted the fact that Chief Financial Officers are very confident in their companies’ abilities to ward off cyber security incidents, despite being underinformed on the cyber risk their businesses face. Almost 87% of the surveyed executives expressed this confidence, yet 61% of them had suffered at least three significant cyber incidents in the previous 18 months.

Top 5 penetration testing methodologies

Penetration testing plays a key role in identifying and addressing vulnerabilities by simulating the behaviour of a potential attacker. A range of penetration testing methodologies have been developed to enable security professionals to achieve this safely and effectively. In this blog post, we discuss the leading pen testing methodologies, what they involve and the aspects they cover.

How to defend against third party cyber-attacks

In this blog post, we discuss the different types of challenges that third party relationships present and outline specific ways to defend against them. Third party risk is created when companies in an organisation’s supply chain have access to its data, systems or privileged information. This can lead to issues such as data breaches, IP theft or other security incidents. Organisations can be held accountable for security breaches even if they originate from a third party.

Q2 2022 Threat Landscape Briefing: Ransomware Returns, Healthcare Hit

In Q2 2022, Kroll observed a 90% increase in attacks against the health care sector in comparison with Q1 2022, making it the most affected sector during this period. While this may signal the official end of the pandemic-era “truce” that many cybercriminals promised at the onset of COVID-19, threat actors are continuing to leverage other hallmarks of the pandemic, such as remote work access, to gain a foothold into victim networks.