On July 27, 2022, Microsoft Threat Intelligence Center (MSTIC) disclosed a private-sector offensive actor (PSOA) that is using 0-day exploits in targeted attacks against European and Central American victims. MSTIC and others are tracking this activity group as KNOTWEED. PSOAs sell hacking tools, malware, exploits, and services. KNOTWEED is produced by the PSOA named DSIRF.

When the average organization experiences 26 cyber attacks per year, being prepared for the aftermath of a breach is just as important as prevention.

As financial institutions migrate to modern infrastructure and cloud services, bad actors have extended their skills and capabilities to achieve their missions. This is compounded by the fact that financial and payment vehicles continue to go virtual. Even the slightest breach can result in fines and reputational harm. Many financial institutions are successfully taking a risk-based approach to cybersecurity, according to our recent co-sponsored study with ThoughtLab.

Retailers are facing a more challenging cybersecurity environment than ever, according to a new study, Cybersecurity solutions for a riskier world. With physical and digital worlds colliding, greater levels of regulation, and more savvy cybercriminals, executives agree that we have entered a new era of cyber risk. In fact, 30% of retailers say they are not prepared for the threats ahead. In response to these changes, the role of the retail CISO is expanding.

Cyber attacks on corporate networks were up 50% in 2021, and it’s expected that 2022 will see more of the same. Elastic Endpoint Security includes a variety of protection layers to ensure maximum coverage against different types of malware. There have been a few examples recently of the need for fast, accurate updates of user environments in order to protect against the latest malware.

Using the NIST framework, ThoughtLab recently concluded a cybersecurity benchmark study that spanned across industries, including telecommunications. There is an urgent call to action for organizations to think and implement cybersecurity processes and technologies more strategically. The study shed some positive light for telecom companies as compared to peer industries.

On May 27, 2022, the nao_sec independent security research group shared a VirusTotal link to a weaponized Microsoft Office document revealing a previously unknown vulnerability in the Microsoft Support Diagnostic Tool (MSDT). This vulnerability is most likely to be exploited via phishing lure attachments and is triggered when a document is opened.

ThoughtLab’s newly released cybersecurity benchmark study revealed that cybersecurity is at a critical inflection point across industries.

Threats knock on your door all the time. In this research piece, we explore BPFDoor — a backdoor payload specifically crafted for Linux in order to gain re-entry into a previously or actively compromised target environment. This payload has been observed across systems for five years, suggesting that the threat actors responsible for operating the malware have been around for some time and have likely operated undetected in many environments.