Black Arrow Cyber Threat Briefing 13 September 2024

15 Sep

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Trustwave Report Highlights Critical Cyber Threats to Financial Services Sector

Trustwave's latest research highlights significant cyber security challenges for the financial services sector, with ransomware and phishing emerging as major threats. The report found that 49% of attacks on financial institutions originated from phishing, while 24% of ransomware incidents were linked to a single threat actor group. Insider threats also pose a substantial risk, identified as the most costly type of data breach. The US was most affected, with 65% of ransomware attacks targeting its financial services. Trustwave emphasises the need for robust defences against these growing threats that include phishing-as-a-service and insider-driven breaches.

Old Habits, New Threats, Why More Phishing Attacks are Bypassing Technical Controls

Trust in Secure Email Gateways (SEGs) is waning, with 91% of cyber security leaders expressing frustration due to the increasing sophistication of phishing attacks. In the first quarter of 2024, 52% more attacks bypassed SEG detection, exploiting limitations in signature-based and reputation-based technologies. Techniques such as polymorphic attacks, compromised accounts, and social engineering have proven effective at evading legacy systems. With 68% of successful attacks passing all verification checks, experts recommend transitioning to integrated cloud email security solutions using AI and behavioural detection to better counter modern threats.

Prolific Threat Actor Group Scattered Spider Sets Sights on Finance, Insurance Firms’ Cloud Infrastructure

Scattered Spider, a hacking group targeting finance and insurance sectors, has intensified attacks on corporate cloud systems for data exfiltration and extortion, according to SC Media. They exploit exposed cloud access tokens on platforms like GitHub and purchase stolen credentials, focusing on services like Microsoft EntraID, AWS EC-2, and Okta. Smishing (text message) campaigns have also been used to infiltrate these systems, allowing attackers to demand ransoms and resell compromised credentials. Urgent implementation of multi-factor authentication and phishing awareness programmes are recommended, alongside the removal of private access tokens in developers' codes to mitigate risks.

Cyber Criminals Target Smaller Firms as Larger Companies Beef Up Security

Cyber criminals are increasingly targeting small and medium enterprises (SMEs), as larger organisations strengthen their cyber security measures and refuse to pay ransoms. In 2023, SMEs faced a significant rise in attacks where they accounted for nearly half of all incidents. While only 10% of large organisations paid ransoms, 44% of SMEs ended up paying between $25,000 and $100,000. The impact on SMEs, both financially and reputationally, can be devastating, with many struggling to recover from such cyber attacks.

The Rise of Deepfakes Means CEOs Need to Rethink Trust

Kroll’s recent report highlights a sharp rise in social engineering attacks, which have grown from 7% to 20% of all cyber security threats in just two quarters. Alarmingly, 43% of successful cyber attacks are now linked to social engineering, driven by the use of AI technologies like deepfakes. Corporate leaders are particularly vulnerable, with AI models capable of mimicking them using information freely available online. As businesses adjust to this new reality, CEOs must rethink the concept of trust and implement stronger measures to combat AI-enabled impersonation. This is an arms race that no one can avoid being a part of. What we can do is get smart about trust, and the first step to take is building the right context for it.

What now? Ransomware Victim Pays Hacker, but Decryption Key Fails

A security firm recently intervened in a ransomware attack involving the Hazard ransomware, where a company paid the ransom but received a faulty decryptor. A bug in the ransomware’s encryption process caused files to be doubly encrypted, leading to missing bytes necessary for decryption. Despite escalating the issue to the cyber criminals, no working solution was provided. The cyber firm’s researchers eventually resolved the issue using a brute-force method to recover the files. This case highlights the risks of paying ransoms, as unreliable decryptors are not uncommon. Best practices, including robust data backups, remain critical to mitigating ransomware incidents.

UK Regulator to Significantly Reduce Maximum Fraud Losses Banks are Forced to Cover

UK regulators are expected to reduce the proposed fraud reimbursement limit for banks and payment companies from £415,000 to £85,000, following concerns from ministers and fintech firms. The Payment Systems Regulator had initially planned the higher cap, but industry bodies like UK Finance warned it could lead to exploitation and harm smaller firms. In 2023, Britons lost £459 million to authorised push payment (APP) fraud, making the issue critical for consumer protection. A consultation on the lower limit is expected soon, aiming to balance protection for scam victims with industry sustainability.

Enterprise Mobile Devices See Increased Attacks

Lookout’s latest report on the mobile threat landscape reveals a 40% increase in mobile phishing attempts and malicious web attacks targeting enterprises. Over 80,000 malicious apps were detected on enterprise mobile devices, ranging from riskware to sophisticated spyware capable of stealing data and eavesdropping. The most common vulnerabilities are found in mobile browsers, with attackers exploiting unpatched versions. Lookout highlights that mobile device management (MDM) solutions, while essential, should be complemented by mobile threat defence (MTD) solutions to effectively safeguard against phishing and malware, particularly with Android being heavily targeted by spyware, trojans and other malware.

Business Email Compromise Costs $55bn Over a Decade

The FBI has warned organisations about the increasing threat of business email compromise (BEC), a form of social engineering responsible for nearly $55bn in losses globally between October 2013 and December 2023. Over 305,000 incidents were recorded, with scammers impersonating legitimate entities, such as suppliers or executives, to trick victims into transferring large sums. In 2023, BEC scams saw a 9% increase in global losses, often funnelling funds through UK and Hong Kong banks, third-party payment processors, or cryptocurrency exchanges. The FBI urges victims to contact their banks immediately if they detect fraudulent transfers.

Half of IT Decision Makers Have Had to Recover Data from a Backup with a Third Unable to Make Full Recovery

An annual survey of IT security decision makers in the UK found that 50% of respondents had to rely on backups following a cyber attack, with 25% only achieving partial data recovery and 8% failing due to weak backup systems. The findings highlight the need for stronger backup strategies, with 9% of organisations admitting their current systems are insufficient for rapid recovery. However, progress is evident, with automated backups to central and personal repositories rising to 30% in 2024, up from 19% in 2023. The report underscores the importance of robust backup solutions in today’s cyber threat landscape.

Insurers and Asset Managers Continue to Invest in Longer Term Cyber Security Planning: Moody’s

Moody’s recent report highlights that insurers and asset managers have significantly increased their cyber security investments, with spending rising by over 50% between 2019 and 2023 in response to the growing frequency of cyber attacks. The Americas saw the largest increase at 65%, followed by EMEA at 51% and APAC at 48%. Additionally, the share of IT budgets dedicated to cyber risk grew to 8% in 2023, and the number of cyber security employees rose by 23% from 2019 to 2022.

Russia's Top-Secret Military Unit Reportedly Plots Undersea Cable 'Sabotage’

US officials are increasingly concerned about Russia's naval activity near undersea cables, fearing potential sabotage by the General Staff Main Directorate for Deep Sea Research (GUGI). This unit, equipped with surface vessels, submarines, and naval drones, has reportedly been spotted near critical deep-sea infrastructure, raising alarms about the risk to fibre-optic cables that carry over 95% of international data. Sabotaging these cables could severely disrupt global communications. Recent reports also suggest Russian spy ships have been operating in Nordic waters, targeting both submarine cables and wind farms, further highlighting the growing threat.

Think You Could Never Fall Victim to Cyber Crime? Think Again

Bitdefender's 2024 Consumer Cybersecurity Assessment Report reveals that over 75% of individuals don’t believe they are targets for cyber criminals, with 37% convinced they aren't targeted at all. This misconception leaves people more vulnerable to cyber attacks, which can range from phishing and spyware to man-in-the-middle attacks. Hackers don’t just focus on large corporations; anyone can be a target, as personal information like email addresses and dates of birth hold value. Even experienced individuals can fall for scams, proving that everyone must remain vigilant against evolving threats, especially as attacks continue to grow in sophistication and scale.

Sources

https://securitybrief.co.nz/story/trustwave-highlights-critical-cyber-threats-to-financial-services

https://betanews.com/2024/09/06/old-habits-new-threats-why-more-phishing-attacks-are-bypassing-outdated-perimeter-detection/

https://www.msspalert.com/brief/scattered-spider-sets-sights-on-finance-insurance-firms-cloud-infrastructure

https://economictimes.indiatimes.com/tech/technology/cybercriminals-target-smes-as-large-companies-beef-up-security/articleshow/113102946.cms?from=mdr

https://www.forbes.com/sites/alexanderpuutio/2024/09/07/the-rise-of-deepfakes-means-ceos-need-to-rethink-trust/

https://www.techspot.com/news/104700-ransomware-victim-paid-hacker-but-decryption-failed.html

https://www.ft.com/content/69611fac-03a2-4731-b12e-bf1583219270

https://betanews.com/2024/09/10/enterprise-mobile-devices-see-increased-attacks/

https://www.infosecurity-magazine.com/news/business-email-compromise-55bn/

https://itsecuritywire.com/news/half-of-it-decision-makers-have-had-to-recover-data-from-a-backup-with-a-third-unable-to-make-full-recovery/

https://www.reinsurancene.ws/insurers-and-asset-managers-continue-to-invest-in-longer-term-cybersecurity-planning-moodys/

https://www.theregister.com/2024/09/09/russia_readies_submarine_cable_sabotage/

https://www.makeuseof.com/how-everyone-is-potential-cybercrime-victim/

Governance, Risk and Compliance

Cybercriminals target SMEs as large companies beef up security - The Economic Times (indiatimes.com)

Insurers and asset managers continue to invest in longer term cybersecurity planning: Moody's - Reinsurance News

Underinvestment blamed for IT security compliance failures - Data Centre & Network News (dcnnmagazine.com)

Businesses' preparedness against cyber threats beginning to shrink: Beazley - Reinsurance News

Global Study Finds Organizations Facing Cybersecurity Gaps (govtech.com)

Trustwave highlights critical cyber threats to financial services (securitybrief.co.nz)

How to Hire a CISO as Scrutiny Intensifies | Woodruff Sawyer - JDSupra

What savvy hiring execs look for in a CISO today | CSO Online

Cyber Staffing Shortages Remain CISOs' Biggest Challenge (darkreading.com)

Boards caught off guard as hackers exploit AI - CIR Magazine

Cyber threats put pressure on in-house legal chiefs (ft.com)

How to Strengthen and Improve Your Company's Security Posture - Security Boulevard

Cybernews Business Digital Index reveals major shortcomings in corporate customer data security | Cybernews

The Cybersecurity Cat-And-Mouse Game (forbes.com)

What are the cybersecurity trends shaping workforce management? | Business Law Donut

Cybersecurity Compliance and Beyond: How Protocols Drive Innovation and Growth - Security Boulevard

Building Security Culture: Taking Cybersecurity To Main Street | MSSP Alert

Threats

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

The Biggest Cyber Warfare Attacks In Global Geopolitics (informationsecuritybuzz.com)

The Weaponization of AI and ML is Complicating the Digital Battlefield - Security Boulevard

Nation State Actors

China

Mustang Panda Feeds Worm-Driven USB Attack Strategy (darkreading.com)

Experts Identify 3 Chinese-Linked Clusters Behind Cyberattacks in Southeast Asia (thehackernews.com)

Chinese Tag Team APTs Keep Stealing Asian Gov't Secrets (darkreading.com)

Earth Preta Evolves its Attacks with New Malware and Strategies | Trend Micro (US)

TIDRONE Espionage Group Targets Taiwan Drone Makers in Cyber Campaign (thehackernews.com)

Edward Snowden made China a quantum networking superpower • The Register

Pro-Russian Hackers Reportedly Disrupt Taiwan Stock Exchange On Thursday, Services Restored In 22 Minutes - Benzinga

China-Linked Threat Actors Target Taiwan Military Industry - Infosecurity Magazine (infosecurity-magazine.com)

Mystery database containing sensitive info on 762,000 car-owners discovered by researchers | TechRadar

House Committee Warns of Chinese Cranes' Threat to U.S. Port Security (gcaptain.com)

Hunters claims to have ransomed ICBC London, stolen 6.6TB • The Register

Chinese hackers linked to cybercrime syndicate arrested in Singapore (bleepingcomputer.com)

Portuguese government to continue ban on Chinese 5G equipment (techmonitor.ai)

Russia

Russia reportedly readies submarine cable 'sabotage' • The Register

Russia’s election influence efforts show sophistication, officials say - The Washington Post

Intel officials: Moscow built U.S. influencer networks, danger growing from Iran ahead of vote - Washington Times

US Offers $10 Million for Info on Russian Cadet Blizzard Hackers Behind Major Attacks (thehackernews.com)

Germany Accuses Russia’s GRU Military Intelligence of Cyberattacks on NATO, EU - The Moscow Times

NCSC Calls Out Cyber-Attacks From Russia's GRU (silicon.co.uk)

US charges Russian military officers for unleashing wiper malware on Ukraine | Ars Technica

US Offers $60 Million Bounty in Hunt for Russian Hackers - Newsweek

Russian ‘Doppelganger’ influence campaign exposed through internal documents, seized accounts | SC Media (scmagazine.com)

'De facto cyberwar' — Poland says it uncovered 'saboteurs' working for Russia, Belarus (kyivindependent.com)

Western intelligence warns Russia targeting aid to Ukraine - Naval Technology (naval-technology.com)

‘Guerrilla projects’: Russia revels in US allegations of media warfare | Media News | Al Jazeera

The UK Defense Intelligence Confirms russia’s Intelligence Role in the WhisperGate Attacks | Defense Express (defence-ua.com)

Russia Trying to Sway Voters Toward Trump Using Influencers: Official - Business Insider

Russia focusing on US social media stars to covertly influence voters | Reuters

Wix to block Russian users starting September 12 (bleepingcomputer.com)

Iran

The Biggest Cyber Warfare Attacks In Global Geopolitics (informationsecuritybuzz.com)

Intel officials: Moscow built U.S. influencer networks, danger growing from Iran ahead of vote - Washington Times

New Joint CISA – FBI – DC3 Guidance Advises On Ransomware Threats Linked to Iran-Backed Hackers: What Enterprises Need to Know | Alston & Bird - JDSupra

Advisory warns of Iran ransomware threat (baselinemag.com)

The Iran cyber threat: Breaking down attack tactics | ITPro

The US is Preparing Criminal Charges in Iran Hack Targeting Trump, AP Sources Say - SecurityWeek

Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack (thehackernews.com)

Significant ransom payment by major Iranian IT firm underway | SC Media (scmagazine.com)

North Korea

North Korean spy successfully managed to infiltrate cybersecurity training firm using stolen credentials and a fake VPN — here's how you could avoid becoming a victim | TechRadar

Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware (thehackernews.com)

Indodax hacked for $22 million, Lazarus Group suspected | Invezz

North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams (thehackernews.com)

How not to hire a North Korean IT spy | CSO Online

Watch Out for This New LinkedIn Job Scam (tech.co)

Ongoing Lazarus Group campaign sets sights on blockchain pros | SC Media (scmagazine.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Commercial Spyware Use Roars Back Despite Sanctions (darkreading.com)

Predator Spyware Resurfaces: Renewed Threats And Global Implications (informationsecuritybuzz.com)

US arrests leaders of alleged Telegram terrorist group - BBC News

Bomb threats are cyber attack - News - Rádio RSI English (rtvs.sk)

Tools and Controls

Underinvestment blamed for IT security compliance failures - Data Centre & Network News (dcnnmagazine.com)

AI cybersecurity needs to be as multi-layered as the system it's protecting - Help Net Security

Half of IT Leaders Faced Backup Recovery & One-Third Failed (itsecuritywire.com)

CTEM: The next frontier in cybersecurity | TechRadar

Old habits, new threats -- Why more phishing attacks are bypassing outdated perimeter detection (betanews.com)

Top API risks and how to mitigate them | TechTarget

Credential Theft Protection: Defending Your Organization’s Data | MSSP Alert

Best practices for implementing the Principle of Least Privilege - Help Net Security

Inside the Secrets of Physical Penetration Testing | HackerNoon

Competition Fueled by Strong Cyber Insurance Profitability, Pricing Declines (claimsjournal.com)

6 ways hackers sidestep your two-factor authentication | PCWorld

Think rebuild, not recovery, after a supply chain attack (betanews.com)

Data centres to be given massive boost and protections from cyber criminals and IT blackouts - GOV.UK (www.gov.uk)

Hackers Can Abuse Active Directory Certificate Services to Establish Persistence (cybersecuritynews.com)

WordPress Mandates Two-Factor Authentication for Plugin and Theme Developers (thehackernews.com)

Cybersecurity Compliance and Beyond: How Protocols Drive Innovation and Growth - Security Boulevard

Cyber threat needs public sector response (emergingrisks.co.uk)

Cyber insurance set for explosive growth - Help Net Security

How Effective Threat Hunting Programs are Shaping Cybersecurity - Security Boulevard

8 key aspects of a mobile device security audit program | TechTarget

Why cloud security strategy is changing to prioritise recovery - Raconteur

Threat Actors Are Finding it Easier Than Ever to Breach Cyber-Defenses: Enter Data-Centric Security (comforte.com)

62% of Businesses Filed a Cyber Insurance Claim in Last 12 Months, Indicating MSSP Opportunities | MSSP Alert

MI6 and CIA using Gen AI to combat tech-driven threats • The Register

Other News

Cybercriminals target SMEs as large companies beef up security - The Economic Times (indiatimes.com)

Insurers and asset managers continue to invest in longer term cybersecurity planning: Moody's - Reinsurance News

Businesses' preparedness against cyber threats beginning to shrink: Beazley - Reinsurance News

The Escalating Threat of Cybercrime and the Urgent Need for Advanced Defenses (thefastmode.com)

ICO and NCA sign memorandum of understanding for further collaboration on cyber security | ICO

UK National Crime Agency, responsible for fighting cybercrime, ‘on its knees,’ warns report (therecord.media)

How to Strengthen and Improve Your Company's Security Posture - Security Boulevard

The Biggest Cybersecurity Threats Facing Small Businesses Today - DevX

Cybernews Business Digital Index reveals major shortcomings in corporate customer data security | Cybernews

Your travel guide to public Wi-Fi, security and privacy (securitybrief.co.nz)

Data centres deemed 'critical infrastructure' by government | NASDAQ:AMZN (proactiveinvestors.co.uk)

Threat Actors Are Finding it Easier Than Ever to Breach Cyber-Defenses: Enter Data-Centric Security (comforte.com)

City Hall staff told to disconnect from wifi and work from home after cyber-attack on TfL - Harrow Online

Rogue WHOIS server gives researcher superpowers no one should ever have | Ars Technica

Microsoft Office 2024 to disable ActiveX controls by default (bleepingcomputer.com)

New RAMBO attack steals data using RAM in air-gapped computers (bleepingcomputer.com)

Cyberattacks on US utilities surged 70% this year, says Check Point (yahoo.com)

Operational Technology Leaves Itself Open to Cyber-Attack - Infosecurity Magazine (infosecurity-magazine.com)

How cybercriminals attack young gamers: the most common and dangerous scams | Kaspersky official blog

The future of automotive cybersecurity: Treating vehicles as endpoints - Help Net Security

How higher ed can stay ahead of growing cyber threats - eCampus News

Homeland Security seeks private-sector advice to avert devastating cyberattacks on ports, ships | Just The News

Cisco merch shoppers stung in CosmicSting attack • The Register

Shipping has left gates ‘wide open’ for cyber attacks | TradeWinds (tradewindsnews.com)

Aviation sector requires proactive defense through AI, machine learning, and real-time threat detection, says DG BCAS – ThePrint – ANIFeed

Vulnerability Management

Open Source Updates Have 75% Chance of Breaking Apps - Infosecurity Magazine (infosecurity-magazine.com)

Vulnerabilities

Microsoft Patch Tuesday security updates for September 2024 addressed four actively exploited zero-days (securityaffairs.com)

SonicWall SSLVPN access control flaw is now exploited in attacks (bleepingcomputer.com)

Critical remote code execution vulnerability discovered in Microsoft Windows Wi-Fi drivers | TechRadar

Cisco Patches High-Severity Vulnerabilities in Network Operating System - SecurityWeek

Veeam patches critical flaws, urges users to update (computing.co.uk)

Citrix Releases Security Updates for Citrix Workspace App for Windows | CISA

RomCom Group Exploiting Microsoft Office 0-day To Deploy Ransomware (cybersecuritynews.com)

Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401 (securityaffairs.com)

Ivanti fixes maximum severity RCE bug in Endpoint Management software (bleepingcomputer.com)

Adobe Patches Critical, Code Execution Flaws in Multiple Products - SecurityWeek

Chrome 128 Update Resolves High-Severity Vulnerabilities - SecurityWeek

Intel Warns of 20+ Processor Vulnerabilities, Advises Firmware Updates - SecurityWeek

Adobe fixes Acrobat Reader zero-day with public PoC exploit (bleepingcomputer.com)

Palo Alto Networks Patches Dozens of Vulnerabilities - SecurityWeek

Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342) - Help Net Security

Microsoft fixes Windows Smart App Control zero-day exploited since 2018 (bleepingcomputer.com)

GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution (thehackernews.com)

Samsung’s Update Decision—Bad News Confirmed For Millions Of Galaxy Users (forbes.com)

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Black Arrow Admin

Black Arrow Cyber Threat Briefing 13 September 2024

Top Cyber Stories of the Last Week

Trustwave Report Highlights Critical Cyber Threats to Financial Services Sector

Old Habits, New Threats, Why More Phishing Attacks are Bypassing Technical Controls

Prolific Threat Actor Group Scattered Spider Sets Sights on Finance, Insurance Firms’ Cloud Infrastructure

Cyber Criminals Target Smaller Firms as Larger Companies Beef Up Security

The Rise of Deepfakes Means CEOs Need to Rethink Trust

What now? Ransomware Victim Pays Hacker, but Decryption Key Fails

UK Regulator to Significantly Reduce Maximum Fraud Losses Banks are Forced to Cover

Enterprise Mobile Devices See Increased Attacks

Business Email Compromise Costs $55bn Over a Decade

Half of IT Decision Makers Have Had to Recover Data from a Backup with a Third Unable to Make Full Recovery

Insurers and Asset Managers Continue to Invest in Longer Term Cyber Security Planning: Moody’s

Russia's Top-Secret Military Unit Reportedly Plots Undersea Cable 'Sabotage’

Think You Could Never Fall Victim to Cyber Crime? Think Again

Sources

Governance, Risk and Compliance

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Business Email Compromise (BEC)/Email Account Compromise (EAC)

Other Social Engineering

Artificial Intelligence

2FA/MFA

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Outages

Identity and Access Management

Encryption

Linux and Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Regulations, Fines and Legislation

Backup and Recovery

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Misinformation, Disinformation and Propaganda