In today’s technology-driven world, addressing the looming threat of cyberattacks is more significant than ever. On Sept. 14 Auckland Transport (AT), a critical component of New Zealand’s infrastructure and responsible for transportation on ferries, buses, and trains, fell victim to a suspected ransomware attack. The attack affected a range of AT customer services, including the HOP card ticketing and fare network. Recent weeks have been particularly painful for security teams in the travel and retail industries, as ransomware attacks have struck several well-known organisations worldwide. Spe ..read more

Imagine soaring through the skies, carefree, as your flight takes you to your dream destination. While you’re gazing at the clouds, the airline’s IT systems are under siege by cybercriminals. It’s not a plot from a futuristic movie; it’s the reality of today’s world. Buckle up as we explore why airlines are in the crosshairs of cyberattacks and what they can do about it. In this article: A skyrocketing problem Decoding the factors behind the turbulence Navigating stormy regulatory skies and financial upheaval Final approach: safeguarding the skies A skyrocketing problem From 2019 to 2020, th ..read more

Insider threats, whether malicious or compromised, are among the most elusive and frequently overlooked cybersecurity concerns. Traditional security information and event management (SIEM) systems just don’t seem to cut it when it comes to defining the baseline of typical behavior for an insider. By now we’ve all seen the headlines about classified U.S. government documents being leaked on Discord by a military base employee working in cyberdefense operations. It’s equal parts shocking and unsurprising to read the details of incidents like these. This particular individual managed to snap phot ..read more

The banking industry faces numerous challenges, with insider threats ranking at the top. Contrary to popular belief, insider threats play a significant role in cyberattacks, not just involving malicious employees. In this blog post, we’ll explore the different types of insider threats, why banks are attractive targets, and how the right technology can help protect against them. In this article: Understanding insider threats in the banking industry Factors making banks vulnerable to cyberattacks The need for solid detection solutions Identifying insider threats using behavior analytics Assessi ..read more

The Exabeam Security Research Team (ESRT) reviewed the attack characteristics of 24 recent breaches, and this article outlines some of our findings. The most common initial attack vector is stolen or compromised credentials, averaging $4.5 million per breach, according to the 2022 Cost of a Data Breach Report. And the costliest initial attack vector was phishing, at an average of $4.91 million. Phishing emails are one of the most common ways attackers attempt to trick users into providing their user credentials and other information via links to websites that imitate legitimate ones. The recen ..read more

For the last couple of months, the cybersecurity field has experienced multiple challenges as a result of the discovery of the Log4j CVE-2021-44228 vulnerability. This vulnerability still remains a serious danger and continues to put hundreds of millions of devices at risk of being remotely attacked. Log4j is part of the threat family of Remote Code Execution (RCE) where the vulnerability is allowed to execute code in multiple ways, either by a basic Web Request: curl 127.0.0.1:8080 -H 'X-Api-Version: ${jndi:ldap://127.0.0.1/a}' or by a modification of the agent string to be used with a brow ..read more

Adversaries are persistent and clever, as demonstrated by recently documented breaches including T-Mobile and the SITEL Group, a provider of customer experience products and solutions. Lapsus$ purchased credentials and used social engineering to recruit insiders and break into high-profile organizations. They moved laterally to access internal systems, source code, and customer data, among other highly-sensitive information. The group exploited insiders in the workforce, software supply chain, and insecure deployments and controls for credentials and access with the goal to steal information a ..read more

In this article, we introduce the basics of incident response and discuss Security Orchestration, Automation and Response (SOAR) — a tool which makes incident response more efficient, more effective and more manageable at scale. In this article: What is incident response? What is case management? What is SOAR? Three key SOAR capabilities Dashboards and reporting How does SOAR fit with SIEM? What is incident response? Reactive incident response Incident response is an organizational process that allows security teams to contain security incidents or cyber attacks, prevent or control damages ..read more

The best way to detect and respond to malware is to create a layered approach within your network and among your workforce. According to the MIT Technology Review, the number of zero-day exploits discovered in 2021 more than doubled the number discovered in 2020. The exponential increase in zero-days in 2021 was not attributable to better detection capabilities, according to the publication, but rather it was greater access to purchased zero-days by international hacking groups. Consultants and security vendors might assure you that your network is locked down against malware and ransomware th ..read more

Security incidents are events that occur with a potential impact to an organization which can represent a cybersecurity threat or attack. Identifying incidents and responding to them quickly is a critical cybersecurity process. In this article: The definition of a cybersecurity incident The difference between a security incident and security event Notable security breaches Types of security incidents How to respond to a security incident Automating incident response Security incident definition: What is a cybersecurity incident? Security incidents indicate the failure of security measures or ..read more