Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

May 2022

Rapidly evolving IoT malware EnemyBot now targeting Content Management System servers and Android devices

AT&T Alien Labs™ has been tracking a new IoT botnet dubbed “EnemyBot”, which is believed to be distributed by threat actor Keksec. During our investigations, Alien Labs has discovered that EnemyBot is expanding its capabilities, exploiting recently identified vulnerabilities (2022), and now targeting IoT devices, web servers, Android devices and content management system (CMS) servers.

How DNS filtering can help protect your business from Cybersecurity threats

The Domain Name System (DNS) is an important tool that connects devices and services together across the Internet. Managing your DNS is essential to your IT cybersecurity infrastructure. When poorly managed, DNS can become a huge landscape for attackers. Nonetheless, when properly configured, DNS is a key line of defense against cyber threats for your organization. DNS filtering is an essential component of business cybersecurity.

How to stay ahead of the Cybersecurity labor crisis and keep growing your business

Cybersecurity is a complex task that is never complete. It’s an ongoing proactive practice of securing, monitoring, and mitigating threats. It’s a constant cycle where threats and vulnerabilities are detected, teams investigate and mitigate any issues, then network cybersecurity systems are reinforced to combat the next potential threat. Business operations increasingly rely on numerous devices and digital tools to accomplish daily tasks.

Building trust in a Zero-Trust security environment

Despite years of industry efforts to combat insider threats, malicious behavior can still sometimes be difficult to identify. As organizations work towards building a corporate cyber security culture, many have begun looking into zero-trust architectures to cover as many attack surfaces as possible. This action is a step in the right direction, but it also has the potential to raise fears and generate negative responses from employees.

Challenges that impact the Cybersecurity talent pipeline

Cyberattacks are alarming, and establishments must increase protections, embrace a layered attitude, and cultivate security-conscious users to combat growing concerns. Cybersecurity leaders are being inundated with talent development resources offered, encompassing hiring, recruitment, and retention of the talent pipeline. Fifty percent of hiring managers typically deem that their candidates aren’t highly qualified.

Stories from the SOC - Persistent malware

One of the most prevalent threats today, facing both organizations and individuals alike, is the use of ransomware. In 2021, 37% of organizations said they were victims of some type of ransomware attack. Ransomware can render large amounts of important data inaccessible nearly instantly. This makes reacting to potential ransomware events in a timely and accurate manner extremely important. Utilizing an endpoint security tool is critical to help mitigate these threats.

How to counter smart home device breaches

This blog was written by an independent guest blogger. Businesses that allow employees to work from home are more likely to encounter a new security threat — compromised smart home devices. Smart technology connected to an employee’s home network, like smart thermostats, appliances, and wearables, can all fall victim to hackers. Workers that join their employer’s network remotely can unwittingly allow compromised devices to open the doors to hackers.

What to look for in a vCISO as a service

“Approximately 64% of global CISOs were hired from another company” according to the 2021 MH Global CISO Research Report. The reasons are because of talent shortages, the role is still new to some companies, and companies have not created a succession plan to support internal promotions. To overcome these challenges, companies can look to Virtual Chief Information Security Officer (vCISO) or a vCISO as a service provider.

Cybersecurity and resilience: board-level issues

Resilience means more than bouncing back from a fall at a moment of significantly increased threats. When addressing resilience, it’s vital to focus on long-term goals instead of short-term benefits. Resilience in the cybersecurity context should resist, absorb, recover, and adapt to business disruptions.

How and why you should secure APIs

APIs are a crucial tool in today’s business environment. Allowing applications to interact and exchange data and services means that companies can provide an ever-greater range of features and functionalities to their clients quickly and easily. So, it is no wonder that a quarter of businesses report that APIs account for at least 10% of their total revenue - a number that will only increase in coming years.

Analysis on recent wiper attacks: examples and how wiper malware works

Wiper’s main objective is to destroy data from any storage device and make the information unavailable (T1485). There are two ways of removing files, logical and physical. Logical file removal is the most common way of erasing a file, performed by users daily when a file is sent to (and emptied from) the Recycle bin, or when it is removed with the command line or terminal with the commands del/rm.