This blog is the latest in a series dedicated to Zhadnost, a Russia-aligned botnet first discovered by SecurityScorecard in March.

In 2020, SecurityScorecard uncovered a case in which self-signed certificates caused misattributions for CDN IPs, and IPs shared by many websites. At the time, we mitigated this issue by labeling CDNs (e.g. Cloudflare, Akamai, Fastly, etc.), so that customers could easily determine if their scoring problems were related to shared IPs.

As malicious attackers and nation states have increasingly weaponized the cyber domain to impact private companies, the sustainability of organizations' ties to their cybersecurity is in question across all industries and sectors. There are many examples of companies going out of business as a result of a cyber attack, due to business leaders failing to wrap their arms around all the different ways that the ever evolving cyber threat landscape can impact their business.

As mentioned in SecurityScorecard’s (SSC) previous Zhadnost blog posts (part one and part two), the DDoS attacks against Ukrainian and Finnish websites do not appear to have a lasting impact, as the sites were back online within hours of the attack.

SecurityScorecard’s own Ondrej Krehel talks with News 12 in New York about how to protect yourself from what might be the most surreal spam number of all—your own. Most of us are used to getting spam texts: You’ve paid your bill, click this link for a free gift! You’ve won the sweepstakes, click here to redeem! It’s no surprise that nothing good comes from clicking those links.

Creating an incident response plan is mission-critical for modern organizations. As threat actors continuously evolve their attack methodologies, organizations need the people, processes, and technologies that allow them to rapidly respond to a security incident. According to research, attacks have increased by 15% since 2019.

A democratized approach to cybersecurity risk management that leverages continuous monitoring and public-private partnerships is overdue, and critical, for today’s cyber threat environment.

SecurityScorecard (SSC) has identified a DDoS attack which targeted the websites of the Finnish Ministry of Foreign Affairs and Ministry of Defense. SSC discovered more than 350 bots, mainly located in Bangladesh and African countries, which are now considered to be part of the Zhadnost botnet, previously discovered by SSC in March.

Nearly every day, it seems like you’re reading about another data breach in the news. Between ransomware attacks and nation-state actors, you can’t rely on the old “trust but verify” adage anymore. Cyber resilience isn’t about preventing all threats, it’s about creating a security program that allows you to identify, investigate, contain, and mitigate threats quickly and effectively.

Water Sector Cybersecurity Requirements Policymakers and regulators in Washington are bringing their attention now to water utilities’ cybersecurity. Last month, the White House announced it was expanding its public-private cybersecurity partnership to the water sector. Separately, in December of 2021, the Environmental Protection Agency (EPA) announced an evaluation of regulations related to the public water system’s cybersecurity, which will change in April.

One would be hard pressed to find anyone working today in the cybersecurity world that has not yet heard of Lapsus$, an emerging cyber-crime group with big claims of breaching the likes of high-profile companies Microsoft, Samsung, NVIDIA, and Okta amongst others.

How well do you know your organization’s attack surface? Chances are, you don’t know it as well as you think you do. According to a recent report, 2 out of 3 organizations say their external attack surface has expanded in the past 12 months, but that does not mean they’ve been keeping track of it.

The amount of data that municipalities deal with on an everyday basis has grown exponentially. In particular, local governments have focused on upping their cybersecurity efforts due to the sensitive information and data stored and shared with state and federal government programs. It is now more important than ever to ensure effective cybersecurity within local governments. In this blog, we will take a look at how your local government can reduce impending risks and secure innate vulnerabilities.

As most of our customers know, every single company – customer or not – gets free and unlimited access to their own company’s Scorecard. This view allows them to see the complete details of their scorecard and a high-level view of five other scorecards. SecurityScorecard provides this free access because we know that when companies engage with their scorecard, their scores improve, their attribution becomes more accurate, and our customers lower their own cyber risk.

On Thursday, March 31st a patch for a widely used Java framework called the Spring Framework was given the designation CVE-2022-22965 with a CVSS Score of 9.8. That’s bad news for a lot of companies that make use of this framework for delivery of their web applications, services and APIs. This is a remote code execution (RCE) vulnerability and the ease of exploitation is partly why it has earned a 9.8 out of 10 on the CVSS Score.