With tens of thousands of potential threats lurking in remote corners of the deep and dark web, organizations are increasingly at risk of being targeted by cyber attackers or having their sensitive information traded or leaked online. Deep and dark web monitoring enables businesses to safeguard their digital assets and accelerate visibility of online threats, protecting their brand and reputation.

As cyber threats continue to grow more sophisticated, the demand for dynamic, scalable security solutions has led to the increasing adoption of Security Operations Center as a Service (SOC as a Service, or SOCaaS). The SOC as a Service model offers a significantly more cost-effective alternative for organizations without the resources to establish full-scale, in-house security operations centers (SOCs).

The education sector proved to be a key target for threat actors in Q2 2024, particularly for ransomware groups. FOG ransomware was a significant threat to the sector this quarter, with clear seasonal cycles in incidents impacting educational institutions, possibly due to perceived reduction in IT staffing around the summer months or the belief that schools may be more likely to pay a ransom during peak periods.

In Q2 2024, the Kroll Cyber Threat Intelligence (CTI) Team observed an increase in activity around a new ransomware group named FOG. FOG was initially observed in May 2024, and since then has been heavily targeting higher educational institutions in the U.S. by exploiting compromised VPN credentials. Kroll's review of a recent FOG binary (1.exe) found no exfiltration or persistence mechanisms directly integrated.

In a security bulletin on February 19, ConnectWise announced critical vulnerabilities (CVE-2024-1708 & CVE-2024-1709) to its on-premises ScreenConnect product (identified and responsibly reported by one of Kroll’s SOC analysts), allowing attackers to takeover an organization’s ScreenConnect. The vulnerability, trivial to exploit, allows anonymous individuals to a create system admin account on publicly exposed instances of the product.

The concept of Software Bill of Materials (SBOM) has gained serious traction in recent years, emerging as a critical element of software security frameworks. SBOM refers to a comprehensive inventory of all the components and dependencies, or the software supply chain, that make up a software application. The influence of SBOM on modern software and application security programs is so compelling that government organizations like the U.S.

Between customer requirements, regulatory or legislative mandates and executive orders, incorporating strong security controls throughout the Software Development Lifecycle (SDLC) has become a central focus for development groups, leadership teams and governing bodies. However, regardless of external motivators, maintaining a secure SDLC also provides the developer tangible benefits regarding the health of the software by ensuring a meticulous focus on architecture and solid software-building practices.