In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting newly added coverage for several recently discovered or analyzed ransomware and malware variants, including RagnarLocker ransomware, LokiLocker ransomware, and Humble ransomware, amongst others. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook™ to ensure coverage against these advanced threats.

On September 20th, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released an advisory highlighting the various indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with the Snatch ransomware variant. This variant was identified as recently as June 1, 2023, by the FBI. Detailed information is listed in US-CERT Alert AA23-263A – #StopRansomware: Snatch Ransomware.

At SafeBreach’s 2023 Validate Summit—a yearly event that brings together experts in the security community to discuss challenges, best practices, and key considerations for building a proactive security program—we asked attendees to share why they began using a breach and attack simulation (BAS) tool like SafeBreach. One of our customers had a straightforward answer: people, time, and money.

In July of this year, the Transportation Safety Administration (TSA) released Security Directive Pipeline-2021-02D (SD-02D) Pipeline Cybersecurity Mitigation Actions, Contingency Planning, and Testing. The directive—aimed at owners and operators of liquid and natural gas pipelines or facilities designated as critical infrastructure—outlines requirements for enhancing cyber resilience through the implementation of a TSA-approved cybersecurity implementation plan (CIP).

In the first installment of this three-part series based on our recent white paper, The Skeptic’s Guide to Buying Security Tools, we outlined an evidence-based approach to helping your organization justify a new security tool purchase. This included identifying where security gaps exist, if those gaps could be filled by existing tools, and—if not—how to evaluate potential tools that could help.

On September 7, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and U.S. Cyber Command’s Cyber National Mission Force (CNMF) published a joint Cybersecurity Advisory (CSA), Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475.

In 2013, MITRE created the ATT&CK framework to give security practitioners a shared language for the tactics, techniques, and procedures (TTPs) employed by advanced persistent threat (APT) groups. The result is a knowledge source that provides valuable threat information, allowing teams to take a proactive approach in identifying and mitigating potential cybersecurity threats. Though the framework is widely used, most organizations struggle to effectively utilize it.