In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting attack coverage for newly discovered or analyzed threats, including those based on original research conducted by SafeBreach Labs. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook™ to ensure coverage against these advanced threats. Additional details about the threats and our coverage can be seen below.

On December 18th, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) issued an urgent advisory to highlight the ongoing malicious activities being conducted by the Play ransomware group.

Endpoint detection and response (EDR) tools are essential for safeguarding an organization’s endpoints, such as computers, servers, and mobile devices. With adversaries leveraging increasingly sophisticated techniques, choosing the right EDR solution that fits your organization’s needs is more critical than ever. The challenges, requirements, and risk tolerances of any business are crucial factors in selecting the most suitable tool for your specific IT environment.

On December 13th, The U.S. Federal Bureau of Investigation (FBI), U.S. Cybersecurity & Infrastructure Security Agency (CISA), U.S. National Security Agency (NSA), Polish Military Counterintelligence Service (SKW), CERT Polska (CERT.PL), and the UK’s National Cyber Security Centre (NCSC) have issued an urgent advisory about the ongoing exploit of CVE-2023-42793 by Russian Foreign Intelligence Service (SVR) threat actors.

On December 15, 2023, the U.S. Securities and Exchange Commission (SEC) will be enacting new rules mandating corporations to disclose specific information related to their cybersecurity. These rules require companies subject to SEC regulation—essentially, any company that trades their shares on a U.S. stock exchange—to disclose details following a material security incident.

On December 5th, the Cybersecurity and Infrastructure Security Agency (CISA) released an advisory that confirmed the exploitation of CVE-2023-26360 at a Federal Civilian Executive Branch (FCEB) agency by unknown threat actors. Exploiting this vulnerability allowed threat actors to gain access to the FCEB agency network on two separate occasions in June 2023.

During a cyber attack, malicious actors often breach an organization’s perimeter security with tactics like vulnerability exploitation and phishing. Once inside, they attempt to navigate the organization’s network to escalate their privileges and steal or encrypt data—but here they often face sophisticated endpoint detection and response (EDR) systems designed to identify and prevent this type of activity.

Now that endpoint detection and response (EDR) solutions have become standard, it’s time to look at what’s next. In light of the ever-increasing attack surface, rampant proliferation of ransomware, and continued remote work environments, security leaders must proactively find new and innovative tools to protect endpoints from attack.