The digital footprint of organizations has evolved and grown significantly over the past 10 years, now its important to not only protect just IP addresses and domains but also social media, payment platforms, and third-party services. Identifying risks like vulnerabilities, supply chain attacks, and credential leaks are crucial for organizational security. The Cyberint team have analyzed 1000s of risks and threats and narrowed down the top 4 risks facing Latin America in 2024 and going into 2025.

If you’ve worked in the Managed Security Services Provider (MSSP) industry for a while, you might remember the era when the MSSP tool set consisted only of internal risk management solutions – like software that scanned client endpoints and application source code. Those days are gone. Today, external risk management has become just as critical a part of an MSSP’s job.

If you’re in the Managed Security Services Provider (MSSP) business, landing new customers is great. What’s even better, however – and more crucial for long-term business success – is retaining existing customers. After all, keeping customers can cost up to 25 times less than acquiring new ones, according to Harvard Business Review.

To platform or not to platform. That is the question. At least, that’s the question that businesses increasingly face as they chart strategies for managing external risk and consider cybersecurity platform consolidation. Historically, the go-to approach for identifying and mitigating external risks was to adopt point solutions – meaning individual tools that focused on doing one thing and doing it well.

Initial Access Brokers (IABs) are threat actors who infiltrate networks, systems, or organizations and sell this unauthorized access to other malicious actors. Instead of executing the entire cyberattack, IABs focus on the initial breach and monetize it by selling access to compromised systems. They assist ransomware operations, particularly RaaS schemes, by streamlining attacks and reducing workload at the start.

The cyber threat landscape is complex and includes many vectors of attack. Organizations face critical security challenges every day, such as stolen employee credentials, fake websites, and social media impersonation. Taking a binary point of view, those threats can be divided into two simplistic dimensions: external and internal. According to the 2023 Verizon DBIR, the external threats consume 83% of the total threats.

Indicators of Compromise, or IOCs, refer to artifacts or clues that may be identified on a network or system indicating a potential security breach. They can be Ips, domain names and more.

Amid the disruption of the Hive ransomware group by law enforcement agencies, Hunters International emerged onto the cyber scene in Q3 of 2023, displaying notable technical similarities with Hive, hinting at an evolutionary progression or branch-off from the dismantled group. This transition underscores the adaptive nature of cybercriminal networks, persisting in their illicit activities despite law enforcement actions.

Windows Installers (.msi files) are a known vector of malware distribution. Although not quite common, they have been used by threat actors to distribute malware of all sorts. During July 2024, the Cyberint Research Team noticed somewhat of an uptick in the usage of malicious.msi files. Among the various samples we noticed a specific variant of malicious installer being actively used in the wild, disguised as legitimate applications or update installers and targeting Korean and Chinese speakers.

NIST has long been an important acronym in the world of cybersecurity, where organizations have for years used the NIST Cybersecurity Framework to help guide their security investments. But the practices and controls associated with NIST have evolved recently, due to the release of NIST 2.0. If you’re stuck in the era of NIST 1.x, it’s time to adapt.