At the end of May 2024, the largest ever operation against botnets, dubbed Operation Endgame, targeted several botnets including IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee, and Trickbot. This operation significantly impacted the botnets by compromising their operations and shutting down their infrastructure. Although Latrodectus was not mentioned in the operation, it was also affected and its infrastructure went offline.

Digital relationships with third-party vendors increase opportunities for growth, but they also increase opportunities for cyberattacks — a recent study found that 61% of U.S. companies said they have experienced a data breach caused by one of their vendors or third parties (up 12% since 2016). Implementing a vendor risk management strategy aligned with frameworks like the NIST security framework can help mitigate these risks.

Talking to fellow CISO’s around the globe - and in particular Europe - the topic of cybersecurity regulations and compliance has taken on a new life. Most recently, the Network and Information Security (NIS 2) Directive is the latest regulation shaking up the region. NIS2 is much more than an update though—it's transforming the cybersecurity landscape of the EU.

As cybersecurity leaders try to get ahead of threats to their organization, they're increasingly seeking ways to get off the hamster wheel of chasing countless CVEs (common vulnerabilities and exposures). The brass ring that most CISOs reach for today is prioritization of exposures in their infrastructure (and beyond), so their teams can focus on tackling the ones that present the greatest risk. In some cases, the highest priority exposures will still be critical CVEs on mission critical assets.

In our global study of the CISA KEV Catalog, we uncovered widespread vulnerabilities and the swift pace at which threats evolve. As we dissect the layers of data from the report, it becomes evident that each country's unique approach to cybersecurity regulation, vulnerability management, and remediation presents distinct challenges and opportunities.

Every cybersecurity team is being challenged to do more with less. CISOs experience top-down pressure to maximize the value of their resources, consolidate vendors as much as possible, and optimize their tool stack. And, they have unchanged expectations of keeping their organization safe across ever-growing digital supply chains. But traditional approaches to VRM often leave cybersecurity teams grappling with a tangled web of manual processes, disparate tools, and fragmented data.

At Bitsight, part of the Vulnerability Research team's core work involves analyzing vulnerabilities in order to create detection capabilities that can be implemented on an Internet-wide scale.

Whether it's because industrial control systems remain quite vulnerable to attacks, or because these systems manage valuable physical resources and uptime is essential—or a bit of both—attackers are increasingly targeting operational technology (OT) and industrial control systems (ICS).

Bitsight was named a Leader in The Forrester Wave: Cybersecurity Risk Ratings Platforms, Q2 2024 for a third consecutive time. Click here to download The Forrester Wave: Cybersecurity Risk Ratings Platforms, Q2 2024. We are incredibly proud to be highlighted as a Leader, and our placement in this report is validation of our ongoing effort to help risk and security leaders identify exposure, prioritize investment, communicate with stakeholders, and mitigate risk.

It’s been a while since I’ve blogged. Things have been busy; Bitsight released a great report authored by yours truly on CISA’s KEV catalog. It’s really great if I do say so myself so I highly recommend going and giving it a glance.