Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In this guest post, Jason English, Director and Principal Analyst at Intellyx explores how GenAI is moving beyond chat to orchestrate real action for SOC teams. As my colleague Eric Newcomer mentioned in the previous chapter of this series, GenAI changes the security automation game, with multi-system discovery, documentation, and task execution capabilities that can reduce cognitive load and toil for security analysts.

HellCat is the name of a relatively new ransomware-as-a-service (RaaS) group that first came to prominence in the second half of 2024. Like many other ransomware operations, HellCat breaks into organisations, steals sensitive files, and encrypts computer systems - demanding a ransom payment for a decryption key and to prevent the leaking of stolen files.

In recent years, cybersecurity has undergone a radical transformation. Traditional solutions, once sufficient to protect organizations' digital assets, have become obsolete against increasingly complex cyber threats. Malicious actors now leverage advanced technologies to launch sophisticated attacks at unprecedented scales and speeds. According to the UK's National Cyber Security Centre, AI is accelerating the spread of ransomware and lowering the entry barrier for less experienced cybercriminals.

Managed Detection and Response is crucial in strengthening securing systems from cyber-attacks. MDR integrates latest technology that detects threats providing around-the-clock monitoring and speedy response to problems. To detect and eliminate advanced threats such as advanced persistent threats (APTs) and zero-day vulnerabilities, it resorts to a mix of automated tools and human intervention. These threats pose serious risk to organizations and their compliance to security requirements.

This is the second part of Outpost24’s KrakenLabs investigation into EncryptHub, an up-and-coming cybercriminal who has been gaining popularity in recent months and is heavily expanding and evolving operations at the time of writing. We’ve already published one article explaining EncryptHub’s campaigns and TPPs, infrastructure, infection methods, and targets.

Let’s be honest – the burden of payment fraud has for years fallen squarely on the shoulders of scammed customers – A.K.A., victims. Reimbursement has largely been tactical; an opt-in gesture of goodwill administered on a case-by-case basis to customers who either make enough noise, or hold accounts banks can’t afford to lose. If you’re familiar with the UK’s APP fraud reimbursement mandate, you’ll know that things are changing in a big way.

A Cybersecurity Warrior Leader is a term that combines the concepts of leadership and expertise in the field of cybersecurity with the mindset and traits of a warrior. These individuals function as CISOs and vCISOs in project and operational roles leading programs, initiatives, teams, and organizations in defending against cyber threats, while exhibiting key qualities associated with warriors, such as strategic thinking, resilience, and a strong sense of duty.

Threat intelligence is a vast and evolving field that encompasses a wide range of concepts, methodologies, and terminologies. Whether you are a cybersecurity professional, an analyst, or someone looking to enhance your understanding of the domain, being familiar with key terms is essential. However, the sheer number of acronyms and technical jargon used in threat intelligence can often be overwhelming and difficult to keep up with.