On September 20th, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released an advisory highlighting the various indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with the Snatch ransomware variant. This variant was identified as recently as June 1, 2023, by the FBI. Detailed information is listed in US-CERT Alert AA23-263A – #StopRansomware: Snatch Ransomware.

At SafeBreach’s 2023 Validate Summit—a yearly event that brings together experts in the security community to discuss challenges, best practices, and key considerations for building a proactive security program—we asked attendees to share why they began using a breach and attack simulation (BAS) tool like SafeBreach. One of our customers had a straightforward answer: people, time, and money.

In July of this year, the Transportation Safety Administration (TSA) released Security Directive Pipeline-2021-02D (SD-02D) Pipeline Cybersecurity Mitigation Actions, Contingency Planning, and Testing. The directive—aimed at owners and operators of liquid and natural gas pipelines or facilities designated as critical infrastructure—outlines requirements for enhancing cyber resilience through the implementation of a TSA-approved cybersecurity implementation plan (CIP).

In the first installment of this three-part series based on our recent white paper, The Skeptic’s Guide to Buying Security Tools, we outlined an evidence-based approach to helping your organization justify a new security tool purchase. This included identifying where security gaps exist, if those gaps could be filled by existing tools, and—if not—how to evaluate potential tools that could help.

On September 7, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and U.S. Cyber Command’s Cyber National Mission Force (CNMF) published a joint Cybersecurity Advisory (CSA), Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475.

In 2013, MITRE created the ATT&CK framework to give security practitioners a shared language for the tactics, techniques, and procedures (TTPs) employed by advanced persistent threat (APT) groups. The result is a knowledge source that provides valuable threat information, allowing teams to take a proactive approach in identifying and mitigating potential cybersecurity threats. Though the framework is widely used, most organizations struggle to effectively utilize it.

Financial services institutions (FSIs) have become an increasingly common target for malicious actors. According to Boston Consulting Group, FSIs are 300 times more likely to face cyber attacks than other sectors, and the 2022 VansonBourne report noted that 94% of the FSIs it surveyed experienced a cyber attack in the last 12 months.

Research shows many companies now own and operate more than 60 disparate security tools, yet breaches continue to make headlines. Throwing more tools at the problem is a tactic that simply doesn’t work and— with trends pointing toward tighter security budgets—may not even be possible anymore. Security leaders are now in a position that requires them to ask tough questions and carefully scrutinize new security tools before pulling the trigger on purchases.

In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting newly added coverage for several recently discovered or analyzed ransomware and malware variants, including Akira ransomware, 8base ransomware, and Rorschach (BabLock) ransomware, amongst others. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook™ to ensure coverage against these advanced threats.