Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In the dynamic realm of governmental regulations, the Digital Operational Resilience Act (DORA) in the EU emerges as a game-changer. Slated for a detailed rollout by early 2024, the buzz surrounding DORA has resonated within the information and communication technology (ICT) and financial sectors for quite some time, and its distinction lies in its holistic and authoritative approach. DORA is heralded as the high-water mark for cybersecurity regulations tailored for the financial arena. Its mission?

The Open Web Application Security Project (OWASP) has published the latest edition of its API Security Top Ten, which was first published in 2019. The Top Ten is a significant daughter list of the OWASP Top Ten, which is one of the most definitive lists of the most severe web application risks. Why is this important? What are its main findings? And what does this mean for application security?

As attackers evolve their toolsets and processes, the significant drop in dwell time signifies a much higher risk to organizations that now have less time to detect and respond to initial attacks. This is bad news. Two years ago, the median dwell time – the time between gaining access to a network and executing the ransomware – was 5.5 days. Last year it was 4.5 days.

The massive uptick in business email compromise (BEC) is considered one of the costliest attack types, requiring organizations to put employees on notice to stay vigilant. The latest research from the FBI puts the average cost of BEC attacks at around $125,000. What makes them so dangerous is that they largely rely on text-only emails using social engineering to trick those with finance responsibilities into parting with the money they control.

In 2022, a German security researcher disclosed that he had gained remote control of over 25 electric vehicles. In doing so, he was able to access numerous onboard features of these vehicles such as querying the vehicle location, disabling security features, unlocking doors, and starting the engine. The security flaw that allowed this break was not with the vehicle’s system itself, but presented by an open source companion application.

Safeguarding an organization’s virtual realms has never been more important. Today, connectivity and data are the new currency. Yet, as technology advances, so do the malicious actors and their methods, constantly devising more unique and covert ways to breach defenses. Herein lies the role of detection engineering. Acting as the digital watchtower for organizations, detection engineering responds to known threats and continuously scans the horizon for the slightest hint of a potential breach.

New assets, vulnerabilities, and even human errors like server misconfigurations make a continuously updated overview non-negotiable. AppSec and ProdSec teams must take action on newly discovered vulnerabilities and policy breaches quickly and efficiently. Prioritizing which vulnerabilities and risks to remediate first and having this information all in one place will help security teams get the latest insights about their attack surface immediately.

Kroll has observed an uptick in cases of DARKGATE malware being delivered through Microsoft Teams messages. These campaigns have mainly targeted organizations in the transportation and hospitality sectors. This activity has also been reported throughout open-source reporting, sharing a number of key indicators with Kroll observations, such as common filenames, adversary infrastructure and similar domain name conventions to host the initial download.