July 27, 2022
Organizations today find themselves at a critical turning point in the evolution of their vulnerability management efforts. New vulnerabilities are being published more quickly than teams can credibly analyze and remediate them (currently greater than 75 per day), while at the same time a serious talent shortage has developed. According to CyberSeek, the U.S. cybersecurity workforce has over 950,000 workers, with approximately 465,000 open positions.
July 13, 2022
With increasing online threats and a massive shift to remote work over the past two years, it’s no surprise that cybersecurity risks are a top concern for businesses in 2022. Cyber incidents top the Allianz Risk Barometer for the “most important global business risk” in 2022, accounting for 44% of the survey’s responses.
July 11, 2022
AttackIQ has released two new attack graphs that emulate different aspects of OilRig’s operations against multiple sectors around the globe. With these attack graphs, you can test and validate your defenses to improve cybersecurity readiness.
June 15, 2022
AttackIQ has released a new full-featured attack graph emulating the tactics, techniques, and procedures (TTPs) used by the Conti Ransomware Group. Despite the group’s recent dissolution, Conti’s successful post-compromise tactics, techniques, and procedures will live on. This attack graph will help defenders test their cyberdefense technologies against the full range of techniques and procedures that Conti used – and which Conti’s former members, now in other ransomware groups, will likely continue to use.
June 2, 2022
AttackIQ has released a new scenario to test your security controls against exploits used in the Follina 0-day. This new scenario helps security teams validate visibility, patching, security controls, and logging in their environments relative to this pervasive 0-day vulnerability. Elevate your security program performance using AttackIQ.
May 26, 2022
We are immensely pleased to announce the first of AttackIQ’s “malware emulation attack graphs.” We broke down real-world malware into its logical steps to understand the adversary’s behavior. We then use our attack graph methodology to arrange the malware into its component tactics, techniques, and procedures. Using the malware emulation attack graph, defenders can emulate a specific strain of malware to test and validate their security controls. Take a look.
May 23, 2022
It’s January 14, 2020. Patch Tuesday. Your CIO wants to know: “ How does that RDP vulnerability I saw in the news affect us? ” Well, which RDP vulnerability are you talking about, boss?” Never mind; it’s still a good question. You dig deeper.
May 23, 2022
With everyone working from home and IT teams struggling to scale up their infrastructure, how are you accounting for risk?
March 29, 2022
Following an up-tick in the activity of Russia-based cyberthreat actors, this blog discusses the practical steps you can take to validate your network security controls against known Russian tactics, techniques, and procedures to improve your security readiness. It walks readers through Russia-specific emulations included in the AttackIQ Network Control Validation module.
March 11, 2022
AttackIQ and the Center for Threat-Informed Defense are furthering the art of adversary emulation with the Center’s new Attack Flow project. Building on our deep research partnership with the Center, AttackIQ’s Attack Graphs emulate the adversary with specificity and realism to test advanced cyberdefense technologies against multi-stage attacks. Read on for more.
March 8, 2022
To prepare for a potential cyberattack from Russia-based actors, you can begin by testing your security controls against known adversary tactics. The vast majority of cyberattacks use tactics and techniques that have been employed in the past. This blog walks you through key known tactics and techniques, and highlights scenarios in the AttackIQ Security Optimization Platform that you can use today to test your defenses and improve your cybersecurity readiness.
February 8, 2022
How to design a Cyber Vulnerability Management program that maximizes the ROI of your team’s work to be compliant and maximize the reduction of business risk at the same time.
December 15, 2021
We’re excited to announce the general availability of DeepSurface Risk Analyzer v2.7! There are a ton of changes under the hood, but we wanted to let you know about a few key improvements.
December 13, 2021
This article focuses on helping organizations to assess the effectiveness of their compensating controls, enable a threat-informed defense with breach and attack simulation plus the MITRE ATT&CK framework, and interdict the adversary post-breach to drive down risk.
November 29, 2021
Now that the dust has settled around CVE-2021-34527, also known as PrintNightmare, we thought we’d use it as an example of how DeepSurface can reprioritize even the highest priority vulnerabilities, saving you and your patch team hours of effort. For this blog post, you don’t need to know anything about PrintNightmare other than it was nearly ubiquitous, there are dozens of exploits in the wild, and that it’s fairly easy to remediate.
November 16, 2021
We’re excited to announce the general availability of DeepSurface Risk Analyzer v2.6! There are a ton of changes under the hood, but we wanted to let you know about a few key improvements.
September 30, 2021
As organizations react to constantly changing and challenging situations today, they need to be confident they can still meet their business objectives while controlling risk.
September 28, 2021
Firefox is vulnerable to local privilege escalation (LPE) attacks under certain conditions on Windows platforms. This would allow an attacker to perform a local privilege escalation attack against Firefox users using the same Windows system. Through our responsible disclosure program Mozilla was contacted, and full technical details were provided, but has ultimately chosen not to fix this vulnerability.
September 23, 2021
Although ransomware can have devastating effects regardless of which industry vertical an organisation is part of, the healthcare industry has particularly paid a heavy price in recent times.
September 16, 2021
Older versions of Adobe Acrobat Reader are vulnerable to local privilege escalation (LPE) attacks under certain conditions on Windows platforms. This would allow an attacker to perform a local privilege escalation attack against Acrobat Reader users using the same Windows system. Through our responsible disclosure program Adobe was contacted and provided a fix for this issue. Adobe also issued CVE-2021-35982 to track the vulnerability.
August 23, 2021
For the first time, organisations can visually see what Azure security controls can offer in terms of protection, detection and response. With 45 native Azure security control mappings, defenders can start focusing on not only TTPs in the context of Azure threats, but also how each native Azure security control might shield them from related TTPs in Azure.
August 13, 2021
We’re excited to announce our latest version of the DeepSurface product – DeepSurface 2.4. The latest version of our vulnerability management platform expands our reporting capabilities to enable exportable reports to XLSX and PDF to make reporting your vulnerable hosts and missing patches even easier, added support for Thycotic Secret Server PAM, easier setup/administration including emailing of generated reports, and enhancements of our windows agent.
The Kaseya VSA REvil Ransomware Supply Chain Attack: How It Happened, How It Could Have Been Avoided
July 13, 2021
On July 2, 2021, the REvil ransomware group successfully exploited a zero-day vulnerability in the on-premise Kaseya VSA server, enabling a wide-scale supply chain cyber attack. Let’s dig in and see how the attack happened, how attack emulation could have helped, and what you can do to implement a threat-informed defense strategy to prepare yourself for similar threat actor behavior.
July 2, 2021
Node.js is a popular back-end JavaScript runtime environment built on the V8 engine. As part of our internal security research, we discovered numerous products in production environments installed with insecure permissions. One of these products was Node.js, and we decided to investigate further.