Welcome to your Daily Threat Brief. Every morning we transmit a succinct summary of threat activities designed to inform your decision-making. Learn things your adversaries wished you didn’t. 

Sign Up For The Daily Threat Brief

U.S. National Cyber Strategy: What You Need to Know

On September 20, 2018, the White House released a new cybersecurity strategy with several important changes in direction meant to give government agencies and law enforcement partners a greater ability to respond to cybercrime and nation-state attacks. The new U.S. cyber strategy makes one message clear: America will not sit back and watch when attacked in… Read more

The Haunting Horror Story Of Cybercrime

Businesses worldwide face a sense of creeping dread and imminent disruption due to the threat of cybercrime. Nowadays, they are more prone than ever to terrors such as malware hijacking browsers to sniff or intercept application authentication credentials. Then there are the strains of malware that target financial logins to… Read more

Who gets spear phished, and why?

The story of nearly every notable data breach in recent memory begins in pretty much the same way: Once upon a time, someone got spear phished… Whether it’s a government agency or a Fortune 500 company, spear phishing is a serious threat, with losses topping $675 million in 2017 in the US alone. The phishing… Read more

Inside the Dark Web’s ‘Help Wanted’ Ads

Lurking on the Dark Web are threat actors seeking help for a range of illegal activities, from malware attacks to insurance fraud to murder. When they need a new hire, they post virtual ads, vaguely describing the role while offering the most money for jobs with the greatest risk. It’s… Read more

Audits: The Missing Layer in Cybersecurity

There is a broad spectrum of cybersecurity preparedness on the enterprise landscape, but even organizations that are relatively well-resourced and committed to cybersecurity stand to benefit from cybersecurity audits. Recent audit findings revealed gaps in the Washington Metropolitan Area Transit Authority’s cybersecurity posture, while deficiencies were similarly pinpointed in an audit of the… Read more

Why digital transformation puts you at greater risk for cyberattacks

Digital transformations could expose your organization to a greater risk of costly cyberattacks, according to a joint study from ESI ThoughtLab, WSJ Pro Cybersecurity, Security Industry Association, and other organizations. The study surveyed 1,300 companies and found that those whose digital transformations surpass their cybersecurity practices are likely to see a loss… Read more

7 Ways A Collaboration System Could Wreck Your IT Security

It can seem as if no corporate meeting is complete until someone says the word “collaboration.”  And for good reason: Use of collaboration tools is spreading to keep up with the phrase’s ubiquity, with the global collaboration tool market projected to reach nearly $10 billion by 2021. But before an IT group blithely answers… Read more

Nearly Half of Americans Willing to Give Brands a Pass for a Data Breach

New data shows that the U.S. public is surprisingly forgiving despite data breaches and controversies as long as companies demonstrate good faith. Consumer Attitudes Toward Data Privacy and Security Survey by Janrain also found that 42 percent of U.S. consumers surveyed report at least being open to forgiving the brand, while… Read more

GreyEnergy group targeting critical infrastructure with espionage

ESET has uncovered details of a successor to the BlackEnergy APT group. Named GreyEnergy by ESET, this threat actor focuses on espionage and reconnaissance, quite possibly in preparation for future cyber-sabotage attacks. BlackEnergy has been terrorizing Ukraine for years and rose to prominence in December 2015 when they caused a blackout… Read more

Researcher finds simple way of backdooring Windows PCs and nobody notices for ten months

A security researcher from Colombia has found a way of gaining admin rights and boot persistence on Windows PCs that’s simple to execute and hard to stop –all the features that hackers and malware authors are looking for from an exploitation technique. What’s more surprising, is that the technique was… Read more

(ISC)² : Global Cybersecurity Workforce Short 3 Million People

The global shortage of cybersecurity experts has reached 2.93 million, posing a growing risk to businesses worldwide struggling to find, hire, and retain skilled employees to maximize their defenses. According to the new (ISC)² 2018 Cybersecurity Workforce Study published today, the shortage is greatest in Asia Pacific, which lacks 2.14M… Read more

Oceansalt cyberattack wave linked to defunct Chinese APT Comment Crew

Cybersecurity researchers from McAfee’s Advanced Threat Research team have discovered a new campaign which focuses on cyberespionage and data reconnaissance. South Korea appears to be the primary target of the campaign, dubbed “Operation Oceansalt,” with five attack waves launched in May against organizations in the country. The group uses a data reconnaissance… Read more

UK firms face 65,000 cyber attacks a day

Small businesses in the UK are the target of an estimated 65,000 attempted cyber attacks each day, according to figures released by Hiscox to help raise awareness of the prevalence of cyber crime. Cyber security incidents cost the average small business £25,700 (over $33,700) last year in direct costs, including… Read more

Targeted attacks on crypto exchanges resulted in a loss of $882 million

Group-IB has estimated that cryptocurrency exchanges suffered a total loss of $882 million due to targeted attacks in 2017 and in the first three quarters of 2018. According to Group-IB experts, at least 14 crypto exchanges were hacked. Five attacks have been linked to North Korean hackers from Lazarus state-sponsored group, including… Read more

SEO Poisoning Campaign Targeting U.S. Midterm Election Keywords

A new SEO poisoning campaign has been discovered that is targeting keywords associated with the U.S. midterm elections. SEO poisoning is when attackers create malicious sites or hack legitimate ones in order to generate pages that promote certain keywords. These pages are then linked together between a large amount of… Read more

Gain Deeper Insights Into The Threat

Sign up to gain access to our special reports on threat actors and their tactics as well as daily Threat Brief.

Your support will enable us to continue our production of action-oriented content and help us help you stay informed on the latest in adversary activities.

Try our free two week trial.

Sign Up For Free Trial of The Daily Threat Brief