The Talos Year in Review is available now and contains a wealth of insights about how the threat landscape has shifted in 2023.
With new ransomware strains emerging from leaked source code, commodity loaders adding more reconnaissance measures to their belts, and geopolitical events influencing APT activity, there's a lot to dissect.
Even if the defender community dismantles a botnet, like for example the takedown of Qakbot in August, it doesn't mean the group behind it will cease to operate.
Knowing what risks you can accept, and what risks you absolutely can't.
As we at Talos commonly say, whomever knows the network best, owns the network.
Veradigm, a healthcare IT organization that the Cisco Talos Incident Response team has been working alongside for many years to proactively assess and constantly improve their security posture, recently detected an intrusion and potential information-stealing attack.
Luckily, their preparedness coupled with their Talos IR partnership enabled them to swiftly pinpoint the issues before bad actors could execute their plan.
Veradigm has also participated in multiple Talos IR tabletop exercises to stress test processes and adjust as needed to respond and succeed more quickly.
Aligned to that, experts from across Cisco recently sat down to discuss proactive threat hunting in general, and the benefits this type of activity can have to help organizations find vulnerabilities and weak points that hadn't been spotted before.
One of the newer cross-regional trends we observed this year is an increase in the targeting of network devices, from both APTs and cybercriminals.
The intent can differ between these disparate adversaries: the former is more driven by espionage and secondary target selection while the latter aims more for financial gain.
Both groups rely on exploiting recently disclosed vulnerabilities as well as weak/default credentials.
This is one of the reasons why use of valid accounts was a top MITRE ATT&CK technique observed this year, and consistently a top weakness in Talos Incident Response engagements.
Patching isn't easy, and isn't necessarily without risk.
We got a question on the Reddit AMA thread that we ran earlier this week, about the difficulties of patching network infrastructure.
I thought my colleague's response was such a good one I wanted to highlighted it here.
MFA really is one of the best things you can do to limit your threat surface.
In this episode of the Talos Takes podcast, we address the basics of implementing MFA in any environment, why any type of MFA is better than no MFA, the pitfalls of certain types of authentication, and whether going passwordless is the future.
This Cyber News was published on blog.talosintelligence.com. Publication date: Thu, 14 Dec 2023 12:43:04 +0000