Cybersecurity

CrowdStrike has posted a blog detailing a newly identified phishing campaign where threat actors have been observed posing as popular cybersecurity providers in order to gain a victim’s trust and access their computers. This campaign is what CrowdStrike labels a “callback phishing” campaign, as the victims are expected to call the number provided by the threat actors in order to be persuaded into installing a remote access tool (RAT) on their machine by a false customer service representative.

Organizations spend an extensive amount of time and money ensuring they are protected from cyber threats. However, organizations with robust cybersecurity defenses are still being compromised through their supply chains, demonstrating that you are only as strong as your weakest link. A survey from the polling agency Opinion Matters found that 97 percent of organizations have been negatively affected by a cybersecurity incident occurring in the supply chain. Organizations looking to strengthen their supply chain should consider utilizing a third-party risk management (TPRM) tool.

The Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Department of the Treasury recently published a joint Cybersecurity Advisory (CSA) providing information on Maui ransomware, which has been utilized by North Korean state-sponsored cyber actors since at least May 2021 to target Healthcare and Public Health (HPH) Sector organizations.

Seemingly everyday a new vulnerability or malware appears in the news heralding a new threat. However, despite the rise in cyber vulnerabilities and malware, humans remain the primary vector through which organizations are attacked and compromised. Thus, one of the most effective ways to manage this risk is to conduct frequent security awareness training courses. Awareness training helps cybersecurity professionals better manage human risk by altering how employees think about cybersecurity and teaching them to carefully consider their behaviors.