Blog
Blog
Threat Sources, Vulnerabilities, and Incidents – part 2
System Vulnerabilities and Predisposing Conditions Security controls must provide clear identification of the systems they apply to. These systems can vary greatly in size, scope, and capability. On the smaller end, a system could refer to an individual...
VOLT TYPHOON – ‘Living of the Land’ – Tactics, Technics and Procedures
On the 23rd of May CISA, with a number of other Cyber Security agencies, issued a joint Cybersecurity advisory to highlight a recently discovered cluster of activity of interest associated with a People’s Republic of China (PRC) state-sponsored cyber actor,...
Threat Sources, Vulnerabilities, and Incidents – part 1
Several terms are used to describe the inter-related concepts of threat, threat source, threat event, and incident. A threat is any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image,...
The Impact of the Russia-Ukraine Conflict on the Cybercrime Ecosystem
The Russia-Ukraine conflict, which began in 2014, has had a profound impact on various aspects of society. One such area significantly affected is the global cybercrime ecosystem. The conflict has not only intensified cyber operations between the two nations...
Distributed Control Systems Defense in Depth Implementation
The application of a defense-in-depth strategy is highly beneficial in OT (Operational Technology) environments as it allows for a concentrated focus on safeguarding critical functions. The principles of defense-in-depth are adaptable and can be effectively...
Ransomware Trends
Imposing cost on ransomware threat actors During the years 2021 and 2022, numerous governments recognized the significance of ransomware as a major threat to national security. In response, they implemented a range of measures, encompassing both legal and...
SCADA Systems Defense in Depth Implementation
An OT (Operational Technology) system typically comprises multiple control loops, human-machine interfaces, and remote diagnostics and maintenance tools. The system is constructed using various network protocols on layered network architectures, and critical...
Hackers for Hire
The market for Access-as-a-Service remains open for state actors to utilize The category of threat actors known as "hacker-for-hire" consists of entities within the "Access-as-a-Service" (AaaS) market, which mainly consists of companies offering offensive...
Cybersecurity Architecture Considerations
When designing a security architecture to support OT and IIoT environments, it is important for organizations to take into account various factors such as cybersecurity safety, system availability, distributed systems across geographic locations,...
Cybercriminals on Cloud 9
Widespread cloud adoption provides attack opportunities for cybercriminals The COVID-19 pandemic has expedited the adoption of cloud-based services to facilitate the business processes of organizations. As cybercriminals tend to keep up with the latest...