In this weekly Threat Intelligence Brief we look back at top stories and security related callouts to provide relevant and actionable insights for the information security consumer.
We reference threat intelligence gained through our position as a security provider as well as industry sources in the development of this brief.
In this edition:
Microsoft Teams phishing alerts
2024 Ransomware Landscape
Generative AI security with Microsoft Purview
CISA KEV updates
Microsoft Teams phishing alerts
Microsoft will be rolling out a brand impersonation protection feature for Teams chat in February. The features aim is to detect and alert on suspected phishing attacks targeting organizations that have enabled external Teams access. This method of phishing via Teams chat has been highlighted recently as a tactic used by prominent threat actors in active ransomware campaigns. Here's a scree
The feature will warn the user if the communication is suspected to be impersonation as seen here:
As always, educating your users to be wary of unexpected communications is a great way to help combat this threat. The impersonation feature will be automatic and requires no admin configuration.
Source: Microsoft
2024 Ransomware Landscape
Rapid7 recently released a report on the ransomware landscape from 2024. Here are some of the key stats:
- Total number of leak site posts: 5,939
- Number of active ransomware groups: 75
- Average number of active groups per month: 45
- Average ransom payment in Q3 2024: $479,237
- Median ransom payment in Q3 2024: $200,000
- Median percentage of companies that pay: 32%
With a seemingly low barrier for entry to groups wanting to get involved, this threat remains top of the list and will continue to grow for the foreseeable future. Average hypothetical revenue across the top 10 ransomware groups is estimated to be around $19,136,000 USD for the year. Here's a graphic provided by Rapid7 that details the names and number of leaked site posts per group:
Several key top-level strategies provided in the report to help combat this threat include:Defense in
- Depth - User awareness training and robust patching to strict access control and secure backups
- Threat Intelligence - Monitor emerging ransomware groups and tactics
- Commanding Your Attack Surface - Regular scanning, real-time monitoring and holistic patch management
Generative AI security with Microsoft Purview
Microsoft's security blog recently highlighted the use of Purview to help secure generative AI. The post authored by Steve Vandenberg, lists the Purview solutions that can help achieve this vital goal:
- Microsoft Purview Data Security Posture Management for AI
- Microsoft Purview Information Protection
- Microsoft Purview Data Loss Prevention
- Microsoft Purview Communications Compliance
- Microsoft Purview Insider Risk Management
- Microsoft Purview Data Lifecycle Management
- Microsoft Purview Audit and Microsoft Purview eDiscovery
- Microsoft Purview Compliance Manager
Each solutions offers a way to address concerns over data oversharing, data leaks, and compliance risks. While the number of solutions is relatively large, the post provides detailed short term steps to help you on the journey. With the topics of data risk and compliance at the forefront of many organizations conversations, it may also be beneficial to engage a SME when it comes to Purview.
Source: Microsoft Security Blog Microsoft PurviewCISA KEV updates
CISA has added 1 new CVE to their Known Exploited Vulnerability (KEV) catalog this week:
Don't know where to begin with vulnerability management?
Using CISAs KEV catalog as a risk-based approach can be a great way to help prioritize vulnerability remediation in your organization. This link provides guidance on how to implement the KEV CISA.
Source: Known Exploited Vulnerabilities Catalog | CISA
Coretek's managed SOC/SIEM customers benefit from the latest threat intelligence. If you're interested in learning more about what Coretek can offer your organization, please reach out: https://coretek.com/contact