Leverage unparalleled research to make smarter, faster business decisions

Close Encounters in the Insurance Sector

The CISO’s Playbook: Stay Ahead of Friday Breach Effects

SecurityScorecard examined four years of data breach reports to uncover discovery trends for every day of the week. Here’s your Friday Breach Effect Report.

Proactive Security Measures for Global Maritime Shipping

New research from SecurityScorecard analyzed the cybersecurity health of 100 global shipping container companies and found that high severity cyber vulnerabilities pose a significant risk to U.S. maritime security and major supply chain risks. Read more in the report here, including what the industry can do to combat these issues.

A Deep Dive into Avos Locker Ransomware

AvosLocker is a ransomware-as-a-service (RaaS) group that appeared in 2021. The malware can run with one of the following parameters: “--help”, “--path”, “--disabledrives”, “--hide”, “--threads”, “--enablesmb”, “--brutesmb”, and “--nomutex.” The ransomware kills a list of targeted processes, deletes all Volume Shadow Copies using two commands, and clears all Windows event logs. The binary can target the logical drives as well as network shares by specifying proper arguments.

Managing Third-Party Risk In The Era Of Zero Trust

Given such a large expansion of attack surface, it is no surprise that 91%of respondents had experienced a security incident during the past 12months that tied back to one of those third parties. That ubiquitous threat is likely why respondents by and large expressed some level of concern with experiencing another breach or falling out of compliance due to a partner vulnerable to attacks

Cybersecurity and Executive (dis)Orders: Cognitive and Systemic Risk in the Boardroom

This Board Risk Report focuses on what boards of directors can do to understand the nature of cognitive and systemic risk, their impact at the board level, better understand the unique dimensions of cyber risk, and understand emerging principles for modern cybersecurity governance

Close Encounters in the Public Sector

SecurityScorecard and the Cyentia Institute recently teamed up to analyze data collected on over 230,000 organizations for clues about the underlying conditions exacerbating third- and fourth-party risk. We measured the extent of digital supply chains, investigated the prevalence of security incidents among third- and fourth-party vendors, and explored the effects of that exposure to gain insights on better managing risk. This document summarizes key findings from that research using a subset of the data focusing on 7,347 public sector organizations.

Cyber Risk Intelligence: Iran-Linked Attack on U.S. Water Treatment Facility

On November 25, a U.S. municipal water authority confirmed that one of its booster stations had suffered an attack by a threat actor group known as CyberAv3ngers, which analysts believe acts in support of Iranian geopolitical interests.

Cyber Risk Intelligence: Idaho National Laboratory Data Breach

On November 20, a spokesperson for Idaho National Laboratory (INL) confirmed that it had suffered a data breach. The confirmation followed the SiegedSec threat actor group’s circulation of claims that it had “accessed hundreds of thousands of user, employee and citizen data” on social media and hacking forums.

Japan’s Nikkei 225 Index: The State of Cybersecurity in Japan

This research presents an analysis of the cybersecurity landscape of the Nikkei 225 index. Companies were ranked based on various factors, such as network security, potential malware exploits, and patching cadence.

North Korean State-Sponsored Cyber Attack: Unveiling the Intricacies of Threat Actor Group Andariel

This SecurityScorecard threat research sheds light on a significant cyber attack attributed to North Koreans tate-sponsored actors known as Andariel, emphasizing the critical role that South Korea plays both as a target and a source of infrastructure for these threat actors.

Energy Sector Cybersecurity Report: Navigating Third-Party Cyber Risk

SecurityScorecard threat researchers have identified that 90% of the world’s largest energy companies experienced a third party breach in the past 12 months. Fueling the global economy and daily life, reliance on the energy sector elevates it as a prime target for cyberattacks.