Threat Research Team Archives

Articles written by Adlumin’s Threat Research Team on emerging threats, industry stats, and defense tactics against cyberattacks.

Unmasking the Top Ransomware Groups of 2023

December 28, 2023/in Blog Post/by Adlumin Staff

Over the past year, the digital landscape has been a battleground for attacks cybersecurity threats, creating a sense of vulnerability and urgency for organizations. Adlumin’s dedicated threat research and Managed Detection and Response (MDR) teams have been at the forefront of detecting and combating these threats, witnessing firsthand the havoc they have wreaked across countless sectors.

With ransomware groups and adversaries still on the rise and continually refining their techniques, organizations must remain vigilant and prepared for the malicious activities that lie ahead.

As we enter the new year, we are shedding light on the top ransomware groups and emerging threats that demand our attention and resilience.

Ransomware Group Spotlights

BianLian

BianLian is a versatile cybercriminal group that has expanded its tactics beyond ransomware attacks. They employ advanced techniques such as customized malware, targeted phishing, and zero-day exploit usage. The group’s expertise is in evading antivirus systems and exploiting unknown software vulnerabilities.

The BianLian group is a serious threat and is an example of a ransomware group targeting organizations hoping to receive big payouts.

Read Adlumin’s latest Threat Insights 2023: Volume IV to learn more about two emerging threat actors and three critical vulnerabilities.

CL0p

Cl0p, also known as Clop, TA505, and FIN11, is a notorious ransomware group that is known for its advanced tactics and operations. They employ a ransomware-as-a-service (RaaS) model and utilize the double-extortion data disclosure tactic. Their motivation is financial gain through extorting organizations by encrypting their data and demanding ransom payments in exchange for its release.

Cl0p first emerged in 2019 as a variant of CryptoMix malware distributed through a large-scale phishing campaign. Over time, they have evolved into one of the most sophisticated and effective ransomware groups, frequently exploiting zero-day vulnerabilities to target and compromise numerous systems across the globe.

Read more about the CL0P ransomware group, trends, and developments in Adlumin’s Threat Insights 2023: Volume II.

LockBit

LockBit is a ransomware group that operates as a Ransomware-as-a-Service (RaaS) model. They provide other cybercriminals, known as “affiliates,” with their ransomware tools to spread and infect victims’ systems. LockBit’s main motivation is financial gain through extortion. They target organizations, particularly in professional services like manufacturing, construction, and technology, by accessing their networks and encrypting their data.

A ransom payment is demanded in exchange for the decryption key, threatening to leak the stolen data if the ransom is not paid. LockBit’s focus is mainly on small to medium-sized companies. However, they have also targeted larger organizations with victims in North and South America, with no clear regional pattern in targeting.

Adlumin’s Threat Insights: Volume I give an in-depth analysis of the latest trends and an overview of the effects and recovery from recent ransomware attacks.

Akira Ransomware

Akira ransomware is a relatively new malware that emerged in March 2023. The threat actors behind Akira ransomware employ various tactics, such as phishing campaigns and exploiting vulnerabilities in remote monitoring and management software, remote desktop protocol, and other remote access tools. They have also been reported to exploit vulnerabilities and compromised credentials in Cisco virtual private network (VPN) products.

The motivation of Akira ransomware threat actors is believed to be financial gain. Like most ransomware groups, they encrypt the victim’s files and demand ransom. These ransom payments are typically made in cryptocurrencies, making tracing and identifying the perpetrators harder.

Read more about Akira Ransomware and the examination from Adlumin’s threat research team in A Threat Actor’s Playbook: Behind the Scenes of Akira Ransomware.

PlayCrypt

Play ransomware has been a significant threat since its emergence in 2022, targeting numerous companies and government entities worldwide. This development of PlayCrypt being sold as a service means that PlayCrypt is now accessible to affiliates, essentially allowing a wider range of actors to launch highly effective attacks using this Russia-linked ransomware.

Affiliates could include skilled cybercriminals, less experienced “script kiddies,” and individuals with varying levels of expertise. This expansion may lead to a substantial increase in the frequency of attacks using Play ransomware.

Learn more about how Adlumin uncovered evidence that Play ransomware (PlayCrypt) is also being sold “as a service” in PlayCrypt Ransomware-as-a-Service Expands Threat from Script Kiddies and Sophisticated Attackers.

Top Industry-Specific Threat Spotlights

Legal Industry: Phishing

Phishing attacks have emerged as one of the legal industry’s top cybersecurity threats. These attacks target lawyers and law firms by deceiving individuals into revealing sensitive information such as usernames, passwords, and financial details. Given the substantial amount of valuable and confidential data law firms handle, they have become prime targets for cybercriminals.

Phishing attacks in the legal industry often take the form of scam emails, mimicking trusted sources like IT service providers, law enforcement agencies, or other professionals with whom lawyers regularly interact. These emails typically employ social engineering tactics to create urgency or manipulate emotions, tricking recipients into clicking on malicious links or downloading malware-infected attachments.

Adlumin’s latest Threat Insights Legal Edition report details top threats and access methods the legal industry faces.

Financial Industry: Credential Harvesting

Financial institutions are particularly vulnerable to credential harvesting attacks because they deal with large volumes of sensitive customer information and transactions. If cybercriminals successfully harvest credentials from bank customers, they can gain direct access to their accounts, potentially leading to financial losses for the customers and the institution.

These attacks typically start with creating fake websites that closely resemble legitimate banking or investment websites. These fake websites often utilize convincing branding, formatting, and domain names almost identical to the targeted companies. This mimicry is intended to deceive users into thinking they are logging into their actual financial accounts.

Read more about top threats and access methods the financial industry faces in Adlumin’s latest Threat Insights Financial Edition report.

Education Industry: Double Extortion

Double extortion ransomware has emerged as one of the biggest cybersecurity threats to the education sector. Cybercriminals employ this dangerous tactic to maximize their chances of profiting from malicious activities. Double extortion takes the already damaging effects of ransomware attacks to a whole new level.

In a traditional ransomware attack, cybercriminals encrypt the victim’s data, rendering it inaccessible until a ransom is paid. However, double extortion ransomware goes a step further. Instead of relying solely on encryption to extort money, cybercriminals also threaten to publicly expose or release the stolen data unless the ransom is paid.

Read more about how double extortion affects the education industry and mitigation strategies in Adlumin’s latest Threat Insights Education Edition report.

How Can You Stay Protected?

Organizations must prioritize their cybersecurity and take proactive measures to protect their sensitive data and networks. Adlumin’s Managed Detection and Response (MDR) service provides a solution to address the growing threat of ransomware and other cyber attacks.

Here are a few recommendations from Adlumin’s Threat Research Team:

Third-party risk management programs should be implemented to assess and monitor the security of vendors and suppliers, and to ensure they are adhering to the same security standards as the financial institution.
Implement application controls to manage and control the execution of software, including allowlisting access programs.
Adopting Zero Trust Architecture, developing and implementing a Zero Trust security architecture and model for your organization can dramatically reduce the risk of unauthorized access and lateral movement within networks. This involves verifying every user and device, regardless of location.
Multi-factor authentication should be implemented where possible to prevent unauthorized access if credentials are stolen.
All employees should be regularly trained in essential cybersecurity best practices, including social engineering identification, phishing, password security, re-use threats, and good browsing hygiene.

Adlumin’s Managed Detection and Response (MDR) Services combines advanced threat detection capabilities with a team of dedicated experts who monitor and respond to suspicious activities around-the-clock. By incorporating machine learning and AI, Adlumin can quickly detect and respond to potential threats before they cause significant damage. In addition to consistently monitoring ransomware groups’ latest trends and tactics, enabling organizations to stay ahead of their attackers.

Take the Tour

Discover how Adlumin’s Security Operations Platform paired with MDR Services empowers your team to effectively detect and respond to threats and lightens your team’s workload. Take the platform tour and elevate your organization’s visibility to new heights.

Experience Adlumin’s Platform Now

Staying Ahead with Threat Intelligence: Kevin O’Connor of Adlumin on How to Stay Informed and Agile About New Cyber Security Threats

December 14, 2023/in Articles/by Adlumin Staff

Adlumin's Threat Insights 2023: Adversary Trends and Recent Vulnerabilities

December 6, 2023/in Report/by Adlumin Staff

Explore Adlumin’s Threat Insights 2023: Volume IV, unveiling key trends and developments in threats, vulnerabilities, and cyberattacks across U.S. industries from September to November 2023. Download your copy today!

Play Ransomware Goes Commercial - Now Offered as a Service to Cybercriminals

December 5, 2023/in Articles/by Adlumin Staff

Play ransomware being sold as-a-service

December 5, 2023/in Articles/by Adlumin Staff

A Threat Actor’s Playbook: 2023 Cyberattacks on Caesars Entertainment and MGM Casinos

October 12, 2023/in Blog Post/by Ellen Loughlin

By: Max Bernal, Technical Content Writer, and Adlumin’s Threat Research Team

A Threat Actor’s Playbook: 2023 Cyberattacks on Caesars Entertainment and MGM Casinos is a part of Adlumin’s Threat Bulletin Series content series.

In early September 2023, Caesars Entertainment in Las Vegas experienced a major cyberattack. The threat actors used a combination of social engineering tactics and ransomware to breach the casino’s networks and steal sensitive data. On September 10, another gambling conglomerate, MGM Resorts International, experienced a cyberattack by threat actors in the ALPHV ransomware-as-a-service (RaaS) group. The two attacks cost the casinos millions of dollars in losses.

Caesars Entertainment Cyberattack

Caesars Entertainment’s SEC filing on September 7, 2023, stated that it had suffered a social engineering attack “on an outsourced IT support vendor used by the company.” The exact date of the cyberattack was not disclosed, nor who carried out the assault.

In the filing, Caesars also stated that the cyberattack did not impact customer-facing operations like slot machines, guest services, and other services but that among the data stolen, the threat actor(s) had acquired a copy of the loyalty program database, which included member driver’s license and Social Security numbers.

Caesars also disclosed that it had taken steps to “ensure that the stolen data [was] deleted,” alluding that it had paid a ransom. Numerous news outlets, including Bloomberg, reported that the company paid “tens of millions of dollars.”1 Other news outlets, including CNBC, reported that Caesars paid $15 million.2

The company did not provide specific details on how the social engineering attack was carried out or identify the cybercriminal(s) by name. However, numerous news reports published statements from sources “familiar with the matter” that pinned the attacks on a hacker group called Scattered Spider, also known as “Scattered Swine,” “Muddled Libra,” and UNC3944 (by Mandiant), which is likely affiliated with the ransomware group, ALPHV.

The threat actor group is known for its sophisticated social engineering techniques and the ability to target and bypass Okta login security services.

MGM Resorts International Cyberattack

On September 12, 2023, MGM Resorts International issued a statement via PR Newswire stating that it had “identified a cybersecurity issue affecting the company’s systems.”3 MGM also stated that it had notified law enforcement to help protect networks and data, including by “shutting down certain systems.”

According to the Associated Press, MGM began experiencing disruptions on Sunday, September 10,4 and its reservations website was down that day. Soon after, numerous other media outlets reported that slot machines were out-of-service or were displaying errors across MGM-owned casinos, including at the MGM Grand, Bellagio, Aria, Mandalay Bay, Delano, Cosmopolitan, New York-New York, Excalibur, and Luxor. In addition, it was reported that thousands of guests had to wait in long lines for hotel check-ins and that credit card point of sales systems were down, forcing guests to pay cash.5

However, some of the same news outlets published statements from unvetted sources citing that the attack on MGM was carried out by the “same threat actors” that attacked Caesars Entertainment, Scatted Spider. On September 14, the ransomware-as-a-service (RaaS) group ALPHV issued a rare statement claiming sole responsibility for the attack and condemned news media and cybersecurity firms for publishing “false” and “unsupported” details on the attack.

“The ALPHV ransomware group has not before privately or publicly claimed responsibility for an attack before this point. Rumors were leaked from MGM Resorts International by unhappy employees or outside cybersecurity experts prior to this disclosure. Based on unverified disclosures, news outlets decided to falsely claim that we had claimed responsibility for the attack before we had,” part of the statement read. “Tech Crunch & others: neither you nor anybody else was contacted by the hacker who took control of MGM. Next time, verify your sources more thoroughly, or at the very least, give some hint that you do.”

In an earlier version of the statement, ALPHV had also distanced itself from the Twitter/X account, “vx-underground,” which had published a post on September 12 stating that the attack was carried out by looking up employee information on LinkedIn and that a 10-minute phone call to the company’s help desk was all it took to “defeat” the multi-million-dollar company.

Numerous news media erroneously believed the threat actors had published the post to explain how they gained access to the MGM networks and used it in their reporting.

1. Screen capture of the 9/12/2023 post published by vx-underground.

At some point, ALPHV removed the reference to “vx-underground” and issued another update:

“As of September 16, 2023, we have not spoken with journalists, news organizations, Twitter/X users, or anyone else. Any official updates are only available on this blog. You would think that after the tweet below, people would know better than to believe anything unreliable they would hear about this incident. If we talk to a reporter, we will share it here. We did not and most likely won’t,” ALPHV wrote.

The Adlumin Threat Research Team cannot confirm what tactics ALPHV used to break into MGM servers nor provide more details on the attack until MGM discloses what transpired.

According to ALPHV’s statement, the group was able to deploy ransomware once inside MGM’s network, encrypting about 100 ESXi hypervisors at the onset of the attack. The group also alluded to targeting the casino’s Okta services.

MGM operations resumed normal customer-facing operations on September 20. According to news reports, MGM lost about $8 million each day its servers were down, which adds up to $40 million.6

Adlumin contacted MGM for more details on the attack, but the company only referred us to their original September 12 statement.

Recommendations

How to Protect Yourself from Social Engineering

Verify

In Caesars Entertainment’s case, a simple vishing tactic, where a cybercriminal attempts to obtain information via phone call, was used to impersonate a legitimate employee and request a password reset. How? While the exact details are still unclear, we can surmise that personally identifiable information (PII) was obtained by the threat actors and used to reset an account.

An organization’s IT or cybersecurity department should verify an individual’s identity using information that cannot be found on social platforms, such as a unique company-issued ID, and not just a full name and date of birth, for example. If the individual calling can provide you with all the correct information, you may need to think outside the box; what are the circumstances surrounding this issue? Is the caller experiencing the issue they’re asking about? For example, if the caller asks for a password reset due to an ‘account lockout,’ you should verify that the account is locked out before proceeding with assistance. Most organizations have a form of internal communications platform used for employee-to-employee messaging and the like. Some organizations even have a call roster with the employee’s personal number. Therefore, give the employee a quick call to verify that the individual is contacting you.

Training

Training is the most crucial defense against social engineering tactics. With incidents happening daily, remaining vigilant is essential. However, mere vigilance is not enough; frequent proactive security awareness training is vital to mitigate this type of threat. By consistently providing training, users gain a deeper understanding of the risks and measures to counter social engineering attacks.

This continuous education keeps cybersecurity at the forefront of their minds, ensuring they are better equipped to identify and respond to potential threats. Employing various training techniques and approaches helps to reinforce key principles and enhance overall cybersecurity proficiency among users. By prioritizing proactive cybersecurity awareness programs, organizations can establish a culture of security awareness and significantly reduce the propensity for successful social engineering attacks.

How Adlumin Can Help Protect Your Organization

Proactive Security Awareness: Adlumin offers a managed Proactive Security Awareness Program, which, as stated previously, is the best defense to counter social engineering tactics. Adlumin will develop and run monthly customized phishing simulations to educate and equip your users on how to identify phishing attempts. Learn more here.

Illuminate Threats and Eliminate Risks

Learn more about how Adlumin’s Managed Detection and Response Services and Security Operations Platform can empower your team to illuminate threats, eliminate cyber risk, and command authority. Contact us today, schedule a demo, or sign-up for a free trial.

Stay Informed

Subscribe to Adlumin’s blog series and gain access to actionable advice and step-by-step guides from cybersecurity experts. Join our community and be part of the frontlines against cyber threats.

A Threat Actor's Playbook: Behind the Scenes of Akira Ransomware

September 7, 2023/in Blog Post/by Ellen Loughlin

By: Adlumin Threat Research and MDR Teams

Adlumin’s Threat Bulletin Series

A Threat Actor’s Playbook: Behind the Scenes of Akira Ransomware is a part of Adlumin’s Threat Bulletin Series content series.

In the world of cybercrime, a new player continues to rise: Akira Ransomware. With historical evidence pointing towards nation-state sponsorship, particularly from Chinese Advanced Persistent Threat (APT) groups, this insidious malware has been targeting businesses in the supply chain. However, what sets Akira apart is its focus on smaller tech companies and startups, which are often backed by wealthy investors and at the forefront of technological innovation.

Insights

Historical attack indicators point to nation-state-sponsored groups such as Chinese Advanced Persistent Threat (APT) groups using the new Akira ransomware to target businesses in the supply chain.
Adlumin has observed that Akira ransomware has been used against smaller tech companies/startups since it debuted in March. These firms tend to develop innovative solutions using the latest technology and often have the backing of wealthy investors – all valuable information in the dark web.
Some of the IP addresses involved in an attack that Adlumin recently investigated were registered to Alibaba Cloud, a subsidiary of Alibaba Group, making the connection to Chinese APTs stronger.
Akira ransomware gains access through various attack vectors, including phishing campaigns and exploiting vulnerabilities in remote monitoring and management software (RMM). Notably, the actors behind these attacks also target vulnerabilities in VPN products, again hinting at potential involvement from Chinese APTs who have historically leveraged exploitation through VPNs.
Akira ransomware utilizes various tools and techniques, including the use of distinct tools during operation and the encryption mechanisms used to generate and safeguard encryption keys.

Disrupting the Technology Sector

With the recent targeting of yet another American technology startup in a cyberattack last week, cybersecurity analysts at Adlumin are now considering a crucial question: Could nation-state-sponsored groups potentially be utilizing the Akira ransomware to disrupt the supply chain?

Newcomer malware, Akira ransomware, continues to impact mid-market entities in the utility, construction, manufacturing, education, and transportation sectors, not just in the U.S. but also in countries like Sweden, Australia, Argentina, Japan, and others.

The threat actors behind these attacks have been increasingly targeting smaller tech companies and software makers of IT solutions aimed at educators, office administrators, consultants, entrepreneurs, and even hobbyists.

Akira ransomware attack victims in the IT sector include Cequint, Wilcom, GC&E, WTI Western Telematic, Computer Information Concepts, and Optimum Technology.

The recent Akira ransomware incident examined by Adlumin’s Managed Detection and Response (MDR) analysts also targeted a firm within the IT industry. The malicious actors employed typical tactics, techniques, and procedures (TTPs) like brute force attacks, lateral movement, and credential theft. Nevertheless, indications suggest the potential involvement of a significantly larger entity in these breaches. This assumption stems from the historical behavior of advanced persistent threats (APTs), which often disrupt the supply chain by targeting small enterprises.

Vectors and Exploitation

Akira ransomware made its debut in the malware landscape in March 2023. Since then, threat actors have been using methods like phishing campaigns, exploiting vulnerabilities in remote monitoring and management software (RMM), remote desktop protocol (RDP), and tools like RustDesk for remote access. There have also been recent news reports about threat actors using vulnerabilities and compromised credentials in Cisco virtual private network (VPN) products as additional ways of carrying out attacks.

Adlumin MDR analysts theorize that threat actors behind last week’s attack infiltrated the victim’s network through their VPN due to the numerous VPN events detected by the Adlumin Security Operations Platform in the initial stages of the attack.

Analysts also found that numerous IP addresses used by the threat actors in the attack were registered to Alibaba Cloud, a subsidiary of the Chinese conglomerate Alibaba Group. Researchers at RSA have previously found that Chinese APTs frequently use VPNs and VPN tunneling as a tactic for exploitation and to hide their tracks and exfiltrate data. Furthermore, upon review of network data logs, numerous destination ports during the attack were to servers in China. However, other destinations included servers in Singapore, Paris, Russia, and even cities within the U.S., such as Los Angeles.

Lateral Movement

Once in the networks, the malicious actors initiated lateral movement — compromising hosts running Windows Servers 2012, 2016, and 2019.

Akira ransomware distinguishes itself by its ability to exploit vulnerabilities in Linux systems, marking a departure from conventional ransomware. Research indicates that attacks on Linux machines surged by 75 percent in 2022.

Notably, two endpoints running Ubuntu Bionic Beaver 18.04.6 LTS and Ubuntu 18.04.03 LTS were indeed targets of the attack.

Data Deletion and Exfiltration

Threat actors escalated tactics using PowerShell commands to delete shadow copies with “Get-WmiObject Win32_Shadowcopy | Remove-WmiObject.”

Threat actors then moved to file encryption. MDR analysts identified encrypted files marked with the “.akira” extension, such as “foo.doc.akira.” Additionally, an accompanying ransom note named “akira_readme.txt” was discovered.

Adlumin MDR analysts suggested that the data theft might have occurred using DNS, a method commonly employed by APTs to minimize detection. This technique involves breaking down the stolen data into smaller encrypted chunks, which are then sent to external servers using UDP instead of TCP. The exact amount of data taken in the attack is still unknown, and the investigation is ongoing.

Akira Ransomware Analysis

The following is an analysis of the Akira Ransomware from Adlumin’s Threat Research Team with supportive information from other sources (listed at the end of this section).

Attack Process: The incursion initiates when an instance of the Akira ransomware is activated. Upon execution, the ransomware eliminates Windows shadow volume copies on the targeted device. Subsequently, the ransomware encrypts specific file types with predetermined extensions. It modifies each encrypted file’s name by adding the ‘.akira’ extension during this encryption procedure.

During encryption, the ransomware halts active Windows services using the Windows Restart Manager API to ensure an uninterrupted encryption process. It focuses on encrypting files within various hard drive directories, excluding certain folders like program data, recycle bin, boot, system volume information, and Windows folders.

Notably, Windows system files with extensions such as .sys, .msi, .dll, .lnk, and .exe remain untouched to maintain system stability. In most infiltration cases, unauthorized parties exploit compromised credentials to gain initial entry to the victim’s environment.

It is noteworthy that a significant number of victim organizations did not enable multi-factor authentication (MFA) for their VPNs. The source of the compromised credentials is uncertain, but it is plausible that threat actors acquired access or credentials from illicit sources on the dark web.

Toolset: Upon obtaining initial access, the Akira ransomware employs a distinct variety of tools, including PCHunter, Advanced IP Scanner, AdFind, SharpHound, MASSCAN, Mimikatz, LaZagne, AnyDesk, Radmin, Cloudflare Tunnel, MobaXterm, Ngrok, WinRar, WinSCP, Rclone, FileZilla, and PsExec.

During operation, the ransomware generates a symmetric encryption key using the CryptGenRandom() function, a Windows CryptoAPI random number generator. The symmetric key undergoes further encryption using the RSA-4096 cipher and is appended to the end of the encrypted file. The specific public key used is hardcoded within the ransomware’s binary code and varies across different instances.

Malware Analysis Supportive Sources:

Conclusion

There could be many reasons why APTs may be going after smaller, lesser well-known IT companies. Among these is the prospect of acquiring intellectual property, particularly considering that these startups may be developing new technology that holds significant value in the dark web.

Perhaps threat actors are looking for information on how these companies are funded, including names of investors who could potentially become targets of future spear and whale phishing campaigns.

Whatever the case may be, adversaries are finding that these IT firms have weaker network security than tech giants and thus become easy targets for their aggressive attacks.

Akira Ransomware Indicators of Compromise (IOCs)

Hashes

431d61e95586c03461552d134ca54d16
af95fbcf9da33352655f3c2bab3397e2
c7ae7f5becb7cf94aa107ddc1caf4b03
d25890a2e967a17ff3dad8a70bfdd832
e44eb48c7f72ffac5af3c7a37bf80587
302f76897e4e5c8c98a52a38c4c98443
9180ea8ba0cdfe0a769089977ed8396a68761b40
1d3b5c650533d13c81e325972a912e3ff8776e36e18bca966dae50735f8ab296

Summer 2023: Uncovering Cyber Threats in Education

September 7, 2023/in Blog Post/by Ellen Loughlin

By: Brittany Demendi, Corporate Communications Manager

With classes now back in session, the education sector continues to face unique cybersecurity challenges due to its diverse user base, limited IT resources, and increasing adoption of Chromebook and other devices.

Adlumin’s Threat Research Team uncovers double extortion ransomware as one of the leading threats against educational institutions. This type of attack focuses on hackers encrypting data and threatening to leak it. Threats like this put educational institutions at risk of emotional distress, privacy loss, and legal consequences.

To better understand the cybersecurity challenges and emerging threats facing the education sector, download Cyber Threat Insights: Education Edition. This report provides valuable insights into the risks faced by educational institutions and emphasizes the importance of investing in proper cybersecurity measures to protect sensitive data and safeguard against cyberattacks.

Don’t wait until it’s too late – take the necessary steps to protect your enterprise network by learning more about the challenges and solutions in the education sector.

Learn More

Summer 2023 Threat Insights: Unlock the Latest Cybersecurity Trends

August 31, 2023/in Blog Post Brittany Demendi/by Ellen Loughlin

By: Brittany Demendi, Corporate Communications Manager

Protecting your IT environment from cyberattacks is more crucial than ever. Adlumin’s Cyber Threat Insights: Summer 2023 provides a comprehensive overview of the latest threats and vulnerabilities. Revealing a concerning 20% surge in security threat detections, highlighting the increasing frequency of cyberattacks on organizations.

Not only are these threats becoming more frequent, but their severity is also escalating, with a higher percentage of critical ‘High’ severity detections compared to previous periods. It is essential for organizations to stay one step ahead of these evolving threats. Adlumin’s Cyber Threat Insights emphasizes the importance of leveraging Security Orchestration and Automated Response solutions, which have seen a 30% increase in use.

By downloading Adlumin’s Cyber Threat Insights: Summer 2023, you will gain valuable insights into the latest trends and developments and actionable recommendations to enhance your proactive defense strategies and mitigate cyberattack risks.

Don’t wait until it’s too late – take the necessary steps to protect your enterprise network.

Learn More