Welcome to the May 2024 Threat Highlight Report.
This month's report covers a range of cybersecurity news, from law enforcement actions against cybercriminals to initiatives for secure software design. Dive into the latest trends in ransomware, hacktivism, and other notable highlights.
May report covers
- Emphasis on the importance of multi-factor authentication (MFA) in preventing cyberattacks, as demonstrated by the compromise of Change Healthcare due to a lack of MFA on a Citrix account.
- Organizational changes at Microsoft in response to security failures, such as tying senior executives' pay awards to prioritizing security over new features and partnering deputy CISOs with engineering teams.
- Ongoing law enforcement actions against cybercriminals, including the action against LockBit and the initiation of a secure-by-design pledge by the US government cybersecurity agency, CISA.
- Response to zero-day vulnerabilities in SSL VPN solutions, with Norway's NCSC recommending organizations to switch to more secure alternatives like IPSec IKEv2 VPNs or 5G data connections.
- Insights into AI security news, including research on how hackers are leveraging generative AI to enhance their offensive capabilities and strategies to defend against such attacks.
The key findings in the May 2024 Threat Highlight Report include:
- Ransomware Trends: The report highlights the compromise of Change Healthcare due to a lack of multi-factor authentication (MFA) on a Citrix account, emphasizing the importance of MFA in preventing cyberattacks .
- Organizational Changes at Microsoft: Microsoft has announced organizational changes in response to security failures, such as tying senior executives' pay awards to prioritizing security over new features and partnering deputy CISOs with engineering teams .
- Law Enforcement Actions: Law enforcement actions against cybercriminals, such as the ongoing action against LockBit and the initiation of a secure-by-design pledge by the US government cybersecurity agency, CISA, have been noted .
- Zero-Day Vulnerabilities in SSL VPN Solutions: CheckPoint's Firewall VPN gateways experienced a zero-day vulnerability, leading Norway's NCSC to recommend organizations to switch to more secure alternatives like IPSec IKEv2 VPNs or 5G data connections .
- AI Security: Research on how hackers are using generative AI to enhance their offensive capabilities and strategies to protect against such attacks have been highlighted in the report .
- Statistics and Summaries: Several companies have published reports on cybersecurity statistics and trends for 2023, providing insights into the evolving threat landscape.
Be Ahead of the Game!
Stay informed about the latest cybersecurity threats and trends by subscribing to WithSecure's monthly threat highlights report!
Our comprehensive report provides an overview of last month's cybersecurity news, the changing threat landscape, and relevant advice.
Don't miss out on valuable insights - fill out the form to receive our report now!