< ciso
brief />
Threat and Trends Reports Banner

All news in category “Threat and Trends Reports

1641 articles · page 22 of 83

Most UK CNI Firms Face Up to £5m OT Downtime Costs

🔒 A survey by e2e-assure of 250 UK critical national infrastructure (CNI) cybersecurity decision-makers found 80% of organisations expect operational technology (OT) downtime costs between £100,000 and £5m, with 23% reporting incidents exceeding £1m and 6% above £5m. Nearly two-thirds said they fear nation-state attacks, and the vendor warned attackers commonly pivot from IT into exposed OT environments. Respondents also highlighted limited OT visibility and supply-chain risks that hinder detection, response and remediation efforts.
read more →

CrystalRAT malware adds RAT, stealer, and prankware features

🔒 A new malware-as-a-service called CrystalRAT (also marketed as CrystalX) has been active since January and is being promoted on Telegram and a dedicated YouTube channel, offering remote access, data theft, keylogging, clipboard hijacking and an extensive set of prankware functions. Kaspersky researchers found strong similarities to WebRAT (Salat Stealer), noting a Go-based codebase, matching panel design and a bot-driven sales system; the kit includes a builder, geoblocking, executable customization and anti-analysis protections. Payloads are zlib-compressed and ChaCha20-encrypted, connect to C2 over WebSocket, and the RAT supports CMD execution, VNC-backed remote control, audio/video capture, streaming keylogging and a clipboard clipper; the infostealer component targeting Chromium-based browsers and desktop apps is currently being upgraded. Users should avoid untrusted downloads and apply standard endpoint protections to reduce infection risk.
read more →

Seven Backup Priorities to Strengthen Business Resilience

🔒 Backup is now the backbone of business resilience, not just an IT routine. The article presents seven priorities—data prioritization, off-site and immutable copies, automated RPO/RTO, realistic recovery testing, SOC integration, and scalable playbooks—to reduce downtime and ransomware risk. It advocates a modern 3-2-1 approach with immutable cloud copies and daily automated recovery verification. N-able’s Cove Data Protection is cited as an example of a cyber-resilient solution.
read more →

5 Steps to Break Free From Alert Fatigue, Build Resilience

🔔 This article distills five practical steps to move SOCs from alert fatigue to measurable business resilience, based on the 2026 N-able State of the SOC Report. It explains why volume-focused metrics fail, highlights that 90% of investigations are automatable, and shows how AI-driven correlation and SOAR can reclaim analyst time. The guide emphasizes layered defenses and playbooks designed to contain incidents quickly and preserve uptime.
read more →

Five Critical Steps to Strengthen Endpoint Security

🔒 Business resilience begins at the endpoint. Drawing on N-able SOC data, the article highlights that over 900,000 alerts were processed between March and December 2025 and that 18% originated from network and perimeter exploits—threats many endpoint-only tools missed. It prescribes continuous asset visibility, standardized secure configurations, automated patching and remediation, EDR for behavioral detection and response, and integrated backup and recovery to minimize downtime.
read more →

Six Critical Mistakes That Undermine Cyber Resilience

⚠️Silos between endpoint, SOC, and backup teams increase incident impact and slow recovery. The article identifies six common failures—unclear roles, fragmented asset and risk views, mismatched policies, disconnected tools, absent cross-team drills, and siloed metrics—and offers concrete fixes. Build a unified RACI, consolidate inventories and logs, align retention and playbooks, integrate EDR/SOC/backup workflows, run joint simulations, and measure resilience with shared KPIs. N-able is presented as a vendor that unifies management, security operations, and data protection to enable automation, faster detection, and safer recovery.
read more →

Six Operational Metrics for IT Business Resilience

🔒 IT leaders must track six operational metrics to sustain business resilience as threats scale and boards demand measurable outcomes. Drawing on the 2026 N-able State of the SOC Report, the piece highlights MTTD, MTTR, time to recover, endpoint patch compliance, asset and identity coverage, and downtime avoided as core indicators. It shows how automation, integrated platforms, and continuous visibility convert metrics into actionable defense, faster containment, and demonstrable business value.
read more →

Five Critical Steps to Achieve Business Resilience

🔒 The 2026 State of the SOC Report, based on more than 909,000 alerts observed via the Adlumin MDR at the N-able SOC between March and December 2025, lays out five practical steps to preserve operations when attackers strike. It urges layered, defense-in-depth designs that combine identity, endpoint, network, cloud, and perimeter visibility rather than relying on single-point solutions. The guidance highlights automation and SOAR to move containment and remediation to machine speed, modernized endpoint and ITDR identity controls to detect credential abuse, validated immutable backups to enable rapid recovery, and rigorous oversight of AI-driven processes to manage emerging attack surfaces.
read more →

CrystalX RAT: Prankware MaaS with Full Spy Tools and Theft

🛡️ Kaspersky researchers discovered CrystalX, a subscription-based Remote Access Trojan promoted on Telegram and YouTube that mixes disruptive "prank" capabilities with robust theft and surveillance features. The Trojan can rotate screens, swap mouse buttons, block keyboard input, display arbitrary messages, and disable system utilities, while also stealing credentials, hijacking clipboards to redirect crypto, logging keystrokes, and accessing screen, camera and microphone. Builds are uniquely encrypted per customer and include anti-analysis checks, complicating detection, and Kaspersky products detect and neutralize the threat. Users should avoid pirated software, be cautious with messaging attachments, enable 2FA, keep systems updated, and run reputable security solutions.
read more →

AI Is Changing App Threats Faster Than Teams Can Adapt

🔒 AI-driven changes in web applications and APIs are outpacing traditional controls, creating large visibility and detection gaps. The 2026 Web Application Security Report, based on a global survey of over 800 security professionals, finds only 29% confidence in overall application security and just 15% for AI-integrated apps. FortiAppSec Cloud is presented as an integrated platform combining WAF, API protection, bot mitigation, and application security services to provide shared telemetry and consistent enforcement across dynamic, service-generated traffic.
read more →

Legitimate Access Drives Modern Intrusions, Report Says

🔐 Blackpoint Cyber's 2026 Annual Threat Report finds that routine, legitimate access paths — not software exploits — increasingly enable intrusions. Across thousands of 2025 investigations, SSL VPN abuse (32.8%) and misuse of legitimate RMM tools (30.3%) were dominant initial access vectors, with ScreenConnect implicated in most rogue RMM cases. Social-engineering campaigns such as fake CAPTCHA and ClickFix-style prompts drove 57.5% of incidents, while Adversary-in-the-Middle phishing facilitated session reuse after MFA in about 16% of cloud compromises. The report urges treating remote access as high-risk and strengthening inventories, installation controls, and conditional access to reduce these blended, legitimate-looking intrusions.
read more →

Venom Stealer MaaS Automates Continuous Credential Theft

🔐 Venom Stealer is a malware-as-a-service platform that automates credential harvesting and continuous data exfiltration, marketed on cybercrime forums with subscriptions from $250/month to $1,800 for lifetime access. Researchers at BlackFog report the product integrates ClickFix social-engineering templates into its operator panel, enabling attackers to orchestrate fake Cloudflare CAPTCHAs, update prompts and other lures that trick users into executing payloads. Once active the stealer persistently monitors Chromium- and Firefox-based stores for new credentials, harvests cookies, autofill, browsing history and wallet data, and forwards information to GPU-backed cracking and automated transfer systems.
read more →

Attackers Exploiting Trusted Tools: Why You Miss It

⚠️ Attackers increasingly bypass classic defenses by abusing trusted, built-in tools such as PowerShell, WMIC, and Certutil to move laterally, escalate privileges, and maintain persistence without dropping new malware. These Living Off The Land (LOTL) techniques mimic routine admin tasks and produce minimal alerts, creating stealthy blind spots for detection-focused teams. A data-driven Internal Attack Surface Assessment reveals unnecessary access, maps realistic attack paths, and prioritizes low-impact remediations so organizations can harden systems without disrupting workflows.
read more →

A Taxonomy of Cognitive Security and Reality Pentesting

🧠 Bruce Schneier highlights K. Melton’s recent framework on cognitive security, cognitive hacking, and “reality pentesting.” Melton organizes cognition into five architectural layers—sensory interface, neurocompiler, mind kernel, the mesh, and cultural substrate—and shows how fast, unconscious processes (Kahneman’s System 1) create exploitable backdoors. The taxonomy frames human perception as an IT-like attack surface and suggests practical implications for testing, defense, and threat modeling.
read more →

78% of UK Manufacturers Suffer Serious Cyber Incidents

🔒 New ESET polling of 500 senior IT, OT, operations, risk and security leaders shows 78% of UK manufacturers experienced a serious cyber incident in the past year. Most (95%) saw direct business impact and 53% reported financial losses, with supply chain disruption and missed commitments common. Respondents flagged AI-enabled attacks as the top production threat, yet only 22% assign cyber accountability to the board.
read more →

Managing digital assets after death: risks and guidance

🔒 Digital assets left after death — from emails and social media to passwords and crypto wallets — can complicate an already traumatic time for families and create new fraud opportunities. The legal landscape is fragmented: RUFADAA in the US, a proposed UK bill and ELI efforts in Europe offer partial solutions, but platform policies remain inconsistent. Practical steps include creating a digital inventory, appointing legacy contacts (e.g., Facebook/Instagram Legacy Contact, Google Inactive Account Manager, Apple Digital Legacy) and using emergency access features in password managers. Also file tax returns, place deceased alerts on credit reports, cancel subscriptions, and be wary of scams targeting grieving relatives.
read more →

Rethinking Human Risk: Awareness Isn't a Control, Period

🔒 Organizations frequently treat security awareness training as a control, but this article contends it is primarily a cultural measure that cannot guarantee consistent outcomes. While training and phishing simulations reduce risk at the margins, they do not eliminate human variability or stop sophisticated business email compromise, credential harvesting, and modern MFA bypass techniques. The author recommends engineering systems to assume human fallibility—through phishing-resistant authentication, enforced financial controls, continuous identity telemetry, and real-time anomaly detection—so a single mistake cannot cause material harm.
read more →

Critical Infrastructure Threats: Identity, Persistence

🔐 Microsoft Threat Intelligence warns that the cyber threat to critical infrastructure has shifted from opportunistic data theft to long-term, identity-driven persistence aimed at operational disruption. Hybrid IT–OT architectures, cloud-based identity, and exposed remote services enable adversaries—including nation-state actors—to establish low-visibility footholds using living-off-the-land techniques and valid credentials. Microsoft recommends continuous readiness, reducing exposure, and validating defenses through proactive compromise assessments to detect active or dormant intrusions before they are activated.
read more →

Preventing Ransomware Targeting Home Backup Devices

🔒 Ransomware increasingly targets home backups and personal NAS units, using automated scans, weak credentials, and social engineering to encrypt photos, documents, and synced cloud folders. Once inside, malware removes Windows shadow copies, encrypts connected external drives and mapped network shares, and corrupts cloud sync clients so remote copies mirror the damage. Follow the updated 3-2-1-1 rule: keep an offline copy, unplug external backups after each use, enable cloud versioning, enforce strong passwords and firmware updates, and back up authenticator data. Also enable features like System Watcher, avoid pirated installers, and test restore procedures regularly.
read more →

Turing Award Honors Inventors of Quantum Cryptography

🔬 Charles Bennett and Gilles Brassard have been awarded the 2026 Turing Award for inventing quantum cryptography. Bruce Schneier welcomes the recognition but reiterates his view that, while scientifically impressive, the technology is largely unnecessary for most practical security problems. In a 2008 essay, he argued that quantum key exchange doesn’t address the usual weak points of systems and that effort is better spent on system-level security and crypto agility.
read more →