Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In Q2 2024, the Kroll Cyber Threat Intelligence (CTI) Team observed an increase in activity around a new ransomware group named FOG. FOG was initially observed in May 2024, and since then has been heavily targeting higher educational institutions in the U.S. by exploiting compromised VPN credentials. Kroll's review of a recent FOG binary (1.exe) found no exfiltration or persistence mechanisms directly integrated.

In a security bulletin on February 19, ConnectWise announced critical vulnerabilities (CVE-2024-1708 & CVE-2024-1709) to its on-premises ScreenConnect product (identified and responsibly reported by one of Kroll’s SOC analysts), allowing attackers to takeover an organization’s ScreenConnect. The vulnerability, trivial to exploit, allows anonymous individuals to a create system admin account on publicly exposed instances of the product.

The concept of Software Bill of Materials (SBOM) has gained serious traction in recent years, emerging as a critical element of software security frameworks. SBOM refers to a comprehensive inventory of all the components and dependencies, or the software supply chain, that make up a software application. The influence of SBOM on modern software and application security programs is so compelling that government organizations like the U.S.

Between customer requirements, regulatory or legislative mandates and executive orders, incorporating strong security controls throughout the Software Development Lifecycle (SDLC) has become a central focus for development groups, leadership teams and governing bodies. However, regardless of external motivators, maintaining a secure SDLC also provides the developer tangible benefits regarding the health of the software by ensuring a meticulous focus on architecture and solid software-building practices.

The State of Cyber Defense: Manufacturing Cyber Resilience highlights the unique challenges the manufacturing industry faces and the key ways the industry can become more cyber resilient.