The Ponemon Institute has recently published this year’s Cost of a Data Breach Report which highlights data breach trends, costs and an overview of data breach root cause analyses. The report is based on the in-depth analysis of data breaches that have occurred over the past year, 80% of which incidents resulted in the exposure of […]

Just as MITRE are updating their framework for Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) to include ICS and OT Systems, the NSA and CISA have recently issued the AA20-205A alert recommending immediate actions to reduce exposure across operational technologies and control systems. CISA and NSA advised that there has been an increase in activity […]

As we are just over half way through the year, 2020 is already looking to have the highest number of data breaches to ever occur in one year. The facts so far: The number of records exposed in Q1 2020 skyrocketed to 8.4 billion – a 273% increase compared to Q1 2019. COVID-19 set cybercrime […]

Yesterday, July 15th saw a number of high-profile Twitter accounts hacked and this may have been one of the biggest Twitter hack’s of all time. What happened? The scam targeted a number of well-known Twitter accounts, including that of Joe Biden, Barack Obama, Bill Gates, Elon Musk, Kanye West, Apple and many more. The hack […]

It could be argued that the most critical infrastructure systems of our society today are sustained and somewhat fully dependent upon by Operational Technology (OT). As our systems are undergoing more and more digital transformation, they become more connected, which leaves them more vulnerable. Critical infrastructure and modern manufacturing facilities are a complex mix of […]

As of June 2020, many companies that work with the US DoD will soon need to meet CMMC requirements to bid on contracts. This has led to many enquiries into what exactly this means for companies and what they should be doing to get compliant. What’s new? CMMC will be replacing the existing self-certification model […]

A lot of focus is placed on managing external threats by organisations, when in fact their biggest asset is also their biggest risk: People (Insider Threat). You can’t run a business without giving employees  access to resources, and you can’t give them that access without some degree of risk.  An insider threat is when a […]

Updated 15th May 2020 Over the past few months we have been witnessing an increased amount of malicious attempts as many threat actors have started to abuse the panic and discomfort of the COVID-19 pandemic to conduct specially crafted cyber attacks. Our SOCs are continually seeing a significant spike in activity on Brute-Force attacks (authentication […]

When it comes to performing a penetration test, one of the most important things is understanding how the application you are testing works. A pentester needs to know how it is used, all its functionalities and namely external libraries and what parts are custom-developed. In one of Smarttech247’s penetration testing engagements, we encountered an interesting […]