Each business day, MSSP Alert delivers this quick lineup of news, analysis and chatter from across the managed security services provider ecosystem.
- The Content: Written for MSSPs and MSPs; threat hunters; security operations center as a service (SOCaaS), managed detection and response (MDR), and eXtended detection and response (XDR) providers — and those who partner with such companies.
- Frequency and Format: Every business morning. Typically, one or two sentences for each item below.
- Reaching Our Inbox: Send news, tips and rumors to Managing Editor Jim Masters: [email protected].
A. Today’s MSSP, MDR, XDR and Cybersecurity Market News
1. Hacker Alert: ESET researchers have discovered the WinorDLL64 backdoor, one of the payloads of the Wslink downloader. The targeted region, and overlap in behavior and code, suggest the tool is used by the infamous North Korea-aligned APT group Lazarus. Wslink’s payload can exfiltrate, overwrite and remove files, execute commands and obtain extensive information about the underlying system.
2. Cybersecurity Research: Kaspersky’s annual IT Security Economics report has revealed that, due to the complex nature of mature cybersecurity solutions, many companies have begun to outsource some functions to external InfoSec providers. Kaspersky found that 58% of SMBs and corporations in North America said the most common reason to transfer certain IT security responsibilities to an MSP or MSSP in 2022 was the efficiency external specialists provided.
3. Cybersecurity Certification for Leaders: Diligent Institute, the global corporate governance research arm and think tank of Diligent, has announced the initial lineup of subject matter experts featured in its premier Cyber Risk & Strategy Certification. With the Securities and Exchange Commission (SEC) finalizing regulations requiring board members to participate more closely in cybersecurity oversight, the program will help directors enhance their knowledge of cybersecurity to effectively govern significant enterprise-wide risks and have meaningful conversations with functional leaders.
4. Funding Boost: Metomic, a next generation data security solution for protecting sensitive data in the new era of collaborative SaaS, has raised a $20 million Series A funding round. The round is led by Evolution Equity Partners with participation from Resonance and Connect Ventures. The investment will be used for U.S. expansion efforts and research and development initiatives.
5. Call for Presentations: (ISC)², the world's largest nonprofit association of certified cybersecurity professionals, has opened its Call for Presentations for the 13th annual (ISC)² Security Congress 2023. The conference will bring together thousands of cybersecurity leaders for several days of professional development, networking and exploration of the latest cybersecurity best practices. The event will be held at The Gaylord Opryland Resort in Nashville, Tennesse, October 25-27. The Call for Presentations closes on March 23.
6. Cyber Education Partnership: Checkmarx is partnering with the Vilnius Coding School to alert more software developers to the critical need for application security. The partnership will use Codebashing to "educate the next generation of developers on the best ways to shift everywhere, incorporating AppSec into every phase of the software development lifecycle."
7. Dole Cyberattack Reported: A cyberattack earlier in February reportedly forced produce giant Dole to temporarily shut down production plants in North America and halt food shipments to grocery stores. The suspected ransomware attack led some grocery shoppers to complain on Facebook in recent days that store shelves were missing Dole-made salad kits. (Source: CNN)
8. Ransomware Tactics Exposed: A ransomware outfit is advising its victims to secretly tell them how much insurance they have so that their extortion demands will be met. Security researchers at Varonis described a new strain of the HardBit ransomware that has taken the unusual step of asking targeted companies to say whether they have cyber insurance, and the terms of that insurance. (Source: Tripwire)
9. Industry Recognition: Senhasegura, a provider of privileged access management (PAM) solutions, has been named a Leader in the 2023 KuppingerCole Leadership Compass for Privileged Access Management. It is the second consecutive report recognizing the advanced capabilities of the Company’s 360o Privilege Platform. Senhasegura was named an Overall Leader as well as a Product Leader and Innovation Leader out of 25 total vendors evaluated.