Each business day, MSSP Alert delivers a quick lineup of news, analysis and chatter from across the managed security services provider ecosystem.
- The Content: Written for MSSPs and MSPs; threat hunters; security operations center as a service (SOCaaS); managed detection and response (MDR) and eXtended detection and response (XDR) providers; and those who partner with such companies.
- Frequency and Format: Every business morning. Typically, one or two sentences for each item below.
- Reaching Our Inbox: Send news, tips and rumors to Managing Editor Jim Masters: [email protected].
Today’s MSSP, MSP, MDR, XDR and Cybersecurity Market News
1. Security Partnership: Resecurity, a California-based cybersecurity provider, is partnering with Spire Solutions, a Middle East and Africa region security and data company and value-added distributor. By integrating Resecurity's threat intelligence and response capabilities with Spire Solutions' proficiency in the regional market and the local threat landscape, the partnership aims to help organizations of all sizes protect themselves against the most advanced cyber threats, the companies said.
2. Cyberattack Update: The International Criminal Court (ICC) said that a cyberattack it suffered in September was a case of attempted espionage aimed at disrupting its mandate to investigate war crimes worldwide. The ICC said it could not confirm who behind the attack and did not disclose whether any sensitive information had been stolen. The court holds sensitive records related to alleged war crimes investigations, including documents, images and testimony from witnesses who could be endangered if their identity were revealed. (Source: Reuters)
3. Ransomware Alert: The Ragnar Locker ransomware operation's Tor negotiation and data leak sites were seized this week as part of an international law enforcement operation. Visiting either website now displays a seizure message stating that a large assortment of international law enforcement from the U.S., Europe, Germany, France, Italy, Japan, Spain, Netherlands, Czech Republic and Latvia were involved in the operation. (Source: Bleeping Computer)
4. AI Product Launch: SaaS platform provider Druva has unveiled Dru, an artificial intelligence (AI) copilot for backup that "revolutionizes" how customers engage with their data protection solutions, the company announced. Dru allows both IT and business users to get critical information through a conversational interface, helping customers reduce protection risks, gain insight into their protection environment and quickly navigate their solution through a customized interface.
5. Cloud Security Product Launch: Trend Micro has released new cloud container security capabilities for its platform. The latest addition to the platform delivers end-to-end protection, detection and response to drive secure digital transformation, Trend Micro said. The new capabilities simplify investigations by enabling analysts to prioritize incidents faster and with greater accuracy, "reducing the time spent on each container security incident by up to two weeks."
6. Malware Alert: A malvertising campaign is using Google Ads to direct users searching for popular software to fictitious landing pages and distribute next-stage payloads. The attack singles out users searching for Notepad++ and PDF converters to serve bogus ads on the Google search results page that, when clicked, filters out bots and other unintended IP addresses by showing a decoy site. Should the visitor be deemed of interest to the threat actor, the victim is redirected to a replica website advertising the software, while silently fingerprinting the system to determine if the request is originating from a virtual machine. (Source: The Hacker News)
7. Malware Alert: Cyberattacks using the DarkGate commodity malware targeting entities in the U.K., the U.S. and India have been linked to Vietnamese threat actors associated with the use of the Ducktail stealer. The development comes amid an uptick in malware campaigns using DarkGate in recent months, primarily driven by the author's decision to rent it out on a malware-as-a-service (MaaS) to other threat actors. (Source: The Hacker News)
8. North Korean Websites Seized: The U.S. government has announced the seizure of 17 website domains used by North Korean information technology (IT) workers as part of an illicit scheme to defraud businesses across the world, evade sanctions and fund the country's ballistic missile program. The Department of Justice (DoJ) said the U.S. confiscated approximately $1.5 million of the revenue that these IT workers collected from unwitting victims using the deceptive scheme in October 2022 and January 2023. It also called out North Korea for flooding the "global marketplace with ill-intentioned information technology workers." (Source: The Hacker News)