Content, Content, Breach, Channel partners, Content, Security Program Controls/Technologies, Channel investors, Phishing, Ransomware, Threat Intelligence

Managed Security Services Provider (MSSP) Market News: 29 June 2023

Alert icon isolated on Abstract design bright red banner background

Each business day, MSSP Alert delivers a quick lineup of news, analysis and chatter from across the managed security services provider ecosystem.

  • The Content: Written for MSSPs and MSPs; threat hunters security operations center as a service (SOCaaS), managed detection and response (MDR) and eXtended detection and response (XDR) providers; and those who partner with such companies.
  • Frequency and Format: Every business morning. Typically, one or two sentences for each item below.
  • Reaching Our Inbox: Send news, tips and rumors to Managing Editor Jim Masters: [email protected].

Today’s MSSP, MSP, MDR, XDR and Cybersecurity Market News

1. Cybersecurity Toolkit Offered: In collaboration with Deloitte, the World Economic Forum has released actionable guidance to help protect organizations during the rapid development of quantum computing technology. The Quantum Readiness Toolkit provides specific guidance in line with the overall framework presented in last year's flagship report, "Transitioning to a Quantum-Secure Economy."

2. Patent Award: Cobalt Iron Inc., a provider of SaaS-based enterprise data protection, announced that it has received a patent on its proactive technology for automated remediation of cyber and storage events. U.S. Patent 11636207 describes new techniques that will be implemented in Cobalt Iron Compass, an enterprise SaaS backup platform.

3. Product Launch: Aquia Inc., a Service-Disabled Veteran-Owned Small Business specializing in cloud and cybersecurity professional services, announced the availability of Aquia's Threat Modeling on Amazon Web Services (AWS). The offering helps organizations bridge security gaps and promote collaborative application security (AppSec) environments by assessing the possibility, probability, potential harm and priority level of threats relevant to their AWS workloads.

4. Industry Recognition: DKBinnovative, a managed IT and cyber defense firm, has placed 104th on the MSP 501 list of the world's top managed services providers. This recognition highlights DKBinnovative's commitment to excellence in delivering secure and reliable IT solutions to small and medium-sized businesses globally.

5. Malware Alert: A previously undocumented Windows-based information stealer called ThirdEye has been discovered in the wild with capabilities to harvest sensitive data from infected hosts. Fortinet FortiGuard Labs, which made the discovery, said it found the malware in an executable that masqueraded as a PDF file with a Russian name "CMK Правила оформления больничных листов.pdf.exe," which translates to "CMK Rules for issuing sick leaves.pdf.exe." (Source: The Hacker News)

6. Cybersecurity Research for Law Firms: A new treatise from PLI Press, "Cybersecurity Obligations for Attorneys: Confidentiality of Information in the Age of Cyber Crime," provides an overview of how lawyers need to implement cybersecurity measures in light of the expansion of ethical obligations requiring them to protect against cyberattacks.

7. UCLA Reports Cyberattack: The University of California at Los Angeles (UCLA) confirmed this week that it is among dozens of institutions and companies that had data stolen in a cyberattack that government officials have blamed on the CL0P ransomware gang. According to bulletins from the U.S. Cybersecurity and Infrastructure Security Agency and the FBI, beginning in May thieves tied to the CL0P group used a previously unknown software vulnerability, that being a zero day exploit, to infect applications that interface with the MOVEit file transfer system. (Source: NBC News)

8. New Ransomware Group Identified: A massive spike in ransomware activity in May and June 2023 has been attributed to a relatively unknown ransomware group called 8Base. The 8Base group is now among the top two performing ransomware gangs within the past month, marginally behind the infamous Lockbit ransomware group. The group utilizes encryption paired with "name-and-shame" techniques to compel its victims to pay their ransoms. (Source: CSO Online)

9. Funding Boost: Cyware, a provider of AI-powered cyber fusion platforms for enterprises and MSSPs, announced a $30 million Series C financing round led by Ten Eleven Ventures. Also participating are previous investors Advent International, Zscaler, Emerald Development Managers, Prelude (the venture practice at Mercato Partners) and Great Road Holdings.

10. Cyberattacks on Government, Law Firms: The U.S. Department of Health and Human Services (HHS) was among those affected by a wide-ranging hack centered on  MOVEit Transfer software. "While no HHS systems or networks were compromised, attackers gained access to data by exploiting the vulnerability in the MOVEit Transfer software of third-party vendors," a health department official familiar with the matter said. The CL0P ransomware group, which is reportedly behind the massive breach, also claimed credit for stealing data from two major law firms, Kirkland & Ellis LLP and K&L Gates LLP. (Source: Reuters)

Annual In-Person MSSP and Cybersecurity Conferences

Jim Masters

Jim Masters is Managing Editor of MSSP Alert, and holds a B.A. degree in Journalism from Northern Illinois University. His career has spanned governmental and investigative reporting for daily newspapers in the Northwest Indiana Region and 16 years in a global internal communications role for a Fortune 500 professional services company. Additionally, he is co-owner of the Lake County Corn Dogs minor league baseball franchise, located in Crown Point, Indiana. In his spare time, he enjoys writing and recording his own music, oil painting, biking, volleyball, golf and cheering on the Corn Dogs.