Our monthly report prepares cybersecurity practitioners to make better tactical, operational and strategic decisions. We have distilled analysis of key events from the previous month which have learning points that can be actioned to improve security. The document has three main purposes to assist cybersecurity leaders:
- To be 'threat-led' and help prioritise defences against particular types of attackers
- To justify business decisions on cybersecurity changes, technology or services
- To enable them to respond confidently to questions from business leadership, defend decisions or make a case to change the status quo.
| Incident |
Threat |
Key points |
|
Ivanti announced vulnerabilities in VPN appliances with one being exploited since mid-December 2024 for remote code execution.
|
Threat actor "UNC5337", linked to Chinese espionage group "UNC5221", used malware to disable security, maintain access, and steal credentials through Ivanti's VPN vulnerabilities.
|
Network defenders should brace for credential-focused attacks and web shell deployments, with increased risks if exploits are publicised. Ivanti advises using their Integrity Checker Tool and resetting compromised appliances if compromised is detected.
|
|
Discovery of multiple malicious browser extensions used in identity attacks.
|
Attackers targeted browser extensions in a campaign, compromising cookies and authentication tokens of 2.6 million users. Access can result in credential theft, account takeovers, session hijacking, and data theft.
|
Implement a security strategy to audit, categorise, evaluate, and control browser extensions to mitigate risks to corporate data and systems.
|