- Securing Things Newsletter
- Posts
- Cybersecurity (IT, OT/ICS, AI, Open source) Insights from Q2 2024
Cybersecurity (IT, OT/ICS, AI, Open source) Insights from Q2 2024
[Securing Things by M. Yousuf Faisal]
Disclaimer: All views presented here, in this newsletter, are my own.
Author or the newsletter are not liable for any actions taken by any individual or any organization / business / entity. The information provided is for education and awareness purposes only and is not specific to any business and or situation.
Table of Contents
Hi Securing Things Community,
I know this is a bit late, but hope you all had a great Q2 2024 and having a even greater Q3 2024. In this newsletter edition, I am excited to present some of the key Cybersecurity (IT, OT/ICS, AI, Open source) insights from Q2 2024, Insights from my recent engagements, my most viewed social media posts, ways in which I can help, and my asks.
Special Message:
Before we begin, do me a favour and make sure you hit the “Subscribe” button to let me know that you care and keep me motivated to publish more. Thanks!
Sponsors:
Want SOC 2 compliance without the Security Theater?
Question 🤔 does your SOC 2 program feel like Security Theater? Just checking pointless boxes, not actually building security?
In an industry filled with security theater vendors, Oneleet is the only security-first compliance platform that provides an “all in one” solution for SOC 2.
We’ll build you a real-world Security Program, perform the Penetration Test, integrate with a 3rd Party Auditor, and provide the Compliance Software … all within one platform.
Daily News for Curious Minds
“I stopped watching the news, so sick of the bias. Was searching for an alternative that would just tell me WHAT happened, with NO editorializing. I found it. It’s called 1440. It assumes you are smart enough to form your own opinions.”
Cybersecurity Insights from Q2 2024
1. Cybersecurity Investments, Funding & Trends
Cybersecurity Investments, Funding, VCs and Start-ups
Information security startups brought in $3.6 billion in VC funding in Q2 2024 - a 20.4% increase over the previous quarter, according to PitchBook’s latest Emerging Tech Research on the sector.
Cybersecurity funding saw a growth trend showing encouraging signs in Q2 2024, according to Pinpoint Search Group research. In Q2 2024, Pinpoint Search Group's research team recorded 120 transactions in the cybersecurity vendor space, totalling $3.3 billion across 98 funding rounds and 22 M&A (www.prnewswire.com/news-releases/cybersecurity-funding-surges-in-q2-2024-pinpoint-search-group-report-highlights-year-over-year-growth-302191109.html).
The global Security Testing Market size is projected to grow from USD 14.5 billion in 2024 to USD 43.9 billion by 2029 at a Compound Annual Growth Rate (CAGR) of 24.7% during the forecast period, according to a new report by MarketsandMarkets™.
Cybersecurity Mergers & Acquisitions: Q2 2024, continued to see a number of layoffs, tech moves and several mergers & acquisitions, continued skills shortage, and more. Interested in knowing what happened in cybersec industry in terms of M&As in Q2 2024? Below is a list of M&As that took place in different products and or services categories.
Source: Return On Security, Crunch Base, and other online resources.
Looking at the above list, it’s fairly easy to conclude that services industry (both professional services and managed security services) saw the most activity.
OT/ICS: Operational Technology (OT) security market is expected to Reach US$ 71.22 billion by 2032, Growing at a CAGR of 17.1% from 2024 to 2032 according to Polaris Market Research (PMR).
What was your best reads? type in comments below.
Cyber Incidents, Ransomware Attacks & Data breaches
Just like Q1, 2024 has been no short of cybersecurity news related to ransomware attacks and data breaches with millions of records stolen or leaked from all over the world. Here’s a list of significant Cybersecurity Incidents in Q2 2024
Identity Theft Resource Center (ITRC) released its H1 2024 Data Breach Report & Analysis, which shows Q2 2024 had over a billion data breach victims. The estimated H1 total does not include victims of the Change Healthcare supply chain attack which company executives predict will impact “a substantial number” of U.S. residents. So, the number is likely higher than that.
Ivanti VPN Exploitation: A series of attacks targeted Ivanti's Connect Secure VPNs, exploiting zero-day vulnerabilities. Thousands of devices were compromised, affecting organizations including the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Mitre2.
Dunghill Hacker Group Data Theft: This group claimed to have stolen 1 TB of sensitive data related to chip designs from major companies like Apple, IBM, and SpaceX, along with personal employee information.
Credential Stuffing Attack on Roku: Over 576,000 user accounts were compromised due to credential stuffing attacks leveraging leaked databases. This incident followed a previous attack that hijacked 15,000 accounts.
Change Healthcare Ransomware Attack: A ransomware attack disrupted operations across the U.S. healthcare system, preventing pharmacies and hospitals from processing claims for weeks.
Snowflake Data Breach: probably the most talked about. Cybercriminals targeted Snowflake customers, leading to significant data theft affecting over 100 customers, including Neiman Marcus and Ticketmaster. The attacks exploited weak security practices, such as a lack of multi-factor authentication. Mandiant released a detailed analysis of the snowflake breach - a good read.
Rapid7 identified multiple intrusion attempts by threat actors utilizing techniques, tactics, and procedures (TTPs) that are consistent with an ongoing social engineering campaign. Rapid7 observed a meaningful shift in the tools used by the threat actors during the investigations. https://www.rapid7.com/blog/post/2024/08/12/ongoing-social-engineering-campaign-refreshes-payloads/.
Fuxnet ICS malware: According to Dragos in April 2024, the hacktivist persona Blackjack claimed to have successfully conducted a cyberattack targeting Moskollektor, an organization responsible for the OT network overseeing Moscow’s infrastructure sensor system. In addition to claiming to have disrupted 87,000 sensors using the Fuxnet ICS malware. Blackjack claimed to have accessed the Russian 112 emergency services number, invalidated key cards to office buildings, defaced websites and social media pages, and more. In support of these claims, Blackjack posted information stolen during the alleged operation and screenshots of the Fuxnet malware’s source code to a data leak site.
London Hospitals Cyberattack: A cyberattack on London hospitals resulted in the postponement of over 1,000 NHS operations, severely disrupting critical healthcare services.
Brutus Botnet Activity: This botnet was discovered targeting VPN networks globally using brute force methods to gain unauthorized access to devices.
Massive Password Leak: Approximately 10 billion passwords were exposed in what is considered one of the largest data breaches to date, emphasizing the need for better password management practices.
Microsoft Executive Account Breach: Russian-aligned threat actors gained access to Microsoft executive accounts, leading to significant data exposure and concerns over national security implications.
GitHub Enterprise Server Vulnerability: A critical vulnerability was found in GitHub’s Enterprise Server that allowed unauthorized access with administrator privileges, prompting urgent updates from users.
Level Kitchen Data Leak: Hackers accessed and leaked 2 million records from Level Kitchen’s database, including sensitive customer information such as full names and phone numbers.
ScanTour Credential Leak: The credentials of 477,000 customers from ScanTour were leaked online, containing personal data such as passport information and addresses.
TikTok Zero-Day Exploit: A vulnerability allowed hackers to gain access to TikTok accounts without user interaction by exploiting private messages with malicious code.
Key Tronic Cyberattack: The American manufacturer suffered an attack by the Black Basta group that resulted in the theft of over 500 GB of corporate data and employee personal information.
Avast FTC Fine: The Federal Trade Commission fined Avast $14.8 million for illegally processing users' personal data without consent since at least 20143.
AI-Generated Phishing Attacks: Cybercriminals increasingly utilized AI technologies to create sophisticated phishing emails that mimicked legitimate communications, making detection difficult for users.
Exploit for Sale on Dark Web: An unknown hacker advertised an exploit capable of accessing customer purchase information from over 100 companies, including major brands like Apple and Samsung.
Ransomware Activity Decline but New Groups Emerge: Although overall ransomware publications decreased by 10.43%, new groups like Play Ransomware emerged, indicating a shift in the ransomware landscape.
Open Server Incident at Microsoft: An unprotected server containing internal Bing data was discovered by security researchers, exposing sensitive company information before being secured.
CISA Disruption of Russian Campaigns: The FBI reported disruptions of Russian-aligned campaigns targeting SOHO routers for espionage purposes, highlighting ongoing geopolitical cyber threats.
Gen Q2/2024 Threat Report - CryptoCore Scam Stealing Millions via AI Deepfakes on YouTube, Rising Identity Theft, 24% Spike in Ransomware, and 46% more blocked Attacks Year Over Year.
Gcore Radar Report, highlights a striking 46% increase in Distributed Denial of Service (DDoS) attacks during the first half of 2024. The report reveals that DDoS incidents surged to 445,000 in Q2 alone, marking a significant rise from the previous six months and showcasing a disturbing trend in the cyber threat landscape. The data underscores the growing scale and frequency of these attacks, reflecting a broader escalation in the realm of cybersecurity threats. https://cybermaterial.com/ddos-attacks-surge-46-in-h1-2024/.
These incidents illustrate the evolving landscape of cybersecurity threats in Q2 2024, characterized by sophisticated attacks targeting both organizations and individuals across various sectors.
What was your best reads? type in comments below.
Guidance, Standards & Regulations - Notable Updates!
Q2 2024 also saw governments globally, announcing new laws, regulations around critical infrastructure. Similarly, several new cybersecurity industry best practices guidelines, and standards were published. Below is a just a sample list (in no particular order / classification):
Securities and Exchange Commission (SEC) Disclosure Rules: New requirements under SEC Form 8-K mandate registrants to disclose cybersecurity incidents promptly, emphasizing transparency and accountability in corporate governance.
Product Security and Telecommunications Infrastructure Act (PSTI):
This UK regulation aims to enhance the security of connected consumer devices, enforcing compliance with manufacturing guidelines to ensure better protection against cyber threats.
Cyber Resilience Act (CRA): Proposed EU legislation set to take effect post-June 2024 elections, establishing cybersecurity rules for products with digital elements. It mandates risk management frameworks for ICT providers and regular resilience testing.
NIS2 Directive: The updated Directive on Network and Information Security (NIS2) requires EU member states to enhance cybersecurity measures for essential services by October 17, 2024, including the establishment of Computer Security Incident Response Teams (CSIRTs).
National Cybersecurity Strategy Implementation Plan: The U.S. strategy outlines comprehensive frameworks for enhancing national security, focusing on public-private collaboration and establishing new compliance markers across critical infrastructure sectors.
AI Regulatory Frameworks: New anti-bias regulations are evolving for algorithm development and use, reflecting growing concerns over ethical AI practices in various sectors.
Colorado AI Act: This act introduces regulations aimed at ensuring responsible AI use within the state, focusing on transparency and accountability in algorithmic decision-making.
Cybersecurity Labelling Programs: U.S. Cyber Trust Mark program is being developed to provide consumers with information about the security of IoT devices, based on NIST criteria.
Harmonization of Cyber Regulations:
Efforts are underway to create a unified cybersecurity framework that streamlines regulations across critical infrastructure sectors while addressing associated challenges.
Interagency Cybersecurity Focus: Increased attention from agencies such as ONCD and GAO emphasizes cybersecurity as a top regulatory priority, aiming to establish baseline standards across various sectors.
Key Compliance Changes
Enhanced Multi-Factor Authentication (MFA): New regulations require stricter MFA protocols across organizations to increase security against unauthorized access.
Continuous Security Monitoring: Organizations are encouraged to adopt continuous monitoring practices rather than solely relying on preventive measures to address advanced persistent threats (APTs).
Third-Party Vendor Compliance: Expanded due diligence requirements necessitate organizations to ensure that third-party vendors comply with cybersecurity standards throughout the supply chain.
Mandatory Incident Reporting: Organizations must report major ICT-related incidents to authorities, fostering transparency and quicker response measures.
Regular Penetration Testing Requirements: New rules mandate that organizations conduct penetration testing of live production systems every three years to identify vulnerabilities.
Increased Focus on Security Training: Emphasis on training programs aimed at reducing human error and preventing social engineering attacks is mandated across organizations.
Data Retention and Deletion Policies: Updates in Regulation S-P require firms to establish clear data retention and deletion policies for electronic communications.
Risk Management Frameworks for Financial Institutions: Financial institutions must implement ICT risk management frameworks that extend responsibilities to third-party providers.
Consumer IoT Device Compliance: Manufacturers must issue statements of compliance for IoT products before market entry, ensuring adherence to established security standards.
Incident Disclosure Regulations from CISA: New incident disclosure rules from CISA compel organizations to adopt advanced cyber solutions in response to evolving threats.
These updates reflect a significant shift toward more robust cybersecurity regulations aimed at protecting both consumers and organizations in an increasingly digital landscape..
What other important regulations you’ve seen in Q2 2024? comment below.
Artificial Intelligence (AI), Guidance & Regulations
In Q2 2024, AI saw a significant adaption and innovation in terms of integration of AI into cybersecurity, while it also saw rise of threats stemming from the use of AI. According to the report “AI IN CYBERSECURITY” key findings include:
AI Integration: AI’s role evolving from assistive tool to autonomous actor in cybersecurity, significantly impacting Security Operations Center (SOC) analysis and malware analysis.
Election Security: The emergence of AI-powered deepfakes has posed a substantial threat to election integrity, with several notable incidents.
Technological Advancements: Breakthroughs such as OpenAI’s GPT-4o and Google’s LLM-powered fuzzing framework highlight AI’s expanding capabilities.
Security Vulnerabilities: New AI-specific threats like the “Morris II” AI worm and critical vulnerabilities in AI-as-a-Service platforms have emerged.
Ethical Considerations: The community is addressing issues of bias, explainability, and transparency in AI.
Regulatory Landscape: Global approaches to AI regulation remain fragmented, with the EU leading in comprehensive legislation and other regions adopting more flexible frameworks.
What was your best reads? type in comments below.
2. Insights from My Recent Engagements:
Got to provide some consulting on a couple of RFPs, RFQs, and a handful of short engagements. It’s probably be the lowest and the most difficult quarter since July 2022 in terms of revenue and growth with very long and uncertain sales cycle. Got to do following:
a sample IT & OT cybersecurity strategy presentation besides few RFP responses
Multi requests to develop OT/ICS policy and or procedures and OT staff competence framework and some OT assets baselines (for HMI, PLC, SCADA etc.) but with no concrete budgets approved.
Helped a global manufacturer to select an appropriate OT security solution for their environments for network security monitoring and threat detection.
Helped a global manufacturer to provide insights on evaluation criteria for remote access solution that may work for IT, OT/ICS and Cloud environments.
Potential collaboration discussions - nothing concrete.
Besides these:
Participating in some working groups for standards development bodies / attending weekly meetings.
Continue develop some solutions and offerings - e.g. Securing Things Academy, course plans, landing pages, policy and best practices toolkit etc.
Common theme across the prospect discussions and or engagements were:
End user orgs. are unsure or struggle to define the exact target goal of their initiatives.
Mostly driven by compliance needs - tick a box and expect to get less work.
CISO’s reporting to CIO’s often saw differing and conflicting opinions on priorities.
business wise: don’t rely on promises, until you have a signed order received :-(.
In case you’ve missed - here are some of my recent most viewed social posts.
Securing Things Academy - Pre-launch Announcement and Academy website gone live. Do join the wait-list. Presales coming soon.
Getting OT/ICS visibility for industrial, data centre or smart buildings environments. Note: Do checkout the pdf guide on the process & the offer.
IT & OT Security Dozen framework for building, executing & managing a Cybersecurity & Resilience Transformation Program. Note: Do checkout the pdf guide on the process & the offer.
My Top IT, OT/ICS, & AI Cybersecurity Newsletters - You Can’t go Without! - a newsletter about my top cybersecurity newsletters. Note: Do checkout the pdf to download. Apparently this was a viral post, accumulating to more than 12K+ views (9.5K+ on this & rest on company LinkedIn page).
CIOs / CTOs / CxOs Guide to IT & OT/ICS Cyber Resilience Strategy & transformation Program - outlines an example process and approach to take.
CISO’s Guide to AI - 12 Steps, CISOs should take to address AI related cybersecurity risks.
Defending OT with ATT&CK - provides a customized collection of MITRE ATT&CK® techniques tailored to the attack surface and threat model for OT environments.
Getting started in IT & OT Cybersecurity - a blueprint / framework to 2x / 5x / 10x your cybersecurity career. Links in comments of the above post.
Ways in which I can help?
Whenever you are ready - I can help you / your organizations’ or your customers’, secure digital transformation journey through:
B - IT & OT Cybersecurity Trainings & Education:
Reach out at info[at]securingthings[dot].com or DM me via LinkedIn.
My Ask
I invite #SecuringThings community to share their feedback.
Your feedback and input is invaluable to me as we work together to strengthen our cybersecurity defenses and create a safer and smarter digital society. Thank you for your trust and continued support.
Do register, validate your email, and request login link to submit poll to be able to enter a chance to win a future course giveaway.
Also let me know:
Rate the newsletter contentDid you find the content valuable? |
Here's to Securing Things in Q3 2024 onwards! Thanks for reading - until next edition!
It’s a Great Day to Start Securing Things for a Smart & Safer Society.
Take care and Best Regards,
M. Yousuf Faisal.
Follow: #securingthings on LinkedIn | @securingthings on X/Twitter & YouTube.
The Newsletter Platform Built for Growth
When starting a newsletter, there are plenty of choices. But there’s only one publishing tool built to help you grow your publications as quickly and sustainably as possible.
Beehiiv was founded by some of the earliest employees of the Morning Brew, and they know what it takes to grow a newsletter from zero to millions.
The all-in-one publishing suite comes with built-in growth tools, customization, and best-in-class analytics that actually move the needle - all in an easy-to-use interface.
Not to mention—responsive audience polls, a custom referral program, SEO-optimized webpage’s, and so much more.
If you’ve considered starting a newsletter, there’s no better place to get started and no better time than now.
Reply