Here’s some notes on our briefing with Bob Bobel (CEO and founder) and Dmitry Sotnikov (Chief Product Officer) at Cayosoft. The briefing was organized by Jacob Manchester of Scratch Marketing + Media.

Our notes:

• Bob Bobel has a background in Active Directory and Microsoft Exchange, through stints at Quest, Dell, NetWrix, and others.
• Cayosoft offers tools for managing Active Directory and other Microsoft tools (e.g., Exchange, SharePoint, Teams). With many organizations moving to a hybrid / multi-cloud posture, tools for managing Active Directory are essential. Enterprises have felt left out as Microsoft diverted its attention to the cloud and cloud identity, e.g., Azure AD / Entra ID.
• To safeguard an Active Directory deployment, one of Cayosoft’s tools enables customers to create a daily snapshot of their AD forest for use if/when recovery is needed. This is created as a fully-functional standby AD forest in Azure. This is called Guardian Forest Recovery.
• If Active Directory is compromised by human error, technical malfunction, or a cyberattack, the latest snapshot of their AD forest enables fast recovery.
• Cayosoft talks about “instant” recovery. This seems to be 10-15 minutes, which while not “instant,” is MUCH faster than the multiple days or weeks it would otherwise take to recreate a corrupted or compromised AD without such tools.
• Guardian Forest Recovery also continually monitors for changes in AD / Azure AD. This visibility and oversight enables rollback of accidental and malicious changes.
• A customer using Cayosoft tools but not its AD forest recovery offering ran a proof-of-concept with the AD forest recovery solution but hadn’t decided whether to purchase the solution. A month later, something happened (it wasn’t a ransomware attack) which resulted in all group memberships for 5,000 employees being wiped out. Because the proof-of-concept was still running, they were able to use the standby AD forest in Azure to rollback all group memberships within an hour. And they signed up for ongoing use, too. 
• Guardian Forest Recovery is one of the solutions available from Cayosoft to add resiliency to Microsoft-centric identity environments. 

For more, see Cayosoft.

The evolving nature of modern ransomware and other cyberattacks have transformed a once-upon-a-time IT maintenance process into the linchpin on which business recovery depends. Without a strong and enduring backup posture, ransomware and other cyberattacks will cripple or destroy an organization.

The white paper examines the transformation of the importance of backup strategies, profiles the modern cyberthreat landscape, and presents an updated list of essential requirements to enable a backup approach with business resilience and disaster recovery at its core. 

Key findings:

• Legacy and laissez-faire approaches to backup are no longer sufficient.
• Cyberthreat actors are continually probing for new ways to compromise organizations and weaponize security protections.
• Data backup is an essential strategy for security, business continuity, and organizational resilience.
• What makes sense as strategic best practice for backup and recovery to counteract ransomware in 2024 and beyond is very different to what was sufficient five years ago. 

Please download your copy of this white paper from our portfolio. Registration is required to snag a copy.

Cybersixgill released its annual State of the Underground report in February (read the press release for the summary and register for the full details in the report). The report itself is 52 pages in length, and covers threat actor trends across six areas, e.g., compromised credit cards, messaging platform usage, initial access.

Here’s our key takeaways:

• Compromised credit cards less of a problem
  The market for compromised credit cards has collapsed over the past 5 years, from 140 million cards in 2019 to 12 million in 2023. Improved fraud detection and prevention is a key contributor to this change.
• Less activity on underground forums and messaging apps
  Threat actors are making less use of underground forums and messaging apps, e.g., Telegram. However, much of this is due to significantly less activity by right-wing extremist groups and the disbandment of popular forums.
• Vulnerabilities need to be paired with likelihood of exploit to be meaningful in defensive strategies
  There were 7 CVEs introduced in 2023 that scored the highest marks for likelihood of being exploited within the next 90 days. MOVEit Transfer was in first place. In the top 10, half were for Microsoft products.
• Stealer malware continues to get worse
  Stealer malware grew in popularity in 2023, with 617 new types of malware (including stealers) mentioned on underground forums. Raccoon Stealer had >50% market share in 2023.
• Availability of compromised endpoints for sale increased, too
  The number of compromised endpoints increased (almost doubled, actually), which is problematic since they can be used for data theft, lateral movement, botnet recruitment, and more.
• Ransomware attack volumes were down, but ransom payouts up significantly
  Fewer attacks (by around 10%) combined with significantly higher ransom payouts (almost doubled) means ransomware continues to be a significant threat. While the likelihood of being targeted went down, for those that are targeted and compromised, costs are much higher.

Thanks to Cybersixgill for assembling such a good resource.

• LockBit take down
  A coalition of the FBI and law enforcement agencies from 9 other countries disrupted the operations of the LockBit ransomware group. The operation seized rogue accounts and servers across multiple countries, as well as 1,000 potential decryption keys to assist LockBit victims. A couple of individuals were arrested. It is being touted as a “systemic disruption and dismantling” of the LockBit group. LockBit claimed the timing was due to it having ransomed Fulton County and thus held incriminating evidence on Donald Trump that could affect the upcoming US election. FBI Akamai KrebsOnSecurity
• Cayosoft receives minority investment of $22.5 million for expansion
  Cayosoft, which focuses on Active Directory management, received $22.5 million in new investment funds for accelerating U.S. and international growth. Cayosoft will use the funds to hire sales and marketing personnel, as well as for the development of new tools to help organizations manage Active Directory. The investment is positioned around Cayosoft’s recovery, management and governance solutions for Active Directory forests; its solution can enable recovery post-attack “instantly” (defined as within second or minutes, verses hours / days / longer for competitive offerings. Cayosoft
• Research on adoption of AI and LLMs in enterprises
  cnvrg.io, an Intel company, published the results of its third annual ML Insider survey (published December 2023, so playing catchup on this one). Key findings: only 10% of the organizations surveyed have already launched generative AI solutions to production, the U.S. organizations in the research are further ahead, and those that have deployed such solutions have seen various benefits. Main reasons for slow adoption: need to improve skills (lack of knowledge), compliance and privacy issues (and rightly so), and high cost of implementation. Intel

Key findings:

• Ransomware (as a category of malware) tops the nastiest list in 2023, driven by ransomware-as-a-service (RaaS) business models. This aligns with our 2022 report on ransomware, in which we profiled the growing prevalence of RaaS as driving increases in ransomware attackers, attacks, and variants. In 2023, Cl0p has been particularly active.
• Double / triple extortion designs are highly devastating to organizations, because even if there is a backup to restore data, the threat of the ransomware gang publishing stolen data forces many organizations to pay the ransom.
• The press release says that “only 34% of businesses pay ransom, an all-time low.” In light of the double / triple extortion comment above, we had to think this one through. For it to be so low, the 71% of organizations that are not paying the ransom must do two things very well – firstly, have data backups to enable rapid and error-free restoration, and secondly, use strong data protection methods such as encryption so that any exfiltrated data is unreadable and won’t trigger “crisis communications and data compliance fines” (see the report for that line). With the way ransomware is going, organizations not doing both are asking for trouble.
• The average ransom payment, when one is made, skyrocketed to $740K (in Q2 2023). In late 2021, the average was $167K. That’s a big change, and one that OpenText attributes to the wild success of Cl0p’s exploitation of customers using MOVEit Transfer.

Date: July 22, 2021

Focus of the Webinar

Watch this hour-long webinar where Michael Sampson, Senior Analyst at Osterman research reviews the results of their recent survey of 130 cybersecurity professionals, How to Reduce the Risk of Phishing and Ransomware.

 You’ll learn how organizations view their security posture, including:

• Organizational effectiveness against various threats
• Most popular security incidents
• The concerns keeping security teams up at night
• The most-pressing ransomware concerns
• The capabilities to handle different threats

Register to view the recording

Date: June 30, 2021

Osterman Research conducted a brand new and independent study on the rise of phishing and ransomware attacks. 130 cybersecurity professionals were interviewed.

With new strains of ransomware and malware threats on the rise, your organization and data is continually at risk. Watch this webinar to learn how you can reduce your exposure to these threats, including:

• The most effective mitigations against phishing and ransomware attacks.
• Five pillars of phishing and ransomware prevention.
• Best practices to reduce the risk of phishing and ransomware.
• Recommendations for improving security and steps to take today.

Register to watch the recording

Microsoft 365 is a capable and robust platform with a wide collection of features and functions. Like any large platform with diverse capabilities and a diverse user base, customers must analyze if it provides the depth of capability or specialized functionality they require in areas like security, archiving, authentication, eDiscovery, encryption, and file sharing.

To help IT and security managers identify such features or performance gaps, Osterman Research has just published “Why Your Company Needs Third-Party Solutions for Microsoft 365.” 

Join Michael Osterman, Principal Analyst, Osterman Research will review the results contained in the report of detailed research into Microsoft 365’s functionality across several areas. 

Takeaways will include:

• How prevalent it is for IT organizations using Microsoft 365 today to contract additional security, archiving or other capabilities
• Limitations in the embedded security included in standard Microsoft 365 packages 
• Considerations in evaluating Microsoft’s Advanced Threat Protection module
• What is needed to make Microsoft 365’s eDiscovery capabilities really work for you
• What particular issues must be understood by companies with hybrid environments

Register to watch the recording