IT News

Explore the MakoLogics IT News for valuable insights and thought leadership on industry best practices in managed IT services and enterprise security updates.

3 important lessons from a devastating ransomware attack

In October 2023, The British Library was attacked by the Rhysida ransomware gang in a devastating cyberattack.

The library, a vast repository of over 170 million items, is still deep in the recovery process, but recently released an eighteen page cyber incident review describing the attack, its impact, the aftermath, and the lessons learned. The report is full of useful information, and well worth a read, even if you’re responsible for security in a much smaller organisation.

The attack and its aftermath is a reminder that big game ransomware remains the preeminent cyberthreat to organisations of all sizes, and the tactics it describes will be familiar to anyone who has read the Big Game Ransomware section of our 2024 State of Malware report.

The ransomware itself was launched on October 28, 2023, but the library believes that the Rhysida group infiltrated its systems at least three days before that. During those three days the group conducted what the library calls “hostile reconnaissance,” and exfiltrated 600GB of data.

The report also describes how the gang “hijacked native utilities” to copy databases. Using tools that are already on a victim’s network (a technique know as Living off the Land) makes it easier for ransomware gangs to avoid detection while they prepare an attack.

However, there are some details about the attack that either add to the body of knowledge, or remind us of things that are easily overlooked, so I’ve picked out some lessons from the report that can probably be usefully applied by any IT team.

1. Complexity helped the attackers

One thing that leaps off the pages of the report is how the library’s complex infrastructure aided the attackers. The report describes the library environment as an “unusually diverse and complex technology estate, including many legacy systems.” Unless you work for a brand new startup, the chances are that you recognise some of your own company network in that description, even if it isn’t as complex as the British Library.

This technical debt prevented the library from complying with security standards, “contributed to the severity of the impact of the attack,” and offered the attackers wider access than they should have had.

Most damaging of all though is the effect that carrying too much complexity has had on the library’s ability to recover:

“Our reliance on legacy infrastructure is the primary contributor to the length of time that the Library will require to recover from the attack. These legacy systems will in many cases need to be migrated to new versions, substantially modified, or even rebuilt from the ground up, either because they are unsupported and therefore cannot be repurchased or restored, or because they simply will not operate on modern servers or with modern security controls.”

It concludes, “there is a clear lesson in ensuring the attack vector is reduced as much as possible by keeping infrastructure and applications current.”

2. Endpoint protection matters

While the issue of complexity crops up again and again in the report, there is another significant finding that’s covered in just a single line—the importance of effective endpoint protection.

As devastating as the attack on the library was, it could have been worse. The attack only succeeded in compromising the organisation’s servers, but its desktops and laptops were spared because they were running a more modern “defensive software” that successfully identified and prevented the attack.

“A different software system successfully identified and prevented the encryption attack from executing on our laptop and desktop estates, but older defensive software on the server estate was unable to resist the attack.”

The clear implication is that if the system that was running on the desktops and laptops had also been running on the servers then the attack would have been thwarted.

As important as monitoring technologies like SIEM, EDR and MDR have become, it remains as true today as it ever has that every endpoint and server, whether they’re Windows, Macs, or Linux machines, needs a next-gen antivirus engine that can detect and stop known threats and block suspicious behaviour, such as malicious encryption.

3. Ransomware is 24/7

The report also mentions another potential opportunity to stop the attack. It describes how “at 01:15 on 26 October 2023, the Library’s IT Security Manager was alerted to possible malicious activity on the Library network.” The IT manager took action, monitored the situation and the escalated the incident the following morning. A subsequent detailed analysis of activity logs, “did not identify any obviously malicious activity.”

Investigations performed after the attack “identified evidence of an external presence on the Library network at 23:29 on Wednesday 25 October 2023,” and that “an unusually high volume of data traffic (440GB) had left the Library’s estate at 1.30am on 28 October.” This suggests that there were further opportunities to detect the attackers’ “hostile reconnaissance.”

We highlight this to demonstrate an important point about how ransomware gangs operate, not to second guess the IT team at the library. It seems that everyone concerned treated the incident very seriously and took appropriate action, and they have our sympathy.

What we want to draw your attention to is that all three incidents happened in the dead of night.

Groups like Rhysida make significant efforts to cover their tracks, and are likely to work at times when their targets are least well staffed. However, even as stealthy as they are, their out-of-hours activities still create opportunities for skilled security staff to detect them. The problem for defenders is that their skilled security staff need to be working at the same time as the attackers.

For many organisations, the only practical way to achieve that is through a Managed Service Provider or a service like Managed Detection and Response (MDR).

How to avoid ransomware

  • Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs.
  • Prevent intrusions. Stop threats early before they can even infiltrate or infect your endpoints. Use endpoint security software that can prevent exploits and malware used to deliver ransomware.
  • Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
  • Stop malicious encryption. Deploy Endpoint Detection and Response software like ThreatDown EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
  • Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
  • Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

A week in security (March 18 – March 24)

New Go loader pushes Rhadamanthys stealer

Malware loaders (also known as droppers or downloaders) are a popular commodity in the criminal underground. Their primary function is to successfully compromise a machine and deploy one or multiple additional payloads.

A good loader avoids detection and identifies victims as legitimate (i.e. not sandboxes) before pushing other malware. This part is quite critical as the value of a loader is directly tied to the satisfaction of its “customers”.

In this blog post, we describe a malvertising campaign with a loader that was new to us. The program is written in the Go language and uses an interesting technique to deploy its follow-up payload, the Rhadamanthys stealer.

Malicious ad targets system administrators

PuTTY is a very popular SSH and Telnet client for Windows that has been used by IT admins for years. The threat actor bought an ad that claims to be the PuTTY homepage and appeared at the top of the Google search results page, right before the official website.

image 8d1f4a

In this example, the ad looks suspicious simply because the ad snippet shows a domain name (arnaudpairoto[.]com) that is completely unrelated. This is not always the case, and we continue to see many malicious ads that exactly match the impersonated brand.

Fake PuTTY site

The ad URL points to the attacker controlled domain where they can easily defeat security checks by showing a “legitimate” page to visitors that are not real victims. For example, a crawler, sandbox or scanner, will see this half finished blog:

image 70b0ee

Real victims coming from the US will be redirected to a fake site instead that looks and feels exactly like putty.org. One of the big differences though is the download link.

image bb66c1

The malicious payload is downloaded via a 2 step redirection chain which is something we don’t always see.

puttyconnect[.]info/1.php
HTTP/1.1 302 Found
Location: astrosphere[.]world/onserver3.php
astrosphere[.]world/onserver3.php
HTTP/1.1 200 OK
Server: nginx/1.24.0
Content-Type: application/octet-stream
Content-Length: 13198274
Connection: keep-alive
Content-Description: File Transfer
Content-Disposition: attachment; filename="PuTTy.exe"

We believe the astrosphere[.]world server is performing some checks for proxies while also logging the victim’s IP address. This IP address will later be checked before downloading the secondary payload.

That PuTTy.exe is malware, a dropper written in the Go language (version 1.21.0).

image dbe86e

Its author may have given it the name “Dropper 1.3“:

image 79e970

Follow-up payload

Upon executing the dropper, there is an IP check for the victim’s public IP address. This is likely done to only continue with users that have gone through the malicious ad and downloaded the malware from the fake site.

zodiacrealm[.]info/api.php?action=check_ip&ip=[IP Address]

If a match is found, the dropper proceeds to retrieve a follow-up payload from another server (192.121.16[.]228:22) as seen in the image below:

image 316552

To get this data, we see it uses the SSHv2 (Secure Shell 2.0) protocol implemented via OpenSSH on a Ubuntu server. We can only think of using this protocol to make the malware download more covert.

image 89d965

That payload is Rhadamanthys which is executed by the parent process PuTTy.exe:

image 28eb17

Malvertising / loader combo

We have seen different types of loaders via malvertising campaigns, including FakeBat which we profiled recently. Given how closely the loader is tied to the malvertising infrastructure it is quite likely that the same threat actor is controlling both. The service they offer to other criminals is one of malware delivery where they take care of the entire deployment process, from ad to loader to final payload.

We reported this campaign to Google. Malwarebytes and ThreatDown users are protected as we detect the fake PuTTY installer as Trojan.Script.GO.

image b6122c

ThreatDown users that have DNS Filtering can enable ad blocking in their console to prevent attacks that originate from malicious ads.

Indicators of Compromise

Decoy ad domain

arnaudpairoto[.]com

Fake site

puttyconnect[.]info

PuTTY

astrosphere[.]world
0caa772186814dbf84856293f102c7538980bcd31b70c1836be236e9fa05c48d

IP check

zodiacrealm[.]info

Rhadamanthys

192.121.16[.]228:22
bea1d58d168b267c27b1028b47bd6ad19e249630abb7c03cfffede8568749203

Canada revisits decision to ban Flipper Zero

In February 2024 the Canadian government announced plans to ban the sale of the Flipper Zero, mainly because of its reported use to steal cars.

The Flipper Zero is a portable device that can be used in penetration testing with a focus on wireless devices and access control systems.

If that doesn’t help you understand what it can do, a few examples from the news might help.

Flipper Zero made headlines in October because versions running third-party firmware could be used to crash iPhones running iOS 17 (since resolved in iOS 17.2).

Later, reporters found information that car thieves could use the Flipper Zero to intercept, record, and sometimes mimic the signal of a vehicle’s key fob, and if the car was in a garage, the signal of the garage door opener too.

Importantly, this only works on older car models that use fixed numeric codes for their fobs. Not on cars that use rolling codes, which change the numeric code transmitted from a key fob with each use. As a result, car thieves continued to ignore the Flipper Zero in favour of key fob signal boosters and keyless repeaters which are a lot more powerful.

Oddly enough, the car thieving option was mentioned as the main reason for putting a ban on the Flipper Zero in Canada. Although Canada’s Minister of Innovation, Science, and Industry, François-Philippe Champagne said:

“We are banning the importation, sale and use of consumer hacking devices, like flippers, used to commit these crimes.”

Very recently, a group of security researchers presented a series of vulnerabilities in the widely used Dormakaba Saflok electronic RFID locks. This vulnerability impacts over 3 million doors on over 13,000 properties in 131 countries, mostly in hotels.

Reportedly, an attacker only needs to read one keycard from the property to perform the attack against any of its doors. This keycard can be from their own room, or even an expired keycard taken from the express checkout collection box.

Any device capable of reading and writing or emulating MIFARE Classic cards is suitable for this attack. MIFARE is a contactless card technology introduced in 1994. It’s primarly used for transport passes, but its technological capabilities quickly made it one of the most popular smart cards for storing data and providing access control.

One device that can be used for this attack is the Flipper Zero, but an attacker could just as easily use a Proxmark 3 or any NFC capable Android phone.

After an appeal by the security community, Canada now looks like it’s going to move forward with measures to restrict the use of devices like Flipper Zero to legitimate actors only. The specifics will be revealed after deliberation with Canadian companies, online retailers, and the automotive industry.

Conclusions

None of the technology housed within the Flipper Zero is very new, all it does is combine multiple functions into one handheld device. We have never seen any officially confirmed cases of theft using a Flipper Zero. If you want to ban something that helps against car theft, look at keyless repeaters, on the market for a host of car brands and which have no other purpose.

For all the vulnerabilities we described, updates came out that fixed the issues and made the world a safer place, although the patches haven’t been applied everywhere—it’s a lot of work to update all the locks in a hotel, and it’s not feasible to update the fob systems of older cars. Nevertheless, the research by pen testers has led to security improvements, so why would we want to take away their tools?

If we have peaked your interest to buy a Flipper Zero, we urge you to be careful. Due to limited availability there are scammers active that will take your money and send nothing in return.

You can learn more about Flipper Zero by listening to our Lock and Code podcast below. In December 2023, host David Ruiz had a long conversation in with Cooper Quintin, senior public interest technologist with the Electronic Frontier Foundation—and Flipper Zero owner—about what the Flipper Zero can do, what it can’t do, and whether governments should get involved in the regulation of the device.

Patch Ivanti Standalone Sentry and Ivanti Neurons for ITSM now

Ivanti has issued patches for two vulnerabilities. One was discovered in the Ivanti Standalone Sentry, which impacts all supported versions 9.17.0, 9.18.0, and 9.19.0. Older versions are also at risk. The other vulnerability impacts all supported versions of Ivanti Neurons for ITSM—2023.3, 2023.2 and 2023.1, as well as unsupported versions which will need an upgrade before patching.

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The CVEs patched in these updates are:

CVE-2023-41724 (CVSS score 9.6 out of 10), which allows an unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.

This vulnerability was reported to Ivanti by the NATO Cyber Security Centre. Ivanti says it’s not aware of any customers being exploited by this vulnerability at the time of disclosure. The attack option is limited because an attacker without a valid Transport Layer Security (TLS) client certificate enrolled through Ivanti Endpoint Manager Mobile (EPMM) cannot directly exploit this issue on the internet.

Ivanti says its customers can access the patch (9.17.1, 9.18.1 and 9.19.1) via the standard download portal.

CVE-2023-46808 (CVSS score 9.9 out of 10) which allows an authenticated remote user to perform file writes to ITSM server. Successful exploitation can be used to write files to sensitive directories which may allow attackers to execute commands in the context of a web application’s user.

The patch has been applied to all Ivanti Neurons for ITSM Cloud landscapes. On-premise customers are advised to act immediately to ensure they are fully protected. Ivanti says it is not aware of any customers being exploited by this vulnerability prior to public disclosure.

The patch is available on the Ivanti Neurons for ITSM downloads page for each respective 2023.X version. This will require upgrading to 2023.X to apply the patch.

The vulnerabilities have a 2023 CVE because of a reservation made towards the end of 2023, when they were first found and reported. It is Ivanti’s policy that when a CVE is not under active exploitation to disclose the vulnerability when a fix is available, so that customers have the tools they need to protect their environment.

Get patching!


We don’t just report on vulnerabilities—we identify them, and prioritize action.

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using ThreatDown Vulnerability and Patch Management.

19 million plaintext passwords exposed by incorrectly configured Firebase instances

Three researchers scanned the internet for vulnerable Firebase instances, looking for personally identifiable information (PII).

Firebase is a platform for hosting databases, cloud computing, and app development. It’s owned by Google and was set up to help developers build and ship apps.

What the researchers discovered was scary. They found 916 websites from organizations that set their Firebase instances up incorrectly, some with no security rules enabled at all.

One of the researchers told BleepingComputer that most of the sites also had write enabled (meaning anyone can change it) which is bad, and one of them was a bank.

During a sweep of the internet that took two weeks, the researchers scanned over five million domains connected to Google’s Firebase platform.

The total amount of exposed data is huge:

  • Names: 84,221,169
  • Emails: 106,266,766
  • Phone Numbers: 33,559,863
  • Passwords: 20,185,831
  • Billing Info (Bank details, invoices, etc): 27,487,924

And as if that isn’t bad enough, 19,867,627 of those passwords were stored in plaintext. Which is a shame given that Firebase has a built-in end-to-end identity solution called Firebase Authentication that is specifically designed for secure sign-in processes and does not expose user passwords in the records.

So, an administrator of a Firebase database would have to go out of their way and create an extra database field in order to store the passwords in plaintext.

The researchers have warned all the affected companies, sending 842 emails in total. Only 1% of the site owners replied, but about a quarter of them did fix the misconfiguration.

In this case we can consider it a blessing that these researchers managed to get a lot of those instances correctly configured. On the other hand it’s frightening that the rest lives on in a state of insecurity.

Check your digital footprint

If you want to find out how much of your data has been exposed online, you can try our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.


We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

Tax scammer goes after small business owners and self-employed people

While most tax payers don’t particularly look forward to tax season, for some scammers it’s like the opening of their hunting season. So it’s no surprise that our researchers have found yet another tax-related scam.

In this most recent scam, we’ve not seen the lure the scammer uses, but it is likely to be an email telling the target to quickly go to this site to apply for your IRS EIN/Federal tax ID number.

EIN is short for Employer Identification Number. The IRS uses this number to identify taxpayers who are required to file various business tax returns. EINs are used by employers, sole proprietors, corporations, partnerships, non-profit associations, trusts, estates of decendents, government agencies, certain individuals, and other business entities.

Given the flow of the scam it’s very likely that the targets are self-employed and/or small business (SMB) owners. It’s possible that the phisher has obtained or bought a collection of email addresses from a data broker that fit a certain profile (for example, self-employed US residents).

To start this operation, the scammer doesn’t need a lot of information about their targets. A valid email address for a self-employed US resident could cost just a few cents on an underground forum on the dark web. However, the scammer might not even need to venture that far, as Senior Director of Technology and Engineering and Consumer Privacy at Malwarebytes, Shahak Shalev told us:

“I don’t think one would have to go to the dark web to get information like this as there are regular companies selling this information. They would probably qualify it as “lead generation”. According to our sources, pricing for one million self-employed US citizens usually goes for $1USD per contact, but for such a large amount it would probably be $0.1 per contact.”

The information the phishers are after is quite extensive and includes a person’s social security number (SSN).

A compromised social security number poses a major problem. A SSN stays with you for a lifetime, and is closely tied to your banking and credit history. Adding a person’s SSN to the scammers’ data could create far more opportunities for identity theft and fraud.

And if that wasn’t serious enough, the scammers here have the audacity to charge you for the tax ID number, even though applying for an Employer Identification Number (EIN) is a free service offered by the Internal Revenue Service (IRS).

Payment options and pricing on the fake site

We also found the scammer made a mistake when setting up their fake website. By looking at the privacy policy of the scammer’s site it became apparent that they forgot a small edit when they copied the privacy policy from someone else, but neglected to edit the original domain in one place.

privacy notice and cookie policy site shows the original domain

If you’ve received a mail or other invitation including a link to the domain irs-ein-gov.us, please let us know in the comments. We would love to have a copy so we can complete this attack profile.

How to avoid falling for a tax scam

Before acting on an email’s request, stop and think about the following:

  • Remember: The IRS doesn’t ask taxpayers for personal or financial information over email, text messages, or social media channels. This includes requests for PINs, passwords or similar access information for credit cards, banks, or other financial accounts.
  • Do not interact with the sender, click any links, or open any attachments.
  • Send the full email headers or forward the email as-is to phishing@irs.gov. Do not forward screenshots or scanned images of emails because this removes valuable information.
  • Delete the email.

If you are unsure if a certain communication is from the IRS, you can go to IRS.gov and search for the letter, notice, or form number. If it is legitimate, you’ll find instructions on how to respond. If there’s a form to fill in the verify that it is identical to the same form on IRS.gov by searching forms and instructions.

Malwarebytes Premium customers are protected against this particular scam if they have Web Protection enabled.

Malwarebytes blocks the site of the tax scammer

IOCs

Domains

ustaxnumber[.]org

ustaxnumber[.]com

irs-ein-gov[.]us

Check your digital footprint

If you want to find out how much of your data has been exposed online, you can try our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.


We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

Apex Legends Global Series plagued by hackers

The North American finals of online shooter game Apex Legends has been postponed after games were disrupted by hacking incidents.

Apex Legends, published by EA, is currently in an important stage of its Global Series, the regional finals mode. This is a big deal for the top players since there is a $5 million prize pool, with a few of the top teams in each region set to battle it out in the finals.

But on Monday, the Apex Legends official X account tweeted that it had postponed the contest after deciding the “competitive integrity” of the series had been compromised.

According to PCGamer, there were at least two major incidents:

“First, Noyan “Genburten” Ozkose of DarkZero suddenly found himself able to see other players through walls, then Phillip “ImperialHal” Dosen of TSM was given an aimbot.”

An aimbot is a program or patch that allows the player to cheat by having the character’s weapon aimed automatically. Using cheats like those would lead to immediate disqualification and total loss of respect if done on purpose.

The volunteers of the Anti-Cheat Police Department warned players against playing any games protected by Easy Anti-Cheat (EAC) or any EA titles for a while, because they suspected a Remote Code Execution (RCE) exploit was being used against the players.

However, recent developments point less toward an RCE being the cause and more to an actual infection on the players’ computers…

Malwarebytes to the rescue

In a livestream, affected gamer ImperialHal spoke to cybersecurity expert “PirateSoftware,” who has been investigating the attacks.

ImperialHal uses Malwarebytes to scan his machine which flags an inbound connection from an IP address linked to a server known for malicious activities.

Malwarebytes flags a suspicious IP address

It appears that the attacker had direct access to ImperialHal’s computer, likely via a Trojan. PirateSoftware concluded:

“I don’t see evidence of Apex having RCEs. It does not mean that it’s impossible but I still don’t see evidence, while I do see evidence of him having direct access to your machine.”

Protect yourself

We recommend that all gamers scan their computers with reliable security software. Malwarebytes Premium for Windows’ Brute Force Protection feature blocked the connection from being made to ImperialHal’s computer, so make sure you enable that feature.


We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

The ‘AT&T breach’—what you need to know

Earlier this week, the data of over 70 million people was posted for sale on an online cybercrime forum. The person selling the data claims it stems from a 2021 breach at AT&T.

Back in 2021, a hacker named Shiny Hunters claimed to have breached AT&T and put the alleged stolen data up for sale for $1 million for a direct sell. Fast forward three years and another threat actor calling themselves MajorNelson has leaked what they say is the same data.

However, AT&T denies (both in 2021 and, now, in 2024) that the data came from its systems, telling BleepingComputer that it’s seen no evidence of a breach. No response was received to a follow-up question on whether the data could come from a third-party provider.

The data posted online includes names, addresses, mobile phone numbers, dates of birth, social security numbers, and other internal information. Almost the same set was offered for sale in 2021, but the encrypted date of birth and social security numbers have since been decrypted and added to the set as supplemental files for most records.

Several sources have verified the dataset (or parts thereof) contains valid data.

What to do

AT&T still hasn’t confirmed that the data came from its systems, nor from a third party. However, there are some general actions you can take if you are an AT&T customer:

  • Watch out for people posing as AT&T. Data breaches are great for scammers because they can contact you pretending to be from the (in this case alleged) breached company. If you receive an email, phone call or something similar from someone claiming to be from AT&T be cautious and contact AT&T directly to check it’s real.
  • Take your time. Scammers often use themes that require urgent attention to hurry you into making a decision, filling in a form or giving away personal data. Take a step back and don’t give away any personal or financial information.
  • Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

Check if your data has been breached

Our Digital Footprint records now include the AT&T data so you can check if your information has been exposed online. Submit your email address (it’s best to submit the one you most frequently use) to our free Digital Footprint scan and we’ll send you a report.


We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

Upcoming webinar: How a leading architecture firm approaches cybersecurity

How does a company navigate over 80 years of technical debt? Which tools do a security team of 5 rely on everyday? What threats are considered most dangerous?

On March 28, 2024, Malwarebytes CEO, Marcin Kleczynski, and Payette Associates Director of Information Technology, Dan Gallivan, will answer these questions and more in our live Byte into Security webinar.

Event details

Date: March 28, 2024
Time: 10 AM PST / 1 PM EST
Registration: Open Now

In this webinar, you’ll discover

  • How Payette Industries ensures the security of remote teams while handling extensive data repositories.
  • The impact of moving workloads to the cloud and simplifying systems on enhancing security measures.
  • Why adopting Managed Detection and Response (MDR) services is crucial for providing round-the-clock monitoring and augmenting the capabilities of internal teams.

Why attend?

This Byte into Security webinar is a must for anyone eager to see how top-tier cybersecurity tactics are applied in real-world scenarios. Whether you’re involved in IT or simply keen on learning about state-of-the-art security practices, Marcin and Dan’s discussion will equip you with valuable insights.

Register now to secure your spot!