The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space.  In today’s episode with Yvonne Bernard – CTO at Hornetsecurity, we are analyzing data from the month of August 2023. 

During the episode, Andy and Yvonne explore the overall threat trends including:  

• The most common malicious file types used to deliver payloads, with HTML files taking the lead 

• The decline of malicious PDF and archive files, likely due to the disruption of Qakbot.  

• The industries that were most targeted over the past month as well as some brands that cybercriminals are impersonating in phishing attacks. 

• The impact of the FBI’s disruption of Qakbot. 

• The Storm-0558 breach. 

• A French government agency and a software vendor in the gaming space both had breaches that accounted for the PII of roughly 14 million individuals being stolen by threat actors. 

Timestamps:

(3:22) – General threat trends for this month’s data period 

(7:11) – What were the most used file types used for malicious payloads during the data period? 

(10:10) – What are the most targeted industries for this data period? 

(12:04) – The most impersonated brands from this month’s report 

(16:52) – Commentary on the FBI’s disruption of the Qakbot Botnet 

(22:54) – An update on the Microsoft Storm-0558 breach 

(33:46) – Data breaches account for 14 million lost records 

Episode Resources:

Full Monthly Threat Report – September 2023

EP07: A Discussion and Analysis of Qakbot 

Security Awareness Service

Andy on LinkedIn, Twitter, Mastadon 

Yvonne on LinkedIn 

Paul Schnackenburg joins Andy in this episode to discuss the recent rebranding of Azure AD to Microsoft Entra ID, as well as talk about some new identity features in the Microsoft Cloud. To kick things off, they provide a brief overview of what Microsoft Entra ID (previously known as Azure AD) is/was and its crucial role in the Microsoft Cloud ecosystem.

Amidst the changes, Andy and Paul emphasize a critical point: IT professionals and security experts primarily care about understanding a platform’s functionality, features, and ability to solve real-world problems. The name may change, but the core value remains the same.

Timestamps:

2:03 – Azure AD is Now Microsoft Entra ID

9:35 – Relevant Acronyms for the Identity Space

13:49 – Entra Internet Access

21:28 – Entra Private Access

26:44 – M365 / Entra ID Tenant Restrictions

30:23 – How Do These Features Factor Into the Storm-0558 Breach?

Episode resources:

Hornetsecurity 365 Total Protection

Podcast episode: Licensing Security Features in M365

Microsoft Entra ID

Azure Active Directory Domain Services

Find Andy on LinkedIn, Twitter or Mastadon

Find Paul on LinkedIn or Twitter

As cybersecurity professionals, MSSPs, and security vendors, we often get mired down in the weeds of the “tech” involved in the job and frequently struggle to convey the value of said technology to the C-Suite. With that said, we’re deviating from our regularly scheduled programming this week to bring you something of a “soft-skills” episode to address this key point.  

This week we’re excited to bring you the business and C-Suite knowledge of our very own Hornetsecurity Chief Operating Officer, Daniel Blank for a discussion on how you can get your leadership team to see value in technology, put priority on security, and ultimately sell cybersecurity to the C-Suite. Hope you enjoy! 

Timestamps:

2:23 – Conveying the Value of Cybersecurity to Leadership without Using the Fear Angle 

15:50 – Compliance and Similar Issues Often Drives C-Suite Attention 

26:05 – An Example – What Would Daniel Look for When Having to Make a C-Suite Decision? 

Episode Resources:

365 Total Protection 

Email Encryption 

Andy on LinkedIn, Twitter or Mastodon 

Daniel on LinkedIn 

In today’s episode, Andy and Umut are unravelling the transformative impact of AI in cybersecurity defense. Discover how AI empowers defenders with enhanced knowledge of setting up robust defense mechanisms, from firewalls to anomaly detection systems. Amidst the prevailing focus on AI’s darker aspects, this episode illuminates its positive role in the security space, equipping blue teams to match wits with increasingly intelligent adversaries. Our hosts, Andy and Umut, both distinguished members of the Security Lab at Hornetsecurity, will provide expert insights into how Hornetsecurity’s suite of products leverages AI to display a concrete example in the industry. 

Join us as we shift the narrative from AI’s potential for malicious use to how defensive toolsets and security experts are harnessing its power.  

Timestamps: 

3:12 – How has AI changed the threat landscape? 

6:10 – How can AI help blue teams? 

16:08 – An example of AI used defensively in a software stack 

26:24 – What advancements in AI in the security space are we likely to see in the future? 

Episode Resources:

EP08: Advanced Threat Protection: A Must Have in Today’s Ecosystem?

EP03: The Reemergence of Emotet and Why Botnets Continue to Return

Advanced Threat Protection

Security Awareness Service

OpenAI Cybersecurity Grant Program

AI can steal data by listening to keystrokes with 95% accuracy

Andy on LinkedIn, Twitter or Mastodon 

Umut on LinkedIn 

In today’s episode we have Eric Siron, Microsoft MVP, joining Andy for a discussion on the debated topic of On-Prem Security versus Cloud Security from a security standpoint. The digital landscape has transformed, raising questions about securing multiple cloud services, APIs, and the scattered user base. We explore how defenses have evolved and although default protections have strengthened, attack vectors have grown smarter with the growth of ransomware. Join us as we dissect these changes and their impact on modern security paradigms in an era where protection and adaptation are paramount. 

Disclaimer: This episode was recorded just before news of the Microsoft breach hit the headlines. Thus, while some of the perspectives may seem momentarily misaligned due to the unfolding events, the core insights and conclusions drawn remain the same.  

Timestamps:

3:50 – What is the current state of on-premises infrastructure in terms of security?  

12:37 – How does compliance factor into on-premises security? 

21:12 – Is Infrastructure in the cloud more secure? 

33:12 – Is “The Cloud” or “On-Premises” more secure? 

Episode Resources:

Monthly Threat Report – August 2023 

Andy and Paul Discuss M365 Security

Andy and Paul Discuss the Difficulty of Licensing Security Features in M365

Hornetsecurity Ransomware Survey Findings

The Backup Bible

Hornetsecurity’s Security Awareness Service

Information on Recent SEC Announcement

The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. Every month, Andy will be hosting an episode to dive into the key takeaways from the report. 

In today’s episode, Andy and Umut will be sharing a threat overview based on data from the Security Lab throughout July 2023. From the changing tactics in email attacks, to new brand impersonations and the impact of dark-web generative AI (Artificial Intelligence) tools like WormGPT, we will equip you with the right information to help you stay ahead of these new emerging threats.  

Episode Resources:

Monthly Threat Report – August 2023 

EP 01 – We Used ChatGPT to Create Ransomware

Andy on LinkedIn, Twitter or Mastodon 

Umut on LinkedIn