Simply Cyber Newsletter #117

Crush Your Week Like a Cyber Pro with Simply Cyber!

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your End Users, Peers, and Executives to support weekly security awareness with Simply Cyber Newsletter!

FOR END USERS

Astaroth Phishing Kit Bypasses 2FA Using Reverse Proxy Techniques. New phishing tool "Astaroth" bypasses 2FA by mimicking real websites and stealing login info and session cookies in real-time. Even with 2FA, accounts on Gmail, Office 365, etc., are at risk if you click malicious links. Be extra cautious!

What you need to know: Astaroth is a sophisticated phishing tool that can steal your usernames, passwords, and bypass your Two-Factor Authentication (2FA). It makes fake login pages look very real, even showing ""HTTPS"" and the padlock symbol. It targets major platforms like Gmail, Yahoo, and Office 365. What this means is that relying on 2FA alone is no longer enough to guarantee your account security and that you could be more vulnerable to phishing attacks than you might think.

Educate your end users about extreme caution with links and login prompts. Never click on links in emails or messages that ask you to log in to important accounts (like email, banking, work accounts). Always navigate directly to websites by typing the address into your browser. Double-check website addresses for misspellings before entering any credentials, even if the site looks secure (HTTPS, padlock). Be suspicious of any unexpected login prompt, even if it seems familiar. If you suspect a phishing attempt, report it to your IT department immediately. Advise your end users to regularly review their account activity for any signs of unauthorized access. Early detection can help mitigate potential damage.

FOR PEERS

Ransomware Gangs Increasingly Prioritize Speed and Volume in Attacks. Ransomware groups in 2024 are faster, hitting more targets. Phishing is more sophisticated, and RAT malware is prevalent. Hands-on attacks target key industries. Data theft before ransomware is the norm. Defenses need to adapt with speed, better detection, and incident response plans.

What you need to know: For enhanced peer collaboration, have conversations with your peers to analyze the Huntress 2025 Cyber Threat Report. Focus discussions on data concerning faster TTR, RATs, and industry targeting to proactively update threat models and incident response plans. Specifically discuss report insights on 6hr TTR ransomware and sophisticated phishing evolutions. Brainstorm improved detection and rapid response techniques. Share best practices for mitigating hands-on attacks and containing data exfiltration. Collaboratively refine detection strategies, incident response, and data breach protocols leveraging report insights.

FOR EXECUTIVES

Sarcoma ransomware claims breach at giant PCB maker Unimicron. Unimicron, a major PCB manufacturer, was hit by Sarcoma ransomware, impacting a China subsidiary. 377GB of data may be leaked. Sarcoma is a fast-growing, sophisticated ransomware group using phishing and vulnerabilities. Executives must prioritize ransomware defense and incident response planning.

What you need to know: This attack demonstrates the significant business disruption and potential financial and reputational damage ransomware can inflict, even on large, multinational companies. Supply chain vulnerabilities are exposed, potentially impacting downstream customers. Rapidly emerging ransomware groups like Sarcoma demand proactive and adaptive security strategies. Executives must understand this is not just an IT issue but a critical business risk.

For strategic executive decisions, prioritize and invest in a robust, multi-layered ransomware defense strategy. This includes enhancing threat intelligence to understand emerging groups like Sarcoma, strengthening vulnerability management and patching processes, and significantly improving employee security awareness training to combat phishing. Develop and regularly test a comprehensive incident response and business continuity plan specifically for ransomware attacks. Furthermore, review and reinforce supply chain security protocols to mitigate risks from vendor compromises. Communicate proactively with stakeholders about cybersecurity measures and incident response capabilities to build trust and resilience.

LET’S CONNECT

Stay current on trending topics, tips, events and resources in cybersecurity, connect with Simply Cyber on socials for new content, every day.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Find more about what’s happening this week in the Simply Cyber community, below.

Thank you and see you again next time! Have a great week, #TeamSC!

Gerry

SIMPLY CYBER DAILY CYBER THREAT BRIEF

Catch the most popular weekday cyber threat news analysis livestream around and meet the most supportive community ever, #TeamSC!

Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM EST via YouTube and LinkedIn - podcast also available on Spotify, Apple Podcasts, or your favorite podcast platform. You can also check it out on our podcast webpage.

SC MEDIA GROUP SIMPLY DEFENSIVE PODCAST

When: Monday, February 17 at 9:30 AM ET | Presented by: Simply Cyber Media Group

S2 E6: Navigating OT Security - An Inside Look with Lesley Carhart

In this episode of Simply Defensive, hosts Josh Mason and Wade Wells welcome the highly esteemed Leslie Carhart from ‪Dragos‬. Step into the world of industrial cybersecurity, discussing the critical nature of securing vital infrastructure like power plants, water treatment facilities, and manufacturing setups. Leslie shares insights on the unique challenges faced in this sector, including handling old systems, different procedural mindsets, and low-level industrial devices.

The episode also covers Leslie's intriguing career journey, filled with diverse technical roles, and her advice on entering and thriving in cybersecurity. Moreover, Leslie offers valuable guidance on mentorship and maintaining a work-life balance for cybersecurity professionals.

Join us at 9:30 AM EST on Monday after the Daily Cyber Threat Brief and Jaw Jackin’.

SC MEDIA GROUP SC ACADEMY LUNCH N LEARN LIVE

When: Tuesday, February 18 at 1 PM ET | Presented by: Simply Cyber Media Group

Risk Management and NIST Cybersecurity Framework Fundamentals - Lunch n Learn

When you think about breaking into cybersecurity at an entry level or making a mid-career transition into GRC, it can feel like staring at a mountain. ⛰️ Where do you start?

What do you need to know? One of the best guidebooks to begin with is the NIST Cybersecurity Framework (CSF). Originally released 10 years ago in response to a presidential executive order, this 32-page document has rapidly become a go-to resource for organizations of all sizes. The CSF helps businesses assess their current security posture, define a target state, and enhance cyber resilience—all while being adaptable across industries.

Join the Simply Cyber Lunch n Learn with GRC practitioner and instructor, Steve McMichael this Tuesday.

SC MEDIA GROUP CYBERSECURITY MENTORS PODCAST 

When: Thursday, February 20 at 9:30 AM ET | Presented by: Simply Cyber Media Group

S2 E7: Zero to Hero with Daniel De Leon

In this episode we chat with Daniel, who is just starting out on his journey in cybersecurity. We work to give him guidance, direction, and a roadmap for landing his first job.

Join us here for this upcoming episode on Thursday after the Daily Cyber Threat Brief.

SC MEDIA GROUP WEEKLY STREAM SCHEDULE

SC ACADEMY THE PLACE FOR GRC CAREERS

At Simply Cyber Academy, we specialize in making GRC Cybersecurity Careers a reality. Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. In addition, we have NEW COURSES available to help you advance in your GRC Cyber career. Check them out!

Visit academy.simplycyber.io to learn more now.