Below the Surface Summer 2023
Welcome to the Summer 2023 edition of the Below the Surface Threat Report.
During a summer of wildfires and hot weather, we have seen how the threat landscape has expanded and vulnerabilities targeting the supply chain are not slowing down. When it comes to ransomware and criminal actors, we’ll look at how incidents affecting the IT supply chain are rapidly resulting in material impact and class-action lawsuits, and we’ll dive into how the patch for the BlackLotus UEFI bootkit campaign isn’t enough to mitigate threats that can bypass Secure Boot going forward.
Then there is the recently uncovered backdoor in Gigabyte that presents IT Supply Chain Risk for customers of millions of devices, the TETRA:BURST vulnerabilities in mission-critical communications and the ever increasing attacks on network infrastructure.
We have also rounded up the latest federal regulations, including NIST CSF 2.0 Draft, CISA’s UEFI security recommendations, the National Defense Authorization Act for 2024, and updates related to CJIS compliance.
As the cybersecurity landscape continues to evolve, it’s crucial to stay informed and proactive in defending against emerging threats. We hope this report provides you with valuable insights and strategies to enhance your organization’s security posture.