Latest Insights

MOVEit Cl0p, You’re Not the Only One

In Q3 2023, PwC’s Dark Lab responded to two incidents derived from exploitation of the zero-day vulnerability in Progress’ MOVEit File Transfer solution. Whilst exploitation of the zero-day is widely associated with Cl0p, deeper inspection of our second incident indicated another player was at hand. PwC’s Dark Lab have been closely monitoring the mass exploitation…

Cyber Literacy in Hong Kong – a Public Good to Bridge the Talent Gap and Develop a Secure Digital Society

As the global cyber threat landscape continues to evolve, defenders will continue to play catch-up by finding ways to prevent, detect, respond and recover from cyber-attacks. However, we need to further democratize security and get citizens of all technical backgrounds more involved in order to fight back against latest threats that target both organizations and…

Bug Bounty Programs – a Public Good that is a Necessity for Corporates, SMEs, and Individuals Alike

As the cyber threat landscape continues to evolve and threat actors increasingly target vulnerable external-facing assets, bug bounties present organizations with an opportunity to proactively identify and remediate vulnerabilities before they can be exploited by attackers. In today’s digital age, cyber threats have become increasingly prevalent, and enterprises are struggling to keep up with the…

Secure Your Holidays: The Case of Qakbot and Black Basta

On the eve of Christmas, a suspected Black Basta affiliate conducted a ‘quick and dirty’ attack on a global client, lending insight into the opportunistic targeting of victims during holiday downtime periods. The Significance of Dates The holidays are a time for rest and rejuvenation for most. But for attackers, the holidays present a timely…

Forecasting the Cyber Threat Landscape: What to Expect in 2023

In a blink of an eye, 2023 is upon us. As we bid farewell to another record-breaking year of increased disclosed vulnerabilities, ransomware incidents, phishing scams, data breaches, and crypto heists, it is hard not to imagine that this year will be any less eventful as threat actors aggressively lower the barriers to entry of…

LockBit 3.0: New Capabilities Unlocked

LockBit persists as the most prominent Ransomware-as-a-Service (RaaS) groups in 2022, showcasing heightened capabilities in their LockBit 3.0 iteration and a persistent nature to continuously evolve. As the LockBit RaaS group re-emerges with their new and improved ransomware, LockBit 3.0 (also known as LockBit Black), we observed new capabilities and a heightened sophistication based on…

Loading…

Something went wrong. Please refresh the page and/or try again.