Threat Landscape Briefing – March 2025

In this month’s briefing we explore:

• Hackers Exploit Cityworks RCE Bug to Breach Microsoft IIS Servers (00:56)
  • Threat actors are actively exploiting a high-severity deserialization flaw to remotely execute commands on Microsoft IIS servers.
  • See how Info-Tech can help with Threat Preparedness Using MITRE ATT&CK®.
• When Ransom Notes Become Recruitment Tools (04:32)
  • Ransomware groups have evolved their tactics, shifting from purely external attacks to actively recruiting insiders within organizations.
  • Learn how Info-Tech can help you Reduce and Manage Your Organization’s Insider Threat Risk
• Gcore DDoS Radar Reveals 56% Year-Over-Year Increase in DDoS Attacks (07:19)
  • Gcore’s latest DDoS Radar report for 2024 highlights a significant 56% year-over-year increase in DDoS attacks, rising from 1.2 million in 2023 to 1.8 million in 2024.
  • Explore what Info-Tech can help your organization Develop and Implement a Security Incident Management Program.
• Cryptocurrency Heist of the Century (10:05)
  • Bybit has requested assistance from top cybersecurity experts to recover 1.5 billion dollars of cryptocurrency stolen in a significant digital theft.
  • Check out our Assess and Manage Security Risks blueprint.
• Code Injection Attack Caused by Disclosure of Machine Keys (13:28)
  • More than 3,000 publicly exposed ASP.NET machine keys have been identified by Microsoft, which could be compromised by threat actors in code injection attacks against enterprise servers.
  • Learn how your organization can Embed Security Into the DevOps Pipeline.

If you have a question or would like to receive these monthly briefings via email, submit a request here.