Latest news with #MITREATT&CK
Hans India
4 days ago
- Hans India
FDP on cyber security for faculty, researchers, professionals
Visakhapatnam: To equip institution's faculty, researchers and industry professionals with advanced knowledge and tools to combat rising cyber threats, a faculty development programme (FDP) on cyber security was held here on Monday. Organised jointly by GITAM and CDAC, the Centre for Development of Advanced Computing (C-DAC) located in Hyderabad is a Scientific Society of the Ministry of Electronics and Information Technology. The C-DAC centre head CHAS Murthy and noted cyber security expert Sarat Chandra Babu attended as resource persons and emphasised the urgent need for educational institutions to lead the charge in cyber security preparedness and human resource development. The experts briefed about current vulnerabilities, AI-driven cyber threats and the growing importance of securing digital infrastructures. They said that under the national Information Security Education and Awareness framework, the programme aims to bridge the knowledge gap between evolving threats and institutional readiness. The institution's School of Computer Science and Engineering dean S. Arun Kumar reaffirmed the institution's commitment to enhancing digital resilience and fostering academic-industry collaboration in cyber security. The School of Technology director K. Nagendra Prasad mentioned that the FDP represents the institution's continued dedication to academic excellence and national digital empowerment, creating a skilled workforce ready to tackle tomorrow's cyber challenges. The six day FDP features a well-curated line-up of expert-led sessions, hands-on workshops, and collaborative discussions on emerging cybersecurity trends, including topics like IoT security, vulnerability exploitation, the MITRE ATT&CK framework and real-world defence strategies.
Business Wire
30-04-2025
- Business
- Business Wire
Cloud Range Secures 2025 SC Award for Best IT Security-Related Training Program
SAN FRANCISCO--(BUSINESS WIRE)-- Cloud Range, the industry-leading cyber range solution for cyber readiness and cybersecurity skills development, has been honored with the 2025 SC Award for Best IT Security-Related Training Program. This prestigious recognition underscores Cloud Range's commitment to equipping cybersecurity professionals with the practical, hands-on training necessary to effectively manage and respond to evolving cyber threats. The SC Awards, presented by SC Media, are among the cybersecurity industry's most esteemed accolades, celebrating excellence in security solutions, organizations, and individuals. Cloud Range's selection as a winner highlights its innovative approach to cybersecurity education and its impact on enhancing organizational resilience against cyberattacks. "Winning the 2025 SC Award is a testament to the dedication and expertise of our innovative team," said Debbie Gordon, CEO of Cloud Range. "We are honored to be recognized for our efforts in advancing cybersecurity training with live-fire simulations, and we are committed to continuing Cloud Range's mission to empower security teams with the skills and hands-on experience needed to defend against today's complex cyber threats." Cloud Range provides a full-service, customizable cyber range-as-a-service platform, providing immersive simulation training that accelerates real-world experience for enterprise SOC and incident response teams across various industries. The platform's integration with the MITRE ATT&CK framework and its focus on both technical and soft skills development ensure comprehensive preparedness for cybersecurity professionals. For more information about Cloud Range and its award-winning training solutions, please visit Find out more about today's win here. About Cloud Range Cloud Range is a pioneer in cybersecurity simulation and readiness training, providing the first-ever full-service, cloud-based customizable cyberattack simulation training platform in the world. Used by enterprise SOC and incident response teams, managed security service providers (MSSPs), governments, higher education institutions, utilities, critical infrastructure, and many other industries, Cloud Range enables organizations to accelerate the cyber defense skills of their cybersecurity professionals using its proprietary simulation training and assessment platform. Customers can train security teams, assess candidates, onboard new hires, and improve cybersecurity team skills, significantly reducing cyber risk. Cloud Range won the CISO Choice Award for security education and training, the Top InfoSec Innovator Award for Cutting Edge Cyber Defense Training, the Fortress Cyber Security Award for Best Cybersecurity Training, and the ASTORS Homeland Security Award for Best Cyber Defense Team Training. Learn more at
Associated Press
30-04-2025
- Business
- Associated Press
Cloud Range Secures 2025 SC Award for Best IT Security-Related Training Program
SAN FRANCISCO--(BUSINESS WIRE)--Apr 30, 2025-- Cloud Range, the industry-leading cyber range solution for cyber readiness and cybersecurity skills development, has been honored with the 2025 SC Award for Best IT Security-Related Training Program. This prestigious recognition underscores Cloud Range's commitment to equipping cybersecurity professionals with the practical, hands-on training necessary to effectively manage and respond to evolving cyber threats. The SC Awards, presented by SC Media, are among the cybersecurity industry's most esteemed accolades, celebrating excellence in security solutions, organizations, and individuals. Cloud Range's selection as a winner highlights its innovative approach to cybersecurity education and its impact on enhancing organizational resilience against cyberattacks. 'Winning the 2025 SC Award is a testament to the dedication and expertise of our innovative team,' said Debbie Gordon, CEO of Cloud Range. 'We are honored to be recognized for our efforts in advancing cybersecurity training with live-fire simulations, and we are committed to continuing Cloud Range's mission to empower security teams with the skills and hands-on experience needed to defend against today's complex cyber threats.' Cloud Range provides a full-service, customizable cyber range-as-a-service platform, providing immersive simulation training that accelerates real-world experience for enterprise SOC and incident response teams across various industries. The platform's integration with the MITRE ATT&CK framework and its focus on both technical and soft skills development ensure comprehensive preparedness for cybersecurity professionals. For more information about Cloud Range and its award-winning training solutions, please visit Find out more about today's win here. About Cloud Range Cloud Range is a pioneer in cybersecurity simulation and readiness training, providing the first-ever full-service, cloud-based customizable cyberattack simulation training platform in the world. Used by enterprise SOC and incident response teams, managed security service providers (MSSPs), governments, higher education institutions, utilities, critical infrastructure, and many other industries, Cloud Range enables organizations to accelerate the cyber defense skills of their cybersecurity professionals using its proprietary simulation training and assessment platform. Customers can train security teams, assess candidates, onboard new hires, and improve cybersecurity team skills, significantly reducing cyber risk. Cloud Range won the CISO Choice Award for security education and training, the Top InfoSec Innovator Award for Cutting Edge Cyber Defense Training, the Fortress Cyber Security Award for Best Cybersecurity Training, and the ASTORS Homeland Security Award for Best Cyber Defense Team Training. Learn more at View source version on CONTACT: Media Contact: Leslie Kesselring Kesselring Communications for Cloud Range Email:[email protected] Phone: 503-358-1012 KEYWORD: UNITED STATES NORTH AMERICA CALIFORNIA INDUSTRY KEYWORD: TECHNOLOGY MANUFACTURING TRAINING OTHER EDUCATION DEFENSE OTHER TECHNOLOGY OTHER DEFENSE SOFTWARE CONTRACTS EDUCATION NETWORKS INTERNET OTHER MANUFACTURING SECURITY SOURCE: Cloud Range Copyright Business Wire 2025. PUB: 04/30/2025 12:05 PM/DISC: 04/30/2025 12:04 PM
Business Wire
21-04-2025
- Business
- Business Wire
DirectDefense Releases Annual Security Operations Threat Report Identifying Top Attack Tactics and Emerging Threats for 2025
DENVER--(BUSINESS WIRE)-- DirectDefense, Inc., an information security services company, today released its ' 2025 Security Operations Threat Report' which identifies the type and frequency of threats, offers insight into attacker behavior and the evolution of security threats, and forecasts the biggest threats to be aware of for the remainder of 2025. In 2024, DirectDefense processed more than 10 million log events, ensuring rapid detection, response, and mitigation of potential cyber threats. The company discovered that adversaries have refined their techniques, blending social engineering with AI and automation to evade detection. DirectDefense mapped these alerts to the MITRE ATT&CK® framework to identify these top five tactics: 1. Initial Access – The Gateway to Compromise Most Observed Technique: Valid Accounts – leveraging stolen credentials for unauthorized access. Alerts Triggered: First Ingress Authentication from Country, Multiple Country Ingress Authentications, Multiple Wireless Country Authentications. 2. Persistence – Remaining Hidden in the Environment Most Observed Technique: MFA Interception – attackers manipulating MFA settings to maintain access. Alerts Triggered: New MFA Authenticator App Added, Account Manipulation. 3. Lateral Movement – Expanding Control Across the Network Most Observed Technique: Valid Accounts – using stolen credentials to escalate privileges. Alerts Triggered: Lateral Movement – Local Credentials. 4. Execution – Deploying Malicious Payloads Most Observed Technique: Malicious File Execution – tricking users into running malware via phishing and social engineering. Alerts Triggered: Malicious File Detected. 5. Credential Access – Harvesting Sensitive Authentication Data Most Observed Technique: Brute Force – automated attacks on authentication systems. Alerts Triggered: Account Lockout Events. These attack tactics highlight a growing focus on identity compromise by bad actors, which requires organizations to enforce zero trust principles and employ strong identity verification for all access requests. Additionally, organizations should: monitor identity-based events rigorously to detect anomalous MFA registrations and account modifications restrict lateral movement by implementing network segmentation and least privilege access enhance endpoint defenses through behavior-based detections and real-time anomaly detection strengthen password policies and enforce MFA with phishing-resistant methods Emerging threats for 2025 Based on these attack tactics, the DirectDefense team identified emerging threats that top the list for security concerns: Faster and more sophisticated attacks: The average time from initial access to domain control has shrunk to under two hours, while ransomware deployment occurs in as little as six hours. AI's double-edged sword: While AI helps cut through security alert noise, attackers are also leveraging AI to craft more convincing phishing attempts, deepfake scams, and automated attacks. Security vendor consolidation risks: Major vendors like Fortinet and Cisco faced security vulnerabilities in 2024, highlighting the risks of relying on broad, one-size-fits-all security solutions. Cloud environment threats: Companies struggle to secure multi-cloud environments, making cloud posture assessment and monitoring more critical than ever. Remote work and third-party risks: Attackers continue to exploit vulnerabilities in remote access tools and third-party vendors, necessitating stricter access controls and monitoring. The report also highlights the growing threat to critical industries and the shift from ransomware to extortion tactics. The types of attack tactics vary year to year, but DirectDefense's report reflects how the techniques and executions attackers use evolve over time. 'Attackers have honed their techniques to become faster and more powerful against a company's defenses; conversely, security solutions are less able to withstand attacks on their own and need constant monitoring and tuning,' said Jim Broome, President and Chief Technology Officer for DirectDefense. 'As adversaries refine their techniques, organizations need to stay ahead by adapting their security posture. It's not just about responding to threats—it's about anticipating and mitigating them before they cause harm.' The full report can be found here. About DirectDefense, Inc. DirectDefense provides enterprise risk assessments, penetration testing, ICS/SCADA security services, and 24/7 managed security services for companies of all sizes. Focused on building security resiliency, the firm offers comprehensive security testing services with specialization in application security, vulnerability assessments, penetration testing, and compliance assurance testing. Its team of highly talented consultants has worked with the majority of the Fortune 100 companies, in industries such as power and utility, gaming, retail, financial, media, travel, aerospace, healthcare, and technology. More information can be found at
Yahoo
15-04-2025
- Business
- Yahoo
DirectDefense Releases Annual Security Operations Threat Report Identifying Top Attack Tactics and Emerging Threats for 2025
Growing focus on identity compromise by bad actors requires organizations to enforce zero trust principles and employ strong identity verification DENVER, April 15, 2025--(BUSINESS WIRE)--DirectDefense, Inc., an information security services company, today released its "2025 Security Operations Threat Report" which identifies the type and frequency of threats, offers insight into attacker behavior and the evolution of security threats, and forecasts the biggest threats to be aware of for the remainder of 2025. In 2024, DirectDefense processed more than 10 million log events, ensuring rapid detection, response, and mitigation of potential cyber threats. The company discovered that adversaries have refined their techniques, blending social engineering with AI and automation to evade detection. DirectDefense mapped these alerts to the MITRE ATT&CK® framework to identify these top five tactics: 1. Initial Access – The Gateway to Compromise Most Observed Technique: Valid Accounts – leveraging stolen credentials for unauthorized access. Alerts Triggered: First Ingress Authentication from Country, Multiple Country Ingress Authentications, Multiple Wireless Country Authentications. 2. Persistence – Remaining Hidden in the Environment Most Observed Technique: MFA Interception – attackers manipulating MFA settings to maintain access. Alerts Triggered: New MFA Authenticator App Added, Account Manipulation. 3. Lateral Movement – Expanding Control Across the Network Most Observed Technique: Valid Accounts – using stolen credentials to escalate privileges. Alerts Triggered: Lateral Movement – Local Credentials. 4. Execution – Deploying Malicious Payloads Most Observed Technique: Malicious File Execution – tricking users into running malware via phishing and social engineering. Alerts Triggered: Malicious File Detected. 5. Credential Access – Harvesting Sensitive Authentication Data Most Observed Technique: Brute Force – automated attacks on authentication systems. Alerts Triggered: Account Lockout Events. These attack tactics highlight a growing focus on identity compromise by bad actors, which requires organizations to enforce zero trust principles and employ strong identity verification for all access requests. Additionally, organizations should: monitor identity-based events rigorously to detect anomalous MFA registrations and account modifications restrict lateral movement by implementing network segmentation and least privilege access enhance endpoint defenses through behavior-based detections and real-time anomaly detection strengthen password policies and enforce MFA with phishing-resistant methods Emerging threats for 2025 Based on these attack tactics, the DirectDefense team identified emerging threats that top the list for security concerns: Faster and more sophisticated attacks: The average time from initial access to domain control has shrunk to under two hours, while ransomware deployment occurs in as little as six hours. AI's double-edged sword: While AI helps cut through security alert noise, attackers are also leveraging AI to craft more convincing phishing attempts, deepfake scams, and automated attacks. Security vendor consolidation risks: Major vendors like Fortinet and Cisco faced security vulnerabilities in 2024, highlighting the risks of relying on broad, one-size-fits-all security solutions. Cloud environment threats: Companies struggle to secure multi-cloud environments, making cloud posture assessment and monitoring more critical than ever. Remote work and third-party risks: Attackers continue to exploit vulnerabilities in remote access tools and third-party vendors, necessitating stricter access controls and monitoring. The report also highlights the growing threat to critical industries and the shift from ransomware to extortion tactics. The types of attack tactics vary year to year, but DirectDefense's report reflects how the techniques and executions attackers use evolve over time. "Attackers have honed their techniques to become faster and more powerful against a company's defenses; conversely, security solutions are less able to withstand attacks on their own and need constant monitoring and tuning," said Jim Broome, President and Chief Technology Officer for DirectDefense. "As adversaries refine their techniques, organizations need to stay ahead by adapting their security posture. It's not just about responding to threats—it's about anticipating and mitigating them before they cause harm." The full report can be found here. Follow DirectDefense LinkedIn: X: Blog: About DirectDefense, Inc. DirectDefense provides enterprise risk assessments, penetration testing, ICS/SCADA security services, and 24/7 managed security services for companies of all sizes. Focused on building security resiliency, the firm offers comprehensive security testing services with specialization in application security, vulnerability assessments, penetration testing, and compliance assurance testing. Its team of highly talented consultants has worked with the majority of the Fortune 100 companies, in industries such as power and utility, gaming, retail, financial, media, travel, aerospace, healthcare, and technology. More information can be found at View source version on Contacts Press contact: Cathy SummersSummers PRcathy@ 415-483-0480 Sign in to access your portfolio
