by jdpoteet | Apr 4, 2025 | Threat Advisories, Blogs
DOWNLOAD PDF
Overview
Cybercriminals are continually evolving their tactics to bypass security measures, and a new phishing attack leveraging an advanced JavaScript obfuscation technique is raising alarms. Researchers at Juniper Threat Labs recently identified this sophisticated method, which uses invisible Unicode characters to conceal malicious JavaScript payloads.
Unmasking the Attack
In early January 2025, affiliates of a major American political action committee (PAC) were targeted using a phishing attack that employed a novel JavaScript obfuscation method. Originally demonstrated by security researcher Martin Kleppe in October 2024, this technique quickly transitioned from a proof of concept into an active threat.
The obfuscation method works by encoding JavaScript payloads using Hangul half-width (U+FFA0) and Hangul full-width (U+3164) Unicode characters, effectively rendering the malicious script invisible. Attackers store the obfuscated code as a property within a JavaScript object. A short bootstrap script retrieves and executes the hidden payload by converting the Hangul characters back into binary via a JavaScript Proxy ‘get() trap.’
Advanced Evasion Techniques
Beyond obfuscation, attackers employed several additional techniques to evade detection:
- Personalized Targeting: Leveraging non-public information to enhance credibility.
- Debugger & Timing Checks: The script detects analysis attempts and redirects to a benign site if debugging is detected.
- Obscured Phishing Links: Recursively wrapped Postmark tracking links hide the actual phishing destination.
These techniques make detection and mitigation challenging, as security scanners may overlook the empty whitespace containing the malicious code. Additionally, the obfuscated payload can be injected into legitimate scripts without immediate suspicion.
Implications and Future Risks
The use of this JavaScript obfuscation technique marks a new frontier in phishing attacks. Security researchers have linked some domains involved in this campaign to the Tycoon 2FA phishing kit, suggesting that this method could soon be adopted by a broader range of cybercriminals.
Protecting Against Emerging Threats
With attackers continually refining their methods, organizations must enhance their security posture:
- Advanced Threat Detection: Update security tools to recognize obfuscated JavaScript techniques.
- Security Awareness Training: Educate employees on identifying and avoiding phishing attempts.
- Robust Email Security Policies: Implement filtering mechanisms to prevent malicious scripts from reaching users.
Blackswan Cybersecurity remains committed to monitoring these evolving threats and equipping organizations with the knowledge and tools needed to stay ahead of cybercriminals. Stay vigilant, stay informed, and fortify your defenses against the invisible threats lurking in the digital landscape.
References
by jdpoteet | Apr 2, 2025 | News, Flyers, Blogs
DOWNLOAD PDF
Introduction: A New Era of Cyber Vigilance
In an increasingly digitized financial landscape, the U.S. Securities and Exchange Commission (SEC) has elevated cybersecurity and operational resilience to the pinnacle of its 2025 examination agenda.
As financial firms deepen their reliance on advanced technologies and third-party ecosystems, the stakes have never been higher. Cyber threats—from sophisticated data breaches to ransomware attacks—pose existential risks to market stability and investor trust. Recognizing this, the SEC is intensifying its focus on ensuring that firm’s cyber risk management frameworks are robust, adaptive to an evolving threat landscape, and aligned with stringent regulatory standards.
DOWNLOAD PDF
This whitepaper explores the SEC’s 2025 priorities, delving into key focus areas, recent enforcement trends, and actionable strategies for firms to fortify their defenses and meet regulatory expectations.
The Imperative of Cybersecurity Governance
A commitment to strong cybersecurity governance lies at the heart of the SEC’s 2025 priorities. The agency scrutinizes whether firms have embedded cyber risk oversight into their leadership structures, with senior management and boards playing active roles in safeguarding their organizations. This begins with establishing clear, actionable policies to identify and mitigate cyber risks, underpinned by regular risk assessments that probe vulnerabilities across IT ecosystems.
Equally critical are well-defined escalation and response protocols, ensuring that firms can act swiftly and decisively when a cyber incident occurs. The SEC’s message is clear: cybersecurity is no longer a technical issue relegated to IT departments—it is a strategic imperative that demands executive accountability.
Mastering Incident Response and Recovery
As cyberattacks grow in frequency and complexity, the ability to respond and recover effectively has become a cornerstone of operational resilience. The SEC is zeroing in on firms’ incident response capabilities, examining the strength of detection systems, the clarity of reporting mechanisms, and the readiness to counter threats like:
- Ransomware
- Business Email Compromise (BEC)
- Data Exfiltration
Beyond immediate response, the agency seeks robust post-incident analysis and remediation strategies that prevent recurrence.
A particular point of emphasis is handling material cybersecurity incidents: Firms must demonstrate technical preparedness and transparency, providing timely disclosures to investors and regulators to maintain market confidence.
Safeguarding the Lifeblood of Finance: Data Protection
In a sector where sensitive financial and investor data is the lifeblood of operations, protecting it remains a non-negotiable priority. The SEC is intensifying its evaluation of data security controls, focusing on identity and access management (IAM) systems to thwart unauthorized intrusions, the widespread adoption of multi-factor authentication (MFA) across critical platforms, and the deployment of encryption and data loss prevention (DLP) tools to shield information from compromise.
Firms that fall short in these areas risk operational disruption and the SEC’s regulatory hammer, as inadequate data protection could trigger enforcement actions that reverberate across the industry.
Navigating the Third-Party Risk Frontier
The interconnected nature of modern finance—where third-party service providers are integral to operations—introduces a complex web of cyber risks. The SEC is spotlighting how firms manage these external dependencies, starting with rigorous vendor due diligence and risk assessments before onboarding.
Contracts must embed enforceable cybersecurity requirements, and ongoing monitoring is essential to ensure compliance with industry standards. With outsourced services often serving as potential weak links, the SEC urges firms to eliminate regulatory blind spots by documenting and refining their third-party risk management practices, ensuring resilience extends beyond their walls.
Aligning with Evolving Regulatory Standards
The SEC’s 2025 examinations are not occurring in a vacuum—they are shaped by a wave of recent regulatory updates designed to bolster cybersecurity across the financial sector. Firms are expected to align with enhanced requirements under Regulation S-P, which fortifies customer data protections and proposed Cybersecurity Risk Management Rules targeting investment advisers and broker-dealers.
New disclosure mandates for cyber incidents and risk management practices further underscore the need for transparency. To stay ahead, firms must proactively review and recalibrate their cybersecurity policies, weaving in best practices to meet current and emerging expectations.
Lessons from the Enforcement Frontline
The SEC’s resolve is vividly illustrated through its recent enforcement actions, which serve as both a warning and a roadmap for compliance.
- In October 2024, four companies—Unisys Corp., Avaya Holdings Corp., Check Point Software Technologies Ltd., and Mimecast Limited—faced charges for misleading disclosures tied to the 2020 SolarWinds breach, paying penalties ranging from $990,000 to $4 million.
- In March 2024, the agency tackled “AI washing,” fining Delphia (USA) Inc. and Global Predictions Inc. a combined $400,000 for exaggerating their AI capabilities.
- In December 2024, the Industrial and Commercial Bank of China Financial Services (ICBCFS) settled charges following a ransomware attack, avoiding penalties due to cooperation but highlighting the cost of unpreparedness.
These cases underscore the SEC’s unwavering focus on truthfulness, preparedness, and accountability.
Charting the Path Forward
As the SEC’s 2025 examinations loom, financial firms must act decisively to align with these priorities. Conducting cybersecurity risk assessments tailored to SEC expectations is a critical first step, followed by rigorous testing of incident response and business continuity plans through tabletop exercises. Strengthening oversight of third-party vendors and ensuring they meet cybersecurity benchmarks is equally vital. Meanwhile, continuous monitoring and real-time threat detection can uncover vulnerabilities before exploiting them. By embracing these measures, firms can mitigate regulatory risks and enhance their operational resilience in an unpredictable digital world.
Conclusion: Cybersecurity as a Competitive Edge
The SEC’s 2025 examination priorities signal a transformative moment for the financial sector, where cybersecurity and operational resilience are inseparable from market integrity and investor protection. Firms that view these mandates as an opportunity—rather than a burden—stand to gain a competitive edge. By fortifying their cyber defenses, they safeguard not only their operations but also the trust of investors and the stability of the markets they serve. In this era of heightened scrutiny, proactive resilience is not just a regulatory necessity but a strategic advantage that will define the leaders of tomorrow.
by jdpoteet | Apr 1, 2025 | News, Flyers, Case Studies
Overview
Automotive dealerships are increasingly becoming prime targets for cyberattacks. With 15% of all dealerships already breached, the auto industry faces growing risks from hackers exploiting outdated technology, untrained staff, and unsecured financial and personal data. Despite handling sensitive customer information, most dealerships operate as mid-market businesses with limited cybersecurity budgets and IT resources. Blackswan Cybersecurity, in partnership with Stellar Cyber Open XDR, delivers an enterprise-level security solution tailored to the needs and budgets of mid-market dealerships.
The Cybersecurity Challenge for Dealerships
Auto dealerships face unique cybersecurity risks, including:
- Aging Technology: Many dealerships rely on outdated IT systems no longer supported by manufacturers.
- Limited IT & Cyber Expertise: Small IT teams must juggle multiple responsibilities, making it difficult to stay ahead of cyber threats.
- Human Error: 85% of dealership breaches originate from email phishing attacks due to low employee awareness.
- Financial & Legal Risks: Cyberattacks can lead to FTC fines (up to $45K per infraction), lawsuits, reputational damage, and even the loss of credit card processing capabilities.
As cybercrime becomes a $9.5 trillion global industry, fueled by organized crime syndicates and state-backed cyberterrorists, dealerships need a security solution that is both powerful and cost-effective.
The Solution: Blackswan Cybersecurity & Stellar Cyber Open XDR
To address these challenges, Blackswan Cybersecurity partners with Stellar Cyber’s Open XDR platform to offer an integrated, AI-driven security solution designed for mid-market dealerships.
Why Dealerships Choose This Solution:
- Enterprise-Level Protection at a Mid-Market Price: Blackswan provides FTC compliance for ~$20/month per employee, making advanced security affordable.
- Comprehensive Threat Detection & Response: Stellar Cyber’s platform consolidates SIEM, NDR, XDR, and AI-driven analytics into one easy-to-manage system.
- Seamless Implementation & 24/7 Support: Unlike traditional security vendors, Blackswan and Stellar Cyber work as an extension of the dealership’s team, providing hands-on guidance and continuous monitoring.
Real-World Impact: Jerry Durant Auto Group – Case Study
For Russell Haile, IT Director at Jerry’s Chevrolet in Weatherford, TX, managing cybersecurity on a mid-market budget has been an ongoing challenge. With a small IT team supporting 350 employees, Haile needed a cost-effective, easy-to-manage solution that wouldn’t overwhelm his staff.
By partnering with Blackswan Cybersecurity and implementing Stellar Cyber’s Open XDR platform, Jerry Durant Auto Group achieved:
- Faster Threat Detection: Automated threat analysis reduced response times and minimized attack risks.
- Simplified Security Management: Haile’s small IT team could now oversee cybersecurity operations efficiently without additional staff.
- Stronger Compliance & Customer Trust: Proactive security measures ensured FTC compliance and enhanced customer confidence in data protection.
Conclusion
Blackswan Cybersecurity and Stellar Cyber provide mid-market auto dealerships with a low-cost, one-stop cybersecurity solution that meets FTC compliance, protects sensitive customer data, and strengthens defenses against growing cyber threats. For IT leaders like Russell Haile at Jerry Durant Auto Group, this partnership means enterprise-level security without the complexity or cost of traditional solutions. With Stellar and Blackswan, mid-sized dealerships can direct their focus to selling cars with peace of mind that their business and customers are secure.
by jdpoteet | Mar 26, 2025 | News, Blogs
The Incident: Ransomware Strikes a Leading Architectural Firm w/ 1,500 Employees
In January 2023, CannonDesign, a globally recognized architectural and engineering firm, was hit by a major ransomware attack by the Avos Locker group. The attackers exfiltrated 5.7 terabytes of sensitive corporate and client data, which included project schematics, IT infrastructure details, and personal employee information.
DOWNLOAD PDF VERSION
Following unsuccessful ransom negotiations, a second cybercriminal group, Dunghill Leaks, publicly leaked 2 terabytes of this data—exposing critical business information and causing long-term reputational and financial damage.
Cybersecurity Challenges for Architectural & Engineering Firms
Firms in the architecture, engineering, and construction (AEC) industry face unique cybersecurity risks due to their reliance on large-scale digital collaboration, sensitive intellectual property, and globally distributed project teams. Common challenges include:
- Valuable Intellectual Property (IP): Design blueprints, proprietary engineering solutions, and construction plans are lucrative targets for cybercriminals and competitors.
- Extensive Third-Party Collaboration: Shared access to project data across vendors, contractors, and cloud services increases the attack surface.
- Legacy IT Systems & Software Gaps: Many firms use a mix of outdated software and new digital tools, leaving vulnerabilities that hackers exploit.
- Ransomware & Data Breaches: With massive file storage needs, these firms are prime targets for ransomware attacks, which can halt operations and delay multimillion-dollar projects.
How MDR Services Can Prevent Business-Disrupting Cyber Attacks
CannonDesign’s attack highlights the need for proactive cybersecurity measures. Implementing a Managed Detection and Response (MDR) service can significantly enhance an organization’s ability to prevent, detect, and mitigate cyber threats before they cause irreversible damage. Here’s how:
- 24/7 Threat Monitoring & Rapid Detection – MDR continuously monitors endpoints, networks, and cloud environments for suspicious activity, ensuring early threat detection before an attack escalates.
- Proactive Threat Hunting – Advanced AI-driven analytics and expert security teams actively search for hidden threats within an organization’s infrastructure.
- Rapid Incident Response & Containment – MDR teams quickly contain and neutralize ransomware infections, minimizing data loss and downtime.
- Vulnerability & Risk Assessments – By identifying weak points in an AEC firm’s IT environment, MDR helps identify and patch vulnerabilities before attackers exploit them.
- Cloud & Third-Party Security – With firms relying on cloud-based design tools (AutoCAD, BIM 360, Revit, etc.), MDR ensures secure access controls and real-time monitoring of file activity.
Strengthening Cyber Resilience in the AEC Industry
The CannonDesign ransomware attack serves as a wake-up call for architecture and engineering firms. Implementing MDR is no longer optional — it’s essential to protect sensitive data, ensure project continuity, and maintain client trust.
Is your organization secure? Contact Blackswan Cybersecurity discuss, or take our free vulnerability assessment to better understand your current security posture and stay one step ahead of cybercriminals.
References
- https://www.techradar.com/pro/security/top-architectural-firm-reveals-it-was-hit-by-major-ransomware-attack
- https://www.bleepingcomputer.com/news/security/cannondesign-confirms-avos-locker-ransomware-data-breach/
- https://www.scworld.com/brief/avoslocker-ransomware-attack-against-cannondesign-confirmed
by jdpoteet | Mar 26, 2025 | News, Blogs
Why MDR is Essential for Cybersecurity Resilience in an Evolving Threat Landscape
Many companies rely on firewalls, antivirus software, and endpoint protection, but these solutions alone are no longer enough. Managed Detection and Response (MDR) bridges the gap by providing 24/7 threat monitoring, proactive detection, and rapid incident response, ensuring businesses can identify, contain, and neutralize threats before they cause significant damage.
In this blog, we’ll explore why MDR is not just an optional security layer but a critical component for enhancing cybersecurity resilience, reducing downtime, and staying ahead of emerging threats.
Managed Detection and Response (MDR) services have become essential in today’s cybersecurity landscape, yet several misconceptions persist. Addressing these myths is crucial for organizations aiming to bolster their security posture effectively.
Myth 1: MDR is Just Another Term for Managed Security Services (MSSP)
Reality: While both MDR and MSSPs offer security services, MDR provides proactive threat hunting, continuous monitoring, and active response to threats, whereas MSSPs typically focus on alert monitoring and basic security management.
Myth 2: MDR Services Are Only for Large Enterprises
Reality: MDR services are scalable and beneficial for organizations of all sizes, including small and medium-sized businesses. They provide access to advanced security expertise and technologies without the need for substantial in-house resources.
Myth 3: Existing Security Solutions Eliminate the Need for MDR
Reality: Even with robust security tools in place, MDR enhances an organization’s ability to detect and respond to sophisticated threats that traditional solutions might miss, offering a more comprehensive security approach.
Myth 4: MDR Only Focuses on Endpoint Security
Reality: Comprehensive MDR services encompass network monitoring, cloud security, and threat intelligence, providing a holistic approach to an organization’s security landscape.
Myth 5: Implementing MDR Is Too Expensive and Complex
Reality: Partnering with an MDR provider can be more cost-effective than building and maintaining an in-house 24/7 Security Operations Center (SOC), offering economies of scale and specialized expertise.
Myth 6: MDR Adds More Complexity to Existing Security Infrastructure
Reality: A well-integrated MDR service can simplify security operations by centralizing monitoring, response, and management, thereby reducing complexity and enhancing efficiency.
Myth 7: Organizations Lose Control Over Security with MDR Providers
Reality: Collaborating with an MDR provider offers enhanced visibility and control over security operations, as they work alongside internal teams to strengthen defenses.
Myth 8: MDR Is Solely About Threat Detection
Reality: True MDR encompasses detection, response, threat hunting, and remediation, providing a comprehensive security solution.
Myth 9: All MDR Providers Offer the Same Level of Protection
Reality: The quality and comprehensiveness of MDR services vary significantly between providers; it’s essential to assess their capabilities and alignment with organizational needs.
Myth 10: More Security Tools Translate to Better Security
Reality: An excess of security tools can lead to tool overload, increasing costs and integration challenges. Effective MDR services streamline security operations, focusing on efficiency and efficacy.
Understanding and dispelling these myths enables organizations to make informed decisions about implementing MDR services, ultimately strengthening their cybersecurity posture.
