Industry Insights
Read the latest cloud security news, trends, and thought leadership from subject matter experts.

How to Protect Against SMS Phishing and Other Similar Attacks
Originally published by Lookout. Written by Hank Schless, Senior Manager, Security Solutions, Lookout. Last year, cloud communications company Twilio announced that its internal systems were breached after attackers obtained employee credentials using an SMS phishing attack. Around the same t...
Zoom Users At Risk In Latest Malware Campaign
Originally published by Cyble on January 5, 2023. Modified Zoom App Employed In Phishing Attack To Deliver IcedID Malware Zoom is a video conferencing and online meeting platform that allows users to host virtual meetings, webinars, and video conference calls. It is available on various devices, ...
A Closer Look at BlackMagic Ransomware
Originally published by Cyble on December 7, 2022. New Ransomware disrupting Transportation and Logistics Industry in Israel During a routine threat-hunting exercise, Cyble Research and Intelligence Labs (CRIL) came across a new ransomware group named “BlackMagic” ransomware. This ransomware gro...
Is Breach Fatigue the New Norm?
Originally published by CXO REvolutionaries. Written by Erik Hart, Global CISO, Cushman & Wakefield. How numb is the public to security failures? One of the trickiest security topics involves the shifting relationship between security and privacy. Twenty years ago, people saw these areas as funda...
How Global Conflicts Influenced Cyber Attack Behaviors
Originally published by Sysdig. Written by Michael Clark, Sysdig. The conflict between Russia and Ukraine includes a cyberwarfare component with government-supported threat actors and civilian hacktivists taking sides.The goals of disrupting IT infrastructure and utilities have led to a 4-fold in...
What You Need to Know About the Daixin Team Ransomware Group
Originally published by Titaniam. Ransomware attacks are common and becoming more creative. However, as attackers evolve, so do their decisions of targets and methodology. As of October 2022, the FBI’s Internet Crime Complaint Center (IC3) holds victim reports across all 16 critical infrastructu...
Beyond BEC: How Modern Phishing Has Evolved Past Email
Originally published by Lookout. Written by Hank Schless, Lookout. Business email compromise (BEC) is big business for malicious actors. According to the 2021 FBI Internet Crime Report, BEC was responsible for nearly $2.4 billion in cyber crime losses in 2021. At its root, it’s a type of ph...
Reframing Password Management: What We Learned from the LastPass Breach
Originally published by BARR Advisory. In August of 2022, LastPass, the cloud-based password saver, was breached as bad actors stole information that would eventually lead them to access a copy of the data vaults of tens of thousands of customers. When the firm was hacked for a second time in Nov...
Protect Your Organization from BlackCat Ransomware Attacks
Originally published by Titaniam. Where there is value for organizations online, there will be a cybercriminal ready with a ransomware attack to exploit it. Since they first emerged in December of 2021, BlackCat Ransomware has become another example of a ring of cybercriminals who practice the mo...
The Discovery of a Massive Cryptomining Operation Leveraging GitHub Actions
Originally published by Sysdig on October 25, 2022. Written by Crystal Morin, Sysdig. The Sysdig Threat Research Team (Sysdig TRT) recently uncovered an extensive and sophisticated active cryptomining operation in which a threat actor is using some of the largest cloud and continuous integration ...
Could Double Extortion Prompt a Public Health Crisis?
Originally published by CXO REvolutionaries on November 15, 2022. Written by Kyle Fiehler, Senior Transformation Analyst, Zscaler. Ransomware actors targeting Australia’s most prominent healthcare insurer have taken the gloves off. After Medibank refused to pay a ransom for the return of data bel...
Combat Attacks Where They Most Often Start: Applications
Originally published by TrueFort. Written by Mike Powers, TrueFort. The application environment is one of the most targeted among cyber criminals and has reached a point where organizations can no longer pose the question of “if” there will be an attack on, but “when” there is an attack. The atta...
How to Prevent Account Takeover Fraud
Originally published by TokenEx. Written by Anni Burchfiel, TokenEx. Quick Hits:Account takeover fraud is the most popular kind of cyberattack for hackers looking to make a large sum of money quickly.Businesses affected by account takeover attacks (ATOs) often lose large numbers of customers due ...
Punisher Ransomware Spreading Through Fake COVID Site
Originally published by Cyble on November 25, 2022. New Variant Of Ransomware Targeting Chile Most organizations experienced an increase in cyber-attacks during the COVID-19 pandemic. Threat Actors (TAs) leveraged the COVID-19 pandemic as a thematic lure to infect users with different malware fam...
Top Threat #11 to Cloud Computing: Cloud Storage Data Exfiltration
Written by the CSA Top Threats Working Group. The CSA Top Threats to Cloud Computing Pandemic Eleven report aims to raise awareness of threats, vulnerabilities, and risks in the cloud. The latest report highlights the Pandemic Eleven top threats, in which the pandemic and the complexity of worklo...
The Top Cloud Computing Risk Treatment Options
Cloud threats pose great harm to organizations’ business objectives. Storage, compute, and even network services have been subjected to nefarious attacks. Since cloud compliance and security is a shared responsibility, every organization should collaborate with their cloud service providers to im...
New Kiss-a-Dog Cryptojacking Campaign Targets Vulnerable Docker and Kubernetes Infrastructure
Originally published by CrowdStrike on October 26, 2022. Written by Manoj Ahuje, CrowdStrike. CrowdStrike has uncovered a new cryptojacking campaign targeting vulnerable Docker and Kubernetes infrastructure using an obscure domain from the payload, container escape attempt and anonymized “...
’Tis the Season for eCrime
Originally published by CrowdStrike. Written by Bart Lenaerts-Bergmans, CrowdStrike. Financially motivated criminal activities, aka “eCrime,” happen in waves. They come and go as adversaries develop new tools and target vulnerable victims. Similar to how investors track stock market activity usin...
Top Threat #10 to Cloud Computing: Organized Crime, Hackers, and APT
Written by the CSA Top Threats Working Group.The CSA Top Threats to Cloud Computing Pandemic Eleven report aims to raise awareness of threats, vulnerabilities, and risks in the cloud. The latest report highlights the Pandemic Eleven top threats, in which the pandemic and the complexity of workloa...
Uber’s Internal Network Breach and Business-Critical SaaS Data Compromise
Originally published by DoControl on September 16, 2022. Written by Corey O'Connor, DoControl. Multiple sources have reported that Uber has become the next victim to a man-in-the-middle attack with social engineering and Multi-factor Authentication (MFA) compromise at its core. In this example, t...
Browse by Topic
Write for the CSA blog
Submit your blog proposalSign up to receive CSA's latest blogs
This list receives 1-2 emails a month.