Each business day, MSSP Alert delivers a quick lineup of news, analysis and chatter from across the managed security services provider ecosystem.
- The Content: Written for MSSPs and MSPs; threat hunters; security operations center as a service (SOCaaS), managed detection and response (MDR), and eXtended detection and response (XDR) providers — and those who partner with such companies.
- Frequency and Format: Every business morning. Typically, one or two sentences for each item below.
- Reaching Our Inbox: Send news, tips and rumors to Managing Editor Jim Masters: [email protected].
A. Today’s MSSP, MSP, MDR, XDR and Cybersecurity Market News
1. Today is Anti-Ransomware Day: INTERPOL has declared May 12 as Anti-Ransomware Day. Commenting on the occasion, Nic Finn, senior threat intelligence consultant for the GuidePoint Security Research and Intelligence Team (GRIT), said, "As we step into the fourth Anti-Ransomware Day, it's clear that ransomware is still a dominant threat for organizations across the globe. Looking at GRIT's ransomware dataset, we've observed a steady increase in victims published by ransomware groups. In 2021, from January 1 to May 12, GRIT observed just over 700 reported victims. In 2022, that number increased to just over 1,000. So far, in 2023, we've observed more than 1,300 reported victims."
2. Funding Boost: Cybersecurity firm Curity announced a significant investment from GRO, a Danish private equity fund, to accelerate its international expansion. Curity is a provider of API-driven identity management, delivering solutions to a wide range of enterprises seeking to secure access to digital services.
3. Cybersecurity Partnership: AI SPERA, an AI-based cyber threat intelligence provider, has fformed a data-sharing partnership agreement between its flagship search engine, Criminal IP, and DNS0.EU. DNS0.EU is an independent non-profit organization based in France that provides secure DNS services for the protection of the European Union. Criminal IP performs real-time collection and analysis of IP addresses, enabling effective detection of cyber threats.
4. Industry Recognition: Nokia has been ranked as an industry leader in network security by analysts at GigaOm for its extended detection response market (XDR) security platform. The platform provides communication service providers and enterprises with 5G network defenses through a variety of AI and machine learning capabilities.
5. Security Alert: The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have released a joint Cybersecurity Advisory in response to the active exploitation of CVE-2023-27350. This vulnerability occurs in certain versions of PaperCut NG and PaperCut MF, and enables an unauthenticated actor to execute malicious code remotely without credentials. Malicious actors exploited CVE-2023-27350 beginning in mid-April 2023 and are continuing through the present, the FBI said. In early May 2023, the Bl00dy Ransomware Gang attempted to exploit vulnerable PaperCut servers against the Education Facilities Subsector.
6. Cybersecurity Acquisition: Crosspoint Capital Partners will take Canada's Absolute Software private in a $657 million deal, extending a recent trend of private equity firms snapping up cybersecurity providers. Absolute Software shareholders will receive $11.5 per share in cash, representing a premium of 34% to the U.S.-listed stock's last close, the company said. (Source: Reuters)
7. Hacker Alert: Unknown hackers attempted to infiltrate Dragos, an industrial cybersecurity firms that works with government agencies and utilities globally. The unsuccessful campaign targeted the company’s executives and their family members, the firm said this week. “We are confident that our layered security controls prevented the threat actor from accomplishing what we believe to be their primary objective of launching ransomware,” the company stated in a blog post. (Source: CYBERSCOOP)
B. Annual In-Person MSSP and Cybersecurity Conferences
- The Official Cyber Security Summit Series (Multiple dates and locations)
- Identiverse 2023 (May 30 - June 2, Las Vegas, Nevada)
- Infosec World (September 25-27, Lake Buena Vista, Florida)