Red Hat Security Advisory 2024-2483-03 - An update for traceroute is now available for Red Hat Enterprise Linux 9.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2483.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: traceroute security updateAdvisory ID:        RHSA-2024:2483-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:2483Issue date:         2024-04-30Revision:           03CVE Names:          CVE-2023-46316====================================================================Summary: An update for traceroute is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The traceroute utility displays the route used by IP packets on their way to a specified network (or Internet) host.Security Fix(es):* traceroute: improper command line parsing (CVE-2023-46316)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-46316References:https://access.redhat.com/security/updates/classification/#moderatehttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.4_release_notes/indexhttps://bugzilla.redhat.com/show_bug.cgi?id=2246303

Red Hat Security Advisory 2024-2483-03

While other professions are making up ground, cybersecurity still lags behind in female representation, thanks to a lack of respect and inclusion.

Source: Valeriy Kachaev via Alamy Stock Photo

Right now, in 2024, at least three of every four cybersecurity professionals is male.

Cybersecurity is hardly the only male-dominated industry, but even in contrast to others — like law (53%), accounting (46%), and doctors of medicine (37%) — it lags behind.

According to new research from ISC2, women make up just 20% to 25% of the cybersecurity industry. And that figure, it noted, has remained relatively consistent for some years.

It stands out even more when compared with the racial makeup of the industry. While the majority of cyber pros over the age of 40 in the US, the UK, Canada, and Ireland are white, the majority under 40 are not. ISC2 found that over the past 12 months, a full two-thirds of new entrants to the industry from those countries have been non-white.

The takeaway? Cybersecurity is fixing its diversity problem, but only halfway.

**Gender Representation in Cyber, by the Numbers**

Just 4% of ISC2 survey respondents indicated that women make up a majority of their security teams. By contrast, 11% admitted they have no women on their teams at all.

There seems to be a mild networking effect at play, too. The average woman in security works with around 8% more women (30%) on average than men do (22%).

The problem is pretty much the same across industries, as the most-diverse sectors, like cloud services, automotive, and construction (all 28% female), don't far outpace the least-diverse (military and energy, each at 20%).

There are, however, some positive trends alongside the lagging ones.

Where only around 14% or 15% of cyber pros over age 40 are women, at least 25% under age 35 are (a relative improvement).

Most interestingly, the women who do make it into the cybersecurity field tend to rise up the corporate ladder at least as high as, if not higher than, their male counterparts. Women own executive titles at a similar clip to men. A greater percentage of them possess managerial-level roles, and a lesser percentage are ranked as individual contributors. And counterintuitive though it may sound, a greater percentage of women in security are involved in the hiring process than are men (33% to 24%).

That data, however, contrasts with other recent findings.

**The Root of the Problem: Exclusion**

In its "2023 State of Inclusion Benchmark in Cybersecurity" report, Women in Cybersecurity (WiCyS) tracked the ways in which women experience exclusion in the industry. "Respect" ranked as the worst issue on its list, but just behind respect was "career and growth opportunities."

"Women are experiencing a glass ceiling at around six years," reports Lynn Dohm, executive director at WiCyS. "You could imagine the journey for a woman in cybersecurity as they're advancing in their career, not necessarily getting the stretch assignments they're anticipating, perhaps their managers aren't taking initiative and identifying the trajectory of their career within the organization, they're getting passed up for promotions and experiencing that lack of respect with microaggressions, tokenism, comments. All of that leads up to the point where an individual would likely choose to step out of the career and move into other areas."

It's a self-fulfilling cycle: Too little female representation is leading more women to steer clear of security. As Dohm puts it: "Lack of diversity in the workforce is a symptom of the lack of inclusion."

Simply hiring more women doesn't solve the problem, either, since exclusion extends far deeper than any one person or organization can account for.

"The gender gap in cybersecurity begins long before women reach the workforce," explains Jessy McDermott, partner solution architect at Aqua Security. "I know firsthand as a former engineering student that this gap existed at the college level. For example, only four other women — out of an original 15, excluding myself — completed the engineering program alongside me at UMass Dartmouth. During those four years, I experienced an ongoing prejudice and doubt and saw how women were ultimately driven out of the field before they even graduated.

"This is only exacerbated as time goes on and women begin to see that careers in information technology or cybersecurity are 'male-dominated.' If you’re somehow able to get through college without being driven out of the field, you've just started the first leg of a never-ending journey. Ultimately, this can all lead to imposter syndrome, which myself and many female friends in the industry deal with. I have days where, even now, as a cybersecurity professional with years of experience under my belt, I still get challenged to show and, more importantly, prove my knowledge to others."

So, she adds, "I love how more companies are going out of their way to hire more women into the field, but to see a difference, women need internal support to feel confident and be successful in their roles."

**Non-Diversity Consequences to Companies**

Besides the obvious consequences for people, there are also consequences for uniformity for companies.

"When retention isn't there for female talent, it costs money, because it's pulling back out recruiting dollars. And it's also a reputational risk," Dohm notes.

"Broader than cybersecurity, there's a body of research that says the more perspectives you bring to the table, the better off you will be at problem solving," says Clar Rosso, CEO of ISC2. "In cybersecurity, which is a very complex, growing threat landscape, the more perspectives that we bring to the table to solve problems, the more likely we will be able to impact our cyber defense."

Dohm puts it tersely: "It's a security risk not having the diverse perspective that women bring to the cybersecurity workforce."

**About the Author(s)**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Cybersecurity Is Becoming More Diverse … Except by Gender

Plus: Microsoft scolded for a “cascade” of security failures, AI-generated lawyers send fake legal threats, a data broker quietly lobbies against US privacy legislation, and more.

It’s been a week since the world avoided a potentially catastrophic cyberattack. On March 29, Microsoft developer Andres Freund disclosed his discovery of a backdoor in XZ Utils, a compression tool widely used in Linux distributions and thus countless computer systems worldwide. The backdoor was inserted into the open source tool by someone operating under the persona “Jia Tan” after years of patient work building a reputation as a trustworthy volunteer developer. Security experts believe Jia Tan is the work of a nation-state actor, with clues largely pointing to Russia, although definitive attribution for the attack is still outstanding.

In early 2022, a hacker operating under the name “P4x” took down the internet of North Korea, after the country’s hackers had targeted him. This week, WIRED revealed P4x’s true identity as Alejandro Caceres, a 38-year-old Colombian American. Following his successful attack on North Korea, Caceres pitched the US military on a “special forces”-style offensive hacking team that would carry out operations similar to the one that made P4x famous. The Pentagon eventually declined, but Caceres has launched a startup, Hyperion Gray, and plans to further pursue his controversial approach to cyberwarfare.

In mid-February, millions of people lost internet access after three undersea cables in the Arabian Sea were damaged. Some blamed Houthi rebels in Yemen, who had been attacking ships in the region, but the group denied it had sabotaged the cables. But the rebel attacks are still likely to blame—albeit, in a bizarre way. A WIRED analysis of satellite images, maritime data, and more found that the cables were likely damaged by the trailing anchor of a cargo ship that the Houthi rebels had bombed. The ship drifted for two weeks before finally sinking, crossing paths with the cables at the time they were damaged.

The myth that Google Chrome’s Incognito mode provides adequate privacy protections can finally be put to rest. As part of a settlement over Google’s Incognito privacy claims and practices, the company has agreed to delete “billions” of records collected while users browsed in Incognito mode. It will also further clarify how much user data can be collected by Google and third parties while Incognito is enabled, and take further steps to protect user privacy. There are other privacy-focused browsers that can replace Chrome. But if you’re still using it, make sure to update it to patch some serious security flaws.

But that’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

A 58-year-old hospital systems administrator pleaded guilty this week to US federal charges after he was caught using another man’s name for more than 30 years. Matthew David Keirans allegedly stole the identity of William Woods in 1988, when the two men worked at a hot dog cart in Albuquerque, New Mexico, according to the US Attorney's Office for the Northern District of Iowa. Over the decades, Keirans obtained employment, bank accounts, loans, and insurance, and paid taxes, under the Woods name. Keirans even had a child whose last name is Woods.

The real William Woods, meanwhile, reportedly learned that someone else was using his identity in 2019. At the time, Woods was unhoused and living in Los Angeles. He contacted a bank where “William Woods” had an account, providing his real Social Security card and California ID card to prove his identity. However, he could not answer the security questions to gain access. The bank called Keirans—who was pretending to be Woods—and Keirans convinced the bank employee that the real Woods should not have access to the accounts. The Los Angeles Police Department then arrested the real Woods and charged him with identity theft after Keirans provided officers with false documents and information.

In a nightmarish twist, during judicial proceedings, the real Woods accurately maintained that “William Donald Woods” was his true identity, prompting the court to order him to a mental institution. The real Woods ultimately spent 428 days in jail and 147 days in a mental hospital before his release.

The real Woods then continued to work to regain his true identity, eventually contacting authorities after learning that Keirans worked at a hospital in Iowa City. Investigators later confirmed the real Woods’ identity after obtaining a DNA test. Confronted with the evidence, Keirans confessed to a series of crimes and now faces a maximum sentence of 32 years in prison, a $1.25 million fine, and five years of supervised release.

**US Review Board Slams Microsoft for ‘Cascade of Avoidable Security Failures’**

The White-House mandated Cyber Safety Review Board issued a scathing report against Microsoft this week, accusing the tech giant of failing to stop a “preventable” intrusion by China-backed hackers of hundreds of Microsoft Exchange Online email accounts. To gain access to email accounts belonging to 22 organizations and 500 individuals worldwide, the hackers, known as Storm-0558, stole a Microsoft cryptographic key. The CSRB report chastises the company for failing to detect “the compromise of its cryptographic crown jewels,” inadequate security practices, and a “corporate culture that deprioritized both enterprise security investments and rigorous risk management,” among a “cascade” of other defeats.

The report also found that Microsoft still does not know how Storm-0558 obtained its key, accusing the company of making false statements after it initially claimed that the key was accidentally included in an April 2021 “crash dump.” The company has since updated its explanation of the intrusion to say that it still does not know how the hackers obtained the key. The CSRB issued 25 recommended steps that Microsoft—a major government contractor whose systems protect highly sensitive information—should take to better protect its systems.

**AI-Generated Lawyers Caught Spewing Fake Legal Threats**

The owner of the website Tedium received legal threats from a nonexistent “law firm” charging the publication with a copyright violation. The thing is, the “lawyers” behind the complaint were AI-generated. The “law firm” accused Tedium of using a photograph without the owner’s consent, and a "copyright infringement" notice offered to supposedly settle the matter, if only Tedium would agree to properly credit the photo’s “owner” and link out to their website. This was, of course, a backlink scam designed to boost the SEO ranking of the fake copyright holder’s page. Only this time, the scam was bolstered by a cast of AI-generated characters: a hot-shot team of young, "skilled lawyers" purportedly specializing in creative rights and commercial law.

**Data Behemoth Enlists Lobbyists Against Effort in US to Limit Deals With Spies**

An internal feud is underway in the US Congress over the fate of a beleaguered spy program called Section 702 and the commercial deals that US intelligence agencies have struck in recent years with global data brokers, purchasing information that government agents typically need a warrant to obtain. Consequently, the UK owner of LexisNexis—an “amalgam of publishers and data brokers, stitched together into a single information giant”—has retained the services of a Washington, DC, lobbying firm to engage with federal lawmakers over “potential privacy, data security, breach notification, data broker, and FISA reform legislation.” Politico reports that the company, RELX, previously used the firm, Venable, to combat privacy legislation aimed at restricting the kinds of personal data companies are allowed to sell to law enforcement.

**‘Weapon Scanners’ Eyed by New York’s Surveillant Mayor Boasts Abysmal Track Record**

New York City mayor Eric Adams is hastening his crusade against subway violence with a plan to test weapons scanners that claim to use artificial intelligence to detect whether commuters are carrying blades and firearms. Documents obtained by Hell Gate reveal what Adams failed to disclose at a press conference last week: that data already in the city’s hands show the technology is only rarely useful. After police officers permitted to carry firearms were factored out of one study at a Bronx hospital, the scanners were found to be accurate less than 1 percent of the time. (All told, more than 85 percent of the time, the scanners cast false suspicion on New Yorkers who were found to be unarmed.) The move by Adams follows New York governor Kathy Hochul’s deployment of hundreds of National Guard soldiers in the city’s subway systems. Adams first addressed a spate of homicides and stabbings across the city in March by sending hundreds of police officers underground to search commuters' bags at well over 100 subway stations—a tactic that roused resistance from a few locals this week who smashed ticket machines and disabled security cameras at a midtown station to protest the surveillance surge.

Identity Thief Lived as a Different Man for 33 Years

DerbyNet 9.0 suffers from a remote SQL injection vulnerability in print/render/racer.inc.

CVE ID: CVE-2024-30923

Description:  
An SQL Injection vulnerability has been discovered in DerbyNet version 9.0, specifically within the `print/render/racer.inc` component. This vulnerability allows remote attackers to execute arbitrary code and disclose sensitive information by exploiting improper sanitization of the `where` clause in Racer Document Rendering.

Vulnerability Type: SQL Injection

Vendor of Product: DerbyNet - Available on GitHub: https://github.com/jeffpiazza/derbynet

Affected Product Code Base: DerbyNet - v9.0

Affected Component: print/render/racer.inc

Attack Type: Remote

Impact:  
- Code execution: True  
- Information Disclosure: True

Attack Vectors:  
The vulnerability is present in the `print/render/racer.inc` component of DerbyNet, due to insufficient sanitization of the `where` parameter within the URL. Attackers can manipulate SQL queries by injecting malicious SQL commands through the `where` parameter, as demonstrated in the following URL:  
- `http://127.0.0.1:8000/render-document.php/award/GoldCupAwardDocument?where=1`

This manipulation could lead to unauthorized access to database information and potential code execution on the server hosting the application.

Discoverer: Valentin Lobstein

References:  
- Official website: http://derbynet.com  
- Source code on GitHub: https://github.com/jeffpiazza/derbynet

DerbyNet 9.0 print/render/racer.inc SQL Injection

DerbyNet 9.0 suffers from a remote SQL injection vulnerability in ajax/query.slide.next.inc.

    CVE ID: CVE-2024-30928Description:An SQL Injection vulnerability has been discovered in DerbyNet version 9.0, particularly within the `ajax/query.slide.next.inc` file. This vulnerability allows remote attackers to execute arbitrary code and disclose sensitive information by exploiting the unvalidated `classids` parameter used in constructing SQL queries. This parameter is not properly sanitized before being included in the SQL statement, leading to a critical risk of SQL Injection.Vulnerability Type: SQL InjectionVendor of Product: DerbyNet - Available on GitHub: https://github.com/jeffpiazza/derbynetAffected Product Code Base: DerbyNet - v9.0Affected Component: ajax/query.slide.next.incAttack Type: RemoteImpacts:- Code execution: True- Information Disclosure: TrueAttack Vectors:The vulnerability is primarily exploited by manipulating the `classids` parameter in the user's request to the `ajax/query.slide.next.inc` file. The lack of adequate input validation allows attackers to inject malicious SQL code through this parameter. Example attack vectors include:- Direct exploitation:- `http://127.0.0.1:8000/action.php?query=slide.next&mode=racer&classids=1`- Boolean-based blind SQL Injection:- Payload: `query=slide.next&mode=racer&classids=1) AND 4365=4365 AND (6880=6880`- UNION query SQL Injection:- Payload: `query=slide.next&mode=racer&classids=-3890) UNION ALL SELECT NULL,NULL,CHAR(113,107,120,122,113)||CHAR(79,97,117,85,112,79,82,85,75,114,65,66,118,100,117,107,79,118,111,104,67,105,87,86,72,110,107,119,113,86,106,107,115,100,110,109,98,77,85,115)||CHAR(113,118,120,120,113),NULL,NULL,NULL,NULL,NULL-- rDzQ`These vectors demonstrate how an attacker could manipulate SQL queries to potentially access or manipulate database information unauthorizedly.Discoverer: Valentin LobsteinReferences:- Official website: http://derbynet.com- Source code on GitHub: https://github.com/jeffpiazza/derbynet

DerbyNet 9.0 ajax/query.slide.next.inc SQL Injection

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in racer-results.php.

CVE ID: CVE-2024-30927

Description:  
A Cross-Site Scripting (XSS) vulnerability is present in DerbyNet version 9.0, specifically within the `racer-results.php` component. This issue allows remote attackers to execute arbitrary code through the improper handling of the `racerid` parameter. The vulnerability is notably present within the HTML `<title>` tag, where the `racerid` parameter value is dynamically inserted directly into the page content without any sanitization or encoding.

Vulnerability Type: Cross-Site Scripting (XSS)

Vendor of Product: DerbyNet - Available on GitHub: https://github.com/jeffpiazza/derbynet

Affected Product Code Base: DerbyNet - v9.0

Affected Component: racer-results.php

Attack Type: Remote

Impact: Code execution

Attack Vectors:  
The XSS vulnerability can be exploited by inserting malicious JavaScript code into the `racerid` parameter of the URL. For example:  
- `http://127.0.0.1:8000/racer-results.php?racerid=</title><script>alert(1)</script>`

This method demonstrates how an attacker could manipulate the `racerid` parameter to inject and execute arbitrary JavaScript within the context of a user's session.

Discoverer: Valentin Lobstein

References:  
- Official website: http://derbynet.com  
- Source code on GitHub: https://github.com/jeffpiazza/derbynet

DerbyNet 9.0 racer-results.php Cross Site Scripting

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in photo-thumbs.php.

CVE ID: CVE-2024-30925

Description:  
A Cross-Site Scripting (XSS) vulnerability exists in DerbyNet version 9.0, specifically within the `photo-thumbs.php` component. This issue enables a remote attacker to execute arbitrary code through the improper handling of the `racerid` and `back` parameters. The vulnerability arises because the application dynamically generates URLs for navigation without adequately sanitizing these parameters, thus allowing the injection of malicious scripts.

Vulnerability Type: Cross-Site Scripting (XSS)

Vendor of Product: DerbyNet - Available on GitHub: https://github.com/jeffpiazza/derbynet

Affected Product Code Base: DerbyNet - v9.0

Affected Component: photo-thumbs.php

Attack Type: Remote

Impact: Code execution

Attack Vectors:  
The XSS vulnerability can be exploited through manipulation of the `racerid` and `back` parameters in the URL. Examples of such manipulation include:  
- http://127.0.0.1:8000/photo-thumbs.php?repo=head&racerid=</script><script>alert(1)</script>  
- http://127.0.0.1:8000/photo-thumbs.php?back="><script>alert(1)</script></div>

These URLs demonstrate how an attacker could inject and execute arbitrary JavaScript within the context of the user's browser session.

Discoverer: Valentin Lobstein

References:  
- Official website: http://derbynet.com  
- Source code on GitHub: https://github.com/jeffpiazza/derbynet

DerbyNet 9.0 photo-thumbs.php Cross Site Scripting

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in render-document.php.

    CVE ID: CVE-2024-30920Description:A Cross Site Scripting (XSS) vulnerability has been identified in DerbyNet v9.0, specifically within the `render-document.php` component. This vulnerability allows a remote attacker to execute arbitrary code via crafted URLs. The root cause of the vulnerability is the application's failure to properly sanitize user input in document rendering paths, which permits the injection of malicious scripts.Vulnerability Type: XSS (Cross Site Scripting)Vendor of Product:DerbyNet - https://github.com/jeffpiazza/derbynetAffected Product Code Base:DerbyNet - v9.0Affected Component:render-document.phpAttack Type:RemoteImpact:Code executionRoot Cause:The vulnerability arises from the application's display of debug information, including `ORIG_SCRIPT_FILENAME`, `DOCUMENT_URI`, `SCRIPT_NAME`, and `PHP_SELF`. These debug outputs improperly handle user-supplied input by not sanitizing it before inclusion in the output, leading directly to XSS vulnerabilities when malicious inputs are rendered by the browser.Attack Vectors:The vulnerability can be exploited with URLs such as:- `http://127.0.0.1:8000/render-document.php/racer/<img src=x onerror=alert(1)>`- `http://127.0.0.1:8000/render-document.php/<img src=x onerror=alert(1)>`Discoverer:Valentin LobsteinReferences:- http://derbynet.com- https://github.com/jeffpiazza/derbynet

DerbyNet 9.0 render-document.php Cross Site Scripting

As “P4x,” Alejandro Caceres single-handedly disrupted the internet of an entire country. Then he tried to show the US military how it can—and should—adopt his methods.

A Vigilante Hacker Took Down North Korea’s Internet. Now He’s Taking Off His Mask

It's critical for security teams to stay vigilant not only when it comes to major security issues, but also with minor lags in security best practice.

Tim Chase, Global Field CISO, Lacework

April 2, 2024

3 Min Read

Source: Anna Berkut via Alamy Stock Photo

COMMENTARY

The saying "put yourselves in the shoes of a hacker" has long been part of defensive security strategies. Today, in the fast-paced and evolving threat landscape, this statement is truer than ever for chief information security officers (CISOs) and security teams at scale.

As cyber threats continue to evolve in 2024, CISOs and security teams must be prepared for everything from supply chain risks to zero-day exploits to deepfakes to cloud targeting and more. By ensuring visibility across your infrastructure, encouraging employee training, and supporting bug bounty programs, your organization will harden its security posture and be better prepared to fend off rising threats this year. Let's dive a bit deeper into each: 

**Creating Security Allies Out of Your Team**

Recent cyberattacks have shown us that the level of sophistication and damage caused by malicious actors is not slowing down. The MOVEit data breach that leaked the personal information of more than 11 million people shows the raw scale of modern attacks. Similar breaches at MGM and Caesars were exacerbated by the FBI struggling to stop the cyber gang behind the incident. 

While the security team can't befriend everyone in an organization, they can focus on education internally in order to train staff on risks and create clear communication that covers important issues. If hackers are staying up to date and getting educated on the latest threats and risks, we should as well. Creating a "security champions" program across the organization is a great way to embed security. One team member from marketing, finance, legal, etc., can plug in to your team and be a liaison for security that helps push pertinent cybersecurity information out across the company.

**Supporting Bug Bounty Programs**

Rather than being anxious and shunning bug bounty programs, CISOs and security teams should reward good behavior. I encourage employees to attend hackathons — even if it's only to observe or learn at first. It's one step in the right direction for security education. For more hands-on cybersecurity learning, I also like to arrange company-wide competitions and games that encourage employees to figure out how cybercrime could potentially happen.

There is no better way to prepare for a real breach than with a simulation. It forces the team to work together, strategize, and agree on a solution. The increased need for internal cybersecurity education and support for bug bounty programs is only going to continue growing in order to keep up with rising threats.

**If All Else Fails, Focus on Visibility**

Visibility is a foundational principle that suggests you can't secure what you don't know about. Lack of a security team's visibility is a gold rush for hackers because they typically infiltrate an organization's network via hidden or sneaky entry points. If you don't have visibility, there will undoubtedly be a way in. Without visibility into all traffic within an organization's infrastructure, threat actors can continue to lurk in the network and grant themselves access to the organization's most sensitive data.

With 93% of malware hiding behind encrypted traffic but only 30% of security professionals claiming to have visibility, it's no wonder that there were more ransomware attacks in the first half of 2023 than in all of 2022. Once a cybercriminal has made their way into the network, time is limited. Only with visibility can the cybercriminal be stopped from wreaking havoc and gaining access to company data.

When cybersecurity professionals can better understand the mysterious nature of hackers and how they work, they can better protect their own systems and valuable customer data. It's critical to stay vigilant not only when it comes to major security issues, but also with minor lags in security best practice. We saw this with the recent breach of Hewlett Packard, which was undertaken by the same group behind 2020's SolarWinds breach. Some of the most sophisticated cybercriminals are also incredibly opportunistic, taking advantage of any split-second lapse in otherwise-tight security plans. Ensure you take the steps above to stay ahead of looming threats. 

**About the Author(s)**

Global Field CISO, Lacework

Tim Chase is the Global Field CISO at Lacework and has worked in information security for over 15 years in various roles, including leading security teams focusing on Cloud and AppSec. He has extensive experience working at the board and executive level to promote security and guide decision-making.

Tag

#acer