Welcome reader to your CybersecurityHQ report.

Headlines

PEAPOD, a cyberattack campaign that Trend Micro attributed to a group called Void Rabisu, targets European Union military personnel and political leaders engaged in gender equality initiatives. Void Rabisu (aka Storm-0978, Tropical Scorpius, and UNC2596) is associated with ransomware originating in Cuba — though it has no known connection to the government of Cuba. The group conducts both financially motivated and espionage attacks, using the RomCom RAT backdoor.

The malware has been distributed through spear-phishing emails and fake ads, so far mostly targeting Ukraine and its supporters. In August 2023, a new version of RomCom RAT was delivered through a fake website, posing as the Women Political Leaders (WPL) Summit. This reduced its digital footprint and complicated clear detection.

Toshiba Corporation will no longer trade publicly, as it sets to transition to private ownership in December after a successful $13.4 billion takeover bid by Japan Industrial Partners. On Thursday, Toshiba announced an “extraordinary shareholder meeting” that will decide how to manage the takeover scheduled for November 22.

The sale is the result of a months-long negotiation process beginning in April. Japan Industrial Partners will acquire 78.65% of Toshiba Corporation as part of the deal. This transition marks a significant development in the company's history, ending its public listing status.

Kaspersky recently highlighted a new set of malicious tools by the advanced persistent threat (APT) actor ToddyCat. The group has traditionally relied on Ninja Trojan and the backdoor Samurai, but a trove of other tools has been recently discovered. These allow ToddyCat to achieve persistence, conduct file operations, and load additional payloads at runtime.

The group has also been found to be highly effective at data exfiltration. They’ve targeted Asian government and telecom organizations since 2021, using “disposable” malware.

Interesting Read

A balance sheet recession refers to a business that’s prioritized debt reduction over growth. And in a recent article by Jason Hart, writing for Forbes, it’s argued that the cybersecurity industry is on the brink of its own balance sheet crisis. While there is no shortage of security tools, companies are facing an unexpected increase in cyber risks. Those risks have a number of causes, including tool oversaturation, complexity, the ROI paradox, a shortage of skilled professionals, and the ever-evolving threat landscape.

The full article delves into these challenges, as well as a bevy of solutions. It's a call to shift from accumulating tools to making smarter, strategic investments to create a secure and resilient cyber environment.

For the latest openings in cybersecurity careers, check CybersecurityHQ.

Stay Safe, Stay Secure.

The CybersecurityHQ Team