IST_org

Bob: I'm a fan of the Cybersecurity Body of Knowledge (https://www.cybok.org/) and you can learn tons just by absorbing the MITRE ATT&CK content (https://attack.mitre.org/) (they update ~quarterly)

Marc: Very likely as many ransomware groups have seen that high risk infrastructure is both out of date and backed by organisations that will rush to pay because of the impact when it goes down. As a result many of them actively look for vulnerable, exposed infrastructure associated with these kinds of organisations because they know there is a high chance of a good pay-out.

Allan: There are something like 8 BILLION username/passwords available for sale or free on underground markets at any given time and that doesn’t even take into account the number or organizations that just use poor password management for internet-exposed infrastructure

Allan: Remote Desktop Protocol, either through credential reuse or credential stuffing attacks

Allan: 1. MFA, 2. Patching, 3. Endpoint protection AND monitoring, 4. scanning of remote infrastructure, 5. threat hunting for attackers.