April '22 Corvus Policyholder Update

Introducing our new Smart Cyber Partnerships and why third-party-risk should be top-of-mind.

Spring fever is alive and well. The rise in temperatures unites the masses: college students, kids, and adults alike are all daydreaming about vacations. How we all choose to spend our free time is a different story. Consider the recently arrested leader of Lapsus$ — a 17-year-old from the United Kingdom — who spearheaded hacks on both T-Mobile and software consultancy company Globant. U.K. police arrested another 7 members of the ransomware group, all ranging in age from 15 to 21. Kids these days, right? Hopefully upcoming school vacations don't incite more youth to embark on cybercriminal career paths.

For more on the latest timely tips and trends from our cybersecurity experts, keep reading:

LaurenWinchester-1Risk + Response Tips 

Security tips and service updates from VP of Risk + Response Lauren Winchester

We are constantly thinking about how to stay ahead of the cybersecurity curve so that our advice to help you manage risk is never out of date. The widespread adoption of cloud-native platforms and SaaS solutions introduces new types of threats while slowly eradicating the external IT perimeter. Read more about our approach for increased insights in our blog post.

Our new Smart Cyber PartnershipsTM help us identify, analyze and evaluate these new risks. This begins with making your efforts to improve your security posture as easy and straightforward as possible. As a Corvus policyholder, you qualify for these offerings (and any associated discounts), and in addition to making your organization safer, your participation will help Corvus to provide better, more accurate security recommendations for you. So let us offer a (brief) introduction to our first class of partners:

    • Orca Security provides instant-on security and compliance for AWS, Azure, GCP, and Kubernetes. Orca simplifies your cloud security operations with a single platform for deep cloud asset inventory, workload and data protection, cloud security posture management, vulnerability management, and identity and entitlements management. Orca automatically combines cloud risks and insights  to surface the most critical attack paths leading to your crown jewels. Get a free, no obligation Cloud Security Risk Assessment from Corvus and Orca.
    • Ermetic is a comprehensive cloud security platform for AWS, Azure, and GCP that enables you to proactively reduce your attack surface, detect threats and reduce your blast radius in case of a breach. Ermetic’s holistic cloud security solution enables comprehensive risk assessment across the entire security stack. Get a free, no obligation Cloud Security Risk Assessment from Corvus and Ermetic.
  • ClearVector is the identity-driven cloud security company that discovers and isolates risk in AWS and cloud environments. The ClearVector platform discovers, instruments, and maps activity to identities, and provides productized cloud expertise to help organizations prepare for, measure, and prevent the impact of cyberattacks and breaches. Get a free, 30-day AWS Realtime Risk Assessment from Corvus and ClearVector.
  • Expel provides 24x7 managed detection and response for everything from cloud apps and infrastructure to networks and endpoints. Understanding and adapting to each customer’s environment, Expel finds gaps in coverage and closes them with its own detections. Expel’s automation-forward approach accelerates response and remediation times while scaling quality. And, Expel arms customers with metrics and recommendations to build for a stronger tomorrow. Learn more about Expel’s service for Corvus policyholders.


CISO Corner

Noteworthy trends in cybersecurity from Chief Information Security Officer Jason Rebholz

Unfortunately, it often feels like threat actors don’t take any time off. As technology in our day-to-day lives evolves — like the widespread adoption of cloud-native platforms, for example — threat actors’ approach to targeting victims evolves as well. That means the work of mitigating risk is never really over. 

Some key findings from our Cyber Risk Insights IndexTM — which you can find here — were tied directly to feedback we received in our Policyholder Benchmarking Survey. We’d like to hone in on the factors preventing improvements and how we can assure that every organization is ahead of the cybersecurity curve (and not left playing catch-up):

  • Companies with fewer than 50 employees are more likely to outsource their security efforts. While this is a recommended approach, those same companies also reported the highest level of confidence that they have implemented or are in the process of implementing all necessary steps from a cybersecurity risk standpoint.
  • Of the companies that stated they do need help with security improvements, 72% lacked a CISO who can provide strategic direction for a security program. 
  • Larger companies were most concerned with vendor breaches. 

What are the main takeaways from this? 

  1. If someone feels they have implemented all the necessary steps for cybersecurity, they are almost certainly thinking too small. Every day brings new challenges in cyber security. Organizations must stay ahead of this shifting landscape.
  2. A lack of resources and the overall complexity of security are the leading causes behind organizations falling behind in improving their defenses. The introduction of knowledgeable cybersecurity talent such as a CISO can drastically help.
  3. Third-party risk should be top-of-mind for all. Noticeable spikes in claims this past year have been tied to major cybercrime events, like the Microsoft Exchange Server Vulnerability and the Kaseya ransomware attack. Downstream risk and vendor breaches are leading threats. Read more about managing vendor risk.

Monthly Alerts


Threat Alerts

What to watch for this month. 


The Corvus Scan is a powerful asset that enables us to identify which policyholders are at risk for new vulnerabilities. You’ve probably already heard from us about the following if your organization is at risk, but we’ve gathered the monthly round-up of alerts and updates below:

Zimbra Vulnerability

Threat actors are targeting organizations using vulnerable Zimbra Collection Suite servers. The vulnerability was discovered in December 2021 and has a working exploit that threat actors are actively exploiting. You can find our guidance and next step instructions here.

Microsoft SMB and RPC Vulnerability 

In their routine Patch Tuesday, Microsoft disclosed two critical vulnerabilities that impact the Server Message Block (SMB) service (CVE-2022-24500) and Windows RPC (CVE-2022-26809). Organizations should ensure that all Windows systems are patched to protect against these vulnerabilities. You can find our guidance and next step instructions here.

QNAP Ransomware Attacks

Ransomware group, Deadbolt, is targeting QNAP NAS devices. You can find our guidance and next step instructions here.

SonicOS Vulnerability

SonicWall issued a security advisory about a critical vulnerability (CVE-2022-22274) found in SonicOS, the software that runs SonicWall devices. Exploitation of the vulnerability could lead to a denial-of-service (DoS) attack that would render the device temporarily inoperable or potentially allow for code execution on the firewall. You can find our guidance and next step instructions here.