Research | Our Q3 report details what's new in the world of ransomware.
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Find cyber threats that have evaded your defenses.
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Brands of the world trust ReliaQuest to achieve their security goals.
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
The latest threat research report from ReliaQuest Threat Research research team.
The latest white papers focused on security operations strategy, technology & insight.
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
November 30, 2023
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
Last year, I rounded up the three most significant events for 2020 and crossed my fingers for brighter days ahead. Trapped in the tropics for most parts of 2021, I wasn’t sure if it was the cabin fever or the mask-fatigue but things were not looking great for me. Having spent the past couple of weeks in Europe, it has been quite liberating – breathtaking, dare I say – to be on a plane again, seeing sights and experiencing weather I wouldn’t normally be able to (goodbye humidity and frizzy hair).
With my slightly clearer mind, I thought I should tap into my pensive self and reflect on all that has been going on, before everyone starts making resolutions for 2022. In this post, I am also going to expend a bit more effort on thinking about all the cyber attacks that have affected the APAC region and what we can expect in the year to come.
SolarWinds, ransomware attacks, and the “ZeroLogon” vulnerability made my Top 3 most significant event for 2020. So, how far have we come since then? I don’t think there is a more fitting way to describe how far we’ve come, than with the saying “一山还比一山高”. It literally translates to “one mountain will always be higher than the other”, and in reality means there will always be someone or something that outshines its predecessor. Now, tell me that has not been the case. I dare you, I double dare you.
For one, supply-chain attacks are probably on par with ransomware attacks in terms of popularity. We can get into a fight arguing about which is the more popular one. But does it matter? Ransomware attacks now abuse the supply chain (read: Kaseya VSA) too.
Ask me which vulnerability I would award as vulnerability of the year and I’ll be at a loss of words. ProxyLogon comes to mind. But again, how does one decide? After my foray with the Photon Research Team into vulnerability intelligence and management in our latest whitepaper (titled “Vulnerability Intelligence: Do You Know Where Your Flaws Are?”), I now know that I know nothing.
As one of the few Asia Pacific (APAC) employees in Digital Shadows (now ReliaQuest), take it from me when I say that timezone is a bit tricky to manage. Some of my colleagues are sound asleep when I’ve just started my day, and vice versa. This part of the world gets so lonely.
That’s not the same for cyber threat actors. With nary a complaint, they are always active.. In APAC, we are at least 8 hours ahead of some of you but surely, we’ve not been forgotten by these actors and groups.
Enter Exhibit A: the supply-chain attack leveraging Accellion’s File Transfer Appliance (FTA). For those of us who are still not tired of the phrase “supply-chain attack” yet, you may recall that the specific incident involving Accellion affected quite a few organizations. To give credit where it is due, Accellion first discovered signs of exploitation on 23 Dec 2020 and patched the vulnerability within 72 hours, which is certainly no mean feat.
But APAC organizations were predominantly the victims during initial disclosure of the attack. And this was likely the case because of time differences. Accellion released the patch on 24 Dec 2020, but the 21-hour time difference between Accellion’s location in the US and the APAC region meant that the time frame was too short for organizations in the eastern part of the world to address these issues properly. The timeliness, or lack thereof in this case, to apply patches is further complicated by malfunctioning of Accellion’s email notification system, and all of this occurring around the Christmas period.
Fastest fingers first. With the Clop ransomware group quick to exploit this vulnerability, the rest, as we know, is history.
The Western world tends to get a lot more love when it comes to reporting on cyber attacks and developments in the cyber threat landscape. But we already know this is by no means an indication that threat actors don’t target APAC at all. Low crime does not mean no crime; make no mistake, where there are vulnerable organizations, there will be attackers.
APAC continues to see a surge in cyber attacks. So far in 2021, we have already put out 170 intelligence updates for the APAC region alone. That’s almost double the number we have for 2020. I’m not alone, surely! You’ll likely see numbers and figures put out by other researchers all echoing similar sentiments.
Things will only become spicier in the days to come, I promise you. In the volatile domain of cyberspace, physical developments often influence the conduct of cyber activity. In the APAC region, we’ve been paying some attention to AUKUS, the strategic alliance between Australia, the UK, and the US.
A lot of hype on the AUKUS has got to do with the provision of nuclear-powered submarines to Australia. That’s a huge deal. Under the pact, Australia will probably be the first non-nuclear-armed state to possess nuclear-powered submarines. This does draw some non-proliferation debate but we can nerd out about those issues another time.
Hold your horsies, there’s more! Subs shouldn’t be all that the pact should be known for. The AUKUS agreement also includes the sharing of cyber and marine technology, including artificial intelligence and quantum technology. Beneath it all, the alliance hints at the priority placed by the US in attempting to balance an increasingly power hungry China. As we recall, China treats its critics with hostility, so we can be sure this competition is only going to fuel cyber activity. Even without poking the beast, AUKUS’ cyber technology component probably ranks high on China’s priority.
Equally as important are policies and frameworks enacted by regional players. China’s government has passed or implemented several data and/or privacy-related laws. In attempting to address the “chaos” data has created, the Personal Information and Privacy Law has been enacted on 01 Nov 2021. Not another GDPR, some might bemoan, but pay no heed to these laws and you might just face the wrath of the Cyberspace Administration of China (CAC). The laws also apply to foreign firms – some like Apple have chosen to comply, but it’s a more bleak prospect for others like Yahoo Inc, which has decided to withdraw operations from China, citing an “increasingly challenging” operating environment.
With so much going on in the APAC region, there is no excuse to think that cyber attacks won’t affect us. The silver lining is also that many organizations (and their leadership management team) are increasingly sitting up at the mention of cyber attacks and how to defend against them.
There are very few things that make me proud to be Singaporean. Our food and hawker culture are two of those few things but this year, I’m thrilled to add our Singapore’s Cybersecurity Strategy to the list. There is a sentence in the announcement that particularly struck a chord with me – “Singapore thus reviewed and refreshed its cybersecurity strategy which was first launched in 2016”.
Reviewing and refreshing our approaches for ensuring a more secure network and digital infrastructure is such a hassle, I feel you. But this is so, so important. In the reports I write, I often have to stress that there is no such thing as a one-size-fit-all method. Nor are there mitigation measures that will be valid forever.
Perhaps the most dignifying of all – Singapore’s approach to Zero Trust. We’ve already established the growing popularity of supply-chain attacks; a Zero Trust architecture is one of the most useful ways to break that chain. With Singapore’s updated strategy, the country makes it clear Zero Trust is the way to go, moving away from perimeter defence and towards a zero-trust model.
In Singapore, a top-down approach is perhaps the most typical way forward; the Singapore government will take the lead with its Government Trust-based Architecture that translates Zero Trust principles into government context. With our lead, hopefully more countries will follow suit. Fair’s do, implementing Zero Trust is not easy but if this little red dot can do it, you can too.
Aaaaaand that’s a wrap. I can’t possibly put everything we’ve gone through in 2021 into this post, but hopefully this has provided an inkling as to what has happened and what can come next. With threat actors lurking around the corner, each trying to outdo the other, there is never a dull day in cyber-security. Without an inch of a doubt, 2022 will surely be a hectic year, but I’m in good hands with the Photon Research Team and I look forward to another year of working with you lot #thnksfrthemmrs
The Photon Research Team does a tremendous job covering a variety of cyber threats, including primary research on cybercriminals. Beyond that, we also look at policy implications, wider geopolitical developments, and how they can potentially herald a shift in the cyber threat landscape. Check out some of our works here, or let us walk you through a demo with a 7-day test drive of Search Light (now ReliaQuest GreyMatter Digital Risk Protection).