PRESS RELEASELondon, UK. 24th April 2024: Performanta, the multinational cybersecurity firm specialising in helping companies move beyond security to achieve cyber safety, has uncovered a trend in how developing countries are being targeted by nation state actors.The firm’s analysis explored the origins and characteristics of Medusa, a ransomware-as-a-service targeting organisations globally. The patterns suggest that developing countries are hit first with a trend that shows a rising impact on developed countries. It implies that ransomware activities are not entirely random and a strategy is in place to focus on organisations within developing countries as their initial targets.Guy Golan, CEO and Executive Chairman of Performanta, states: “Our analysis suggests that BRICS nations, and particularly the African continent, have become a testing ground for nation-state attacks. In order to achieve a more cyber safe environment for all organisations globally, we need to increase awareness of this growing issue. It is only through understanding the trends and patterns of geopolitical cyber warfare that will enable us to bring clarity to the global threat landscape.”Performanta’s research has delved into precisely how attackers are using Africa, and the extent to which the region is under major threat.In South Africa, a 10-year review of the cyber threat landscape found that the most prevalent perpetrators of attackers were trained hackers, and the top three most likely targeted industries on the continent are finance, manufacturing and energy. This poses a serious problem, with the average successful nation-state-backed cyber attack costing an average of $1.6 million per incident.Performanta’s report also reveals a large increase in financial/banking trojans with a 59% increase in Kenya and a 32% increase in Nigeria across a single quarter.Golan continues: “Attackers likely perceive attacking Africa to have fewer risks to themselves than directly attacking the West, and as a bridge to the Western world, it’s likely that methods are tried and tested in Africa first, before being deployed across developed countries later. As an emerging economy, Africa may have become an entry point for attackers aiming to access and disrupt Western assets indirectly. No matter the reasoning, the West and Africa must implement long-term collaborative efforts to build a strong defence against this threat.”With a strong foothold in both South Africa and the UK, Performanta is uniquely positioned to bridge the gap between nations to form a cyber safe defence against nation-state enemies.For more information or to read Performanta’s full report, download here.About PerformantaPerformanta is a multinational company that specialises in cyber safety. Founded in 2010, we have grown to over 180 security professionals. We provide risk and resilience consulting, managed detection and response, and continuous threat exposure management services, with a human touch. Our focus extends beyond your security controls, to your wellbeing. We work tirelessly with clients to manage the cyber security risks.Performanta is a leading Microsoft Solutions Partner. We have been nominated by Microsoft to join its Intelligent Security Association (MISA), a worldwide group comprising 300 of its most proficient partners. Performanta is approved to design, develop and operate security solutions for on-premises and cloud service users. We specialise in Managed Extended Detection & Response (MXDR), Identity and Access Management, and Threat Protection.We work with enterprises across many industry sectors, that require a cyber safety service. Operating from the UK, South Africa, North America and continental Europe, our teams deliver global services with a local feel.

PRESS RELEASEMcLean, Va. & Bedford, Mass., April 25, 2024 — MITRE’s Cyber Resiliency Engineering Framework (CREF) NavigatorTM now incorporates the US Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) so cybersecurity engineers for the Defense Industrial Base (DIB) can strengthen supply chain resilience against sophisticated cybersecurity attacks. The CREF Navigator aligns with NIST SP 800-171, the National Institute of Standards and Technology’s (NIST) publication designed to safeguard Controlled Unclassified Information (CUI) and the subset of NIST SP 800-172 that aligns with the proposed CMMC Level 3 model which has 24 of the 34 security requirements that address more sophisticated cybersecurity attacks.“Our national security depends on the security of our defense systems and the supply chains to enable that defense,” said Wen Masters, vice president, cyber technologies, MITRE. “All along the supply chain, you need accountability in following the appropriate security requirements to build a resilient system. Resilience in the face of a cyber-attack is not a quick fix. Resiliency must be engineered before an incident.”MITRE in partnership with NIST created the original cyber resiliency framework, NIST SP 800-160, Volume 2 (Rev. 1). The CREF Navigator, which debuted in early 2023, makes that NIST framework searchable and visualized. With the tool, engineers can make educated and informed choices while designing resilient cyber solutions. Beyond pairing with CMMC, the CREF Navigator also aligns with the MITRE ATT&CK® knowledge base of tactics and techniques and Cyber Model-Based Systems Engineering (MBSE) for cyber threat modeling.“To allow cyber engineers to customize the tool for their individual needs, we enhanced the CREF Navigator so users can create their own scenarios and apply different parameters of threats and techniques,” said Shane Steiger, principal cybersecurity engineer, MITRE. “Regardless of how you keep your security data, you can import your data into the CREF Navigator via a .csv file, and the visualization of the data can be exported back out to a .csv file. Later this year, we’ll add enhancements for Zero Trust Architectures.”As with many of MITRE’s resources for cyber defenders that are developed in the public interest, the CREF Navigator is freely available to the greater cyber community. See the CREF Navigator in action at https://CREFNavigator.mitre.org.About MITREMITRE’s mission-driven teams are dedicated to solving problems for a safer world. Through our public-private partnerships and as an operator of federally funded R&D centers, we work across government and in partnership with industry to tackle challenges to the safety, stability, and well-being of our nation. Learn more at mitre.org.

PRESS RELEASEMontreal, Quebec, Canada – April 25, 2024 – Flare, a global leader in Threat Exposure Management, is pleased to announce that renowned cybersecurity expert Jason Haddix has joined the organization as Field CISO. Jason Haddix (aka @jhaddix) is CEO, hacker, and trainer for Arcanum Information Security, a world class and highly sought cybersecurity assessment and training company. Over his 20-year career in cybersecurity, Jason has held numerous high profile roles, including as CISO of Buddobot, CISO of Ubisoft, Head of Trust/Security/Operations at Bugcrowd, Director of Penetration Testing at HP, and Lead Penetration Tester at Redspin. Jason is well-known throughout the cybersecurity community, having authored a number of talks on offensive security methodology. Over the years he has spoken at many high profile security conferences, including DEFCON, BSides, BlackHat, RSA, OWASP, Nullcon, SANS, IANS, BruCon, and Toorcon.”We are excited to welcome Jason to the Flare team as a strategic advisor. His exceptional background, depth of knowledge, and vision in cyber make him the perfect fit to help us accelerate our expansion and recognition as a leader in Threat Exposure Management,” said Flare CEO Norman Menz. “Jason’s appointment reaffirms our commitment to staying one step ahead in the continually evolving cyber threat landscape, and to maintaining the highest security standards for our clients.” In his strategic advisory role as Field CISO, Jason will leverage his deep industry expertise to forge connections within the cybersecurity community, and will help guide Flare’s security strategies and product vision. Jason’s diverse background will bring fresh perspectives and help enrich Flare’s approach to addressing critical security challenges and shaping strategic initiatives.”Joining Flare offers me a unique opportunity to contribute to the company’s mission of excellence in Cyber Threat Exposure Management, while also continuing my commitment to Arcanum,” said Jason. “I’m excited to share my experience and work alongside Flare’s talented team to drive forward-looking security initiatives and cutting-edge product features. I’m looking forward to being an integral part of Flare’s commitment to protecting customers and leveling the playing field for defenders in the cyber security realm.”To learn more about the rest of the team driving Flare’s growth in the Threat Exposure Management space, visit https://flare.io/company/team/. About FlareFlare is at the forefront of Threat Exposure Management, delivering AI-driven solutions that provide comprehensive, real-time threat analysis and remediation. With its advanced technology, Flare offers a proactive approach to cybersecurity, scanning the online world, including the clear and dark web, to identify, prioritize, and address potential threats swiftly and efficiently. For more information, visit https://flare.io.