1,000 Threat Reports and Counting: Details of the CompTIA ISAO’s Cybersecurity Updates

The CompTIA ISAO publishes an average of more than two threat reports per day, containing actionable information to help members avoid, defeat, or recover from a cyberattack. Here's what we've seen through the first 1,000 reports.

cyber-threat-analysis-CAMEarlier this month, the CompTIA ISAO issued its 1,000th threat report, providing members with real-time intelligence and analysis that helps raise the cyber resilience of the whole IT industry. Considering October is Cybersecurity Awareness Month, the timing seems only appropriate.

The CompTIA ISAO issued its first threat report on August 19, 2020. Since then, we have seen a steady rise in the average daily number of threat reports that publish. We saw a peak this past July, with just under 11 threat reports per day. Given the cyberattack against Kaseya that took place over the July 4 holiday weekend, this makes sense. The next largest peak of activity took place in February 2021, which averaged just under nine threat reports per day. Most recently, September and October 2021 witnessed just over eight and six average threat reports per day, respectively.

All this confirms a known fact. Cyberattacks are increasing, but so is the sharing of critical cyber threat intelligence, the raw source data that informs our threat reports. This means that CompTIA ISAO members know more than ever about the evolving threat landscape and the threats that pose immediate risk to their businesses as well as those of their customers.

More Threats, but More Safety Measures Taken

Since the first report, we have averaged more than 71 threat reports each month (more than two per day). That may seem like too much information to ingest, but thanks to our team of cyber analysts and other contributors, these reports are intentionally designed to be easily consumed and acted upon. They contain actionable information to help you avoid, defeat, or recover from an attack.

We do this by first categorizing our threat reports into six buckets. Breaking New Reports are threat alerts that highlight active exploits, zero-day attacks or known vulnerabilities that present a high risk of successful attack. This is the most time sensitive type of alert the CompTIA ISAO generates as it contains specific information related to the threat and mitigation recommendations to address the threat. These are classified by severity: low, medium, and high, based on the potential impact to our members as well as being classified by Traffic Light Protocol (TLP), which governs the sharing of this information within your own organization, your customer or partner organizations or the broader constituent communities.

In addition to Breaking New Reports, we break down our reports into the following categories: DHS Report, for reports issue by the United States Department of Homeland Security; Law Enforcement Reports, which may be federal, state, regional or local; Vendor Reports shared by vendor members of the CompTIA ISAO; Weekly Reports, which are structured weekly overviews of the cyber threat landscape for that week; and Weekly Video Reports, which are  10-minute summaries of the most important threats reported on during the week. This categorization helps CompTIA ISAO members focus on what’s most important, while also having access to the full breadth of our analysts reporting, to keep informed of all the threats facing member companies and their customers.

Big Wins that Keep Members Secure

Of the first 1,000 threat reports issued by the CompTIA ISAO, almost 12% were issued with a High Severity rating, 16% were Medium Severity, and 13.5% were Low Severity. The remainder, about 59%, were issued without a severity level. In addition, 18% were classified as TLP:Amber, 67% were TLP:Green, 13% were TLP:White, and none were TLP:Red.

Over the past 14 months, we have had some highly impactful wins for our members. First, the threat report we issued on September 14, 2020, not even one month after our first report highlighted the active exploitation of CVE-2020-1472, also known as the Microsoft NetLogon vulnerability. This alert came to the CompTIA ISAO through our partnership with the IT-ISAC and was issued 48 hours before other sources started to alert and publicize the threat. In less than a month of active reporting, the CompTIA ISAO provided our members with a 48-hour lead time to close the vulnerability and protect themselves and their customers. We are proud that no CompTIA ISAO member was impacted by this threat, thanks in part to this threat report.

More recently, we issued several threat reports around the before-mentioned Kaseya attack in July, the PrintNightmare vulnerability that was present throughout July and much of August, and the Microsoft MSHTML vulnerability that came to light in early September, to name a few.

Moving forward, we expect the volume of threat reports to fluctuate while still growing, on average, over time. This represents the reality of the threat landscape we find ourselves navigating on a daily basis.

In addition to our threat reports, the CompTIA ISAO provides our members with access to SophosLabs Intelix real-time threat analysis that draws on Sophos’ petabytes of data and world-class threat researchers. This provides another tool for CompTIA ISAO members to evaluate suspected sites and files to better protect themselves and their customers. Results from these inquiries may also be shared with the CompTIA ISAO Threat Intelligence Platform (TIP) TruSTAR from Splunk. Every CompTIA ISAO member has access to this TIP as well as their own private TIP instance where they can do their own threat hunting or modeling and share those results with the CompTIA ISAO to enrich our threat intelligence for everyone’s benefit.

How’s Your Cyber Risk Rating? Earlier this month, we also introduced the CompTIA ISAO Cyber Risk Rating powered by SecurityScorecard. This innovative service assigns a letter grade of A through F to every CompTIA ISAO member company and the vendor community that supports them. The grade is one measure of an organization’s security posture and speaks to the organization’s attention to their publicly facing cybersecurity activity. With this service, members are able to monitor and improve their score with prescriptive, step-by-step guidance; measure the risk of suppliers and vendors; communicate their cybersecurity posture to their clients and partners; and receive actionable steps to improve their score.

Taken all together with the nearly 1,600 discussions posts taking place on the CompTIA ISAO Cyber Forum, where members collaborate, ask questions, and share best practices, the CompTIA ISAO continues to raise the cybersecurity resilience of the global tech industry for the good of all.

MJ Shoer is senior vice president and executive director of the CompTIA ISAO.

Want to be cyber resilient?
Join the CompTIA ISAO now!

Leave a Comment