In late January 2023, Kaspersky Lab published a report on dark web ads looking for specialized skilled individuals.  The company researched the job offers in the underground for over 30 months and found that criminals and gangs (mostly those associated with advanced persistent threat or established criminal groups) posted more than 200,000 ads looking for individuals with software development experience, maintaining IT infrastructure, and designing web sites to support criminal activities and email campaigns.  Notably, the peak of this solicitation occurred during the COVID pandemic period, where the larger hostile actor ecosystem sought to leverage the uncertainty brought on by the tumultuous environment to their operational advantage, executing campaigns against a distracted world populace.

This Q and A session took place after Dr. Flagg’s initial presentation at the January 2023 OODA Network Member Meeting

The Opportunities for Advantage Series of posts will continue this year. Designed to explore how exponential disruption and innovation require organizations to focus efforts to gain advantage, in a recent review of the series we found that there were patterns and groupings which deserved to be highlighted. To start: the opportunities for advantage created by the exponential disruption of the industrial base (including the defense industrial base) coupled with exponential biotechnology innovation to build the bioeconomy of the future. The following is a primer on the potential of such an effort  – including the challenges, threats, risks, and opportunities ahead for your organization in this technology and business ecosystem of the future.

In this OODA Loop Q&A with OODA Network Expert Kristin Del Rosso, we discuss her presentation last year at labscon.io 2022 in Scottsdale, AZ, entitled “Is CNVD ≥ CVE? A Look at Chinese Vulnerability Discovery and Disclosure.” Del Rosso is a product manager at Sophos focusing on Incident Response, Threat Intelligence, and the SecOps ecosystem. Previously, she was an analyst on Lookout Mobile Security’s Threat Intelligence team, focusing on reversing Android surveillance software, and tracking threat actors and their infrastructure.

The growing use and reliance on complex digital business systems is exacerbating cyber-risk, a systemic risk to your business, one which can result in serious, perhaps even existential damage. The interactions of information and technology have evolved from segmented IT functions into the central nervous systems controlling the most vital assets and systems of your business. Cyber-risk threatens these systems. Boards realize this is a major problem but are challenged by its enormity and complexity to find a path to better governance. Instead, they often retreat to a false sense of security offered by a “check-the-box” solution. However, the “whack-a-mole” feeling soon returns and persists-the feeling that more should be done. But how to do it?