Enterprises moving to the cloud from legacy data centers face many security challenges in making that transition, most notably the following four challenges.

A malicious .docx file was uploaded to Virus Total that uses several of Mitiga’s publicly available branding elements including logo, fonts, and colors, to lend credibility to the document. Mitiga was not breached, though the file was created by a threat actor, most likely for use as part of phishing or malware spreading campaigns.

The Startup Pill recently recognized Mitiga in two articles highlighting exceptional startups in the cyber security industry.The publication put together a list of the 89 Best Cloud Security Startups Of 2020, and Mitiga is number nine on the list!

A few weeks ago, one of Mitiga’s employees received an email phishing for credentials. Instead of just laughing it off, our team decided to use their lunch breaks to analyze it. What we found indicates a sophisticated phishing platform that uses AWS and Oracle infrastructure to phish Office 365 email accounts.

Mitiga uncovered a widespread and well-executed Business Email Compromise (BEC) campaign in which cybercriminals are impersonating senior executives using Office 365’s email services in order to intercept sensitive communications and then alter wire transfer details and redirect funds to rogue bank accounts.

Based on recent research and analysis, Mitiga issued a global advisory, warning AWS customers running EC2 instances based on Community AMIs (Amazon Machine Instances), from potentially embedded malicious code. We strongly advise verifying their security before continuing using these instances.

But today, in the midst of a pandemic outbreak of Coronavirus (COVID-19) and while governments and global organizations work to contain and eradicate the virus, we’re hearing of a new wormable vulnerability in Microsoft’s SMBv3 protocol.How can we learn from these unfortunate events to provide us with a different context and an opportunity to rethink our level of readiness for unexpected, viral cyber events?

Organizations have widely adopted the Crown Jewels concept in their efforts to build cost-effective cybersecurity strategies and plans in the ever-growing world of risks and challenges. However, the Crown Jewels concept could undermine the chances of effectively detecting, reacting to and recovering from a cyber-attack. It is time for the adoption of new concepts and new methodologies.