📄 Original Report (PDF): Download EQST Insight 2025 July →
July 2025’s EQST Insight addresses the challenge of achieving comprehensive security visibility across hybrid environments, analyses the DireWolf ransomware group’s novel victim negotiation strategy, and continues the Zero Trust series with network-layer controls.
Headline: Security Visibility & Gray Zone Vulnerabilities
Many organisations have invested heavily in detection tools yet still suffer breaches through “gray zone” vulnerabilities — assets and attack paths that fall outside the coverage of any single monitoring solution. EQST defines gray zones as the overlapping gaps between EDR, network monitoring, cloud security posture management (CSPM), and OT/ICS monitoring. The report proposes a Security Visibility Index methodology: map all assets, assign a monitoring coverage score to each, and prioritise coverage gaps for remediation. Common gray zones identified include cloud-native services accessed via personal credentials, legacy OT systems with no agent support, and third-party SaaS integrations with no API-level logging.
Keep Up with Ransomware: DireWolf — Per-Victim Negotiation Channels
EQST analysed DireWolf ransomware, notable for its operational security approach to victim negotiations. Rather than using a centralised leak site for all victims, DireWolf establishes a unique, ephemeral Tor-based negotiation channel for each victim — making it harder for researchers and law enforcement to track victim count, ransom demands, and payment patterns. EQST observed DireWolf targeting logistics and supply chain companies where operational downtime creates intense pressure to pay. The report includes DireWolf’s technical indicators, encryption methodology, and recommended containment steps.
Special Report: Zero Trust Security Strategy — Network
The network segment of EQST’s Zero Trust series covers micro-segmentation, encrypted east-west traffic, and software-defined perimeter (SDP) architectures. Traditional flat networks allow ransomware and lateral movement to spread rapidly once an attacker is inside. EQST recommends phasing in micro-segmentation by starting with the most critical asset groups (e.g., domain controllers, financial systems, OT networks), implementing mutual TLS for service-to-service communication, and deploying network detection and response (NDR) to baseline and alert on anomalous internal traffic. The report includes a practical roadmap for organisations transitioning from perimeter-based to zero trust network architecture.
Source: SK Shieldus EQST Insight, July 2025 — skshieldus.com
