Short Summary:
Operational Relay Box (ORB) networks are increasingly used by threat actors, particularly those linked to the People’s Republic of China (PRC). These networks combine elements of botnets and VPNs to provide anonymity and resilience, complicating detection and disruption efforts. ORB networks facilitate various cyber operations, from reconnaissance to data exfiltration, and pose significant challenges for cybersecurity teams.…
Short Summary:
The “Voice of a Threat Hunter 2024” report reveals that 53% of security practitioners believe their threat hunting programs are very effective, up from 41% in 2023. Key factors for this effectiveness include the right tools, trained analysts, and baseline data. The report also highlights the top objectives, challenges, enhancements, and priorities for threat hunting programs, emphasizing the need for proactive measures and adequate funding.…
Short Summary:
The “Voice of a Threat Hunter 2024” report highlights the need for security teams to evolve their threat hunting strategies to combat the increasing frequency and severity of cyber attacks. While many organizations have implemented threat hunting programs, challenges such as funding, historical data, and talent shortages hinder their effectiveness.…
Short Summary:
This blog post discusses the collaborative efforts of Silent Push, Stark Industries Solutions, and Team Cymru in addressing the ongoing threat posed by the financially motivated group FIN7. Recent research has identified numerous domains linked to FIN7 activities, leading to the discovery of potential infrastructure used by the group.…
Short Summary:
This article provides a comprehensive overview of threat intelligence services, emphasizing their importance, methodology, benefits, and future in enhancing organizational cybersecurity posture.
Key Points:
Proactive Defense: Anticipating and mitigating attacks before they occur. Informed Decision-making: Prioritizing threats based on potential impact and likelihood. Resource Optimization: Efficient allocation of resources to address significant threats.…“`html
Short SummaryThe blog post discusses the ongoing threat posed by the Quad7 botnet, which has evolved to include a new tranche of bots operating on a different port. The analysis reveals the botnet’s resilience and adaptability, highlighting its continued activity and the need for robust security measures to combat such threats.…
Security Operations Center (SOC) Tier 1 and 2 analysts play a critical role in protecting organizational assets from threats. However, given the pressures of the role, their effectiveness and job satisfaction are highly dependent on the quality and timeliness of the intelligence they receive.…
Analysis of an Android Malware-as-a-Service Operation
Coper, a descendant of the ,,Exobot malware family, was ,,first observed in the wild in July 2021, targeting Colombian Android users. At that time, Coper (the Spanish translation of “Copper”) was distributed as a fake version of Bancolombia’s “Personas” application.…
A Data-Driven Approach Based on Analysis of Network Telemetry
In this blog post, we will provide an update on our high-level analysis of QakBot infrastructure, following on from our previous blog post. We will pick up the timeline from where we left it, basing our findings on data collected between 1 May and 20 July 2023.…
Introduction
In this blog post, we will provide an update on our continued analysis and tracking of infrastructure associated with IcedID’s BackConnect (BC) protocol; a continuation of the analysis we shared in late-December 2022, which you can read here, in addition to our campaign metrics and infrastructure tracking blog posts.…
A Data-Driven Approach based on Analysis of Network Telemetry
This blog post seeks to draw out some high-level trends and anomalies based on our ongoing tracking of QakBot command and control (C2) infrastructure. By looking at the data with a broader scope, we hope to supplement other research into this particular threat family, which in general focuses on specific infrastructure elements; e.g.,…
Six reasons why going faster with Cyber Threat Reconnaissance is mission critical
Introduction
Cyber Threat Reconnaissance is a critical aspect of any cybersecurity strategy. With cyber attacks becoming more frequent and sophisticated, it is essential for organizations to gather intelligence and stay ahead of potential threats.…
Identifying Connected Infrastructure and Management Activities
Introduction
This blog post seeks to build on recent public reporting on campaigns attributed to SideCopy, a Pakistani-linked threat group. SideCopy has been active since 2019, primarily targeting South Asian countries, with a focus on India and Afghanistan. The group’s name comes from its use of an infection chain that mimics that of SideWinder APT, an Indian-linked threat group.…