The Sophos MDR Threat Intelligence team previously published the blog Akira Ransomware is “bringin’ 1988 back” in May 2023, roughly two months after the group is reported to have begun …
Tag: MDR
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
eSentire has observed multiple instances of threat actors exploiting vulnerabilities in Qlik Sense to gain initial access into victim organizations. Qlik Sense is a popular data analytics platform; …
Since the conflict escalated on October 7, 2023, with an aggressive stance from Hamas towards Israel, cyber-threats have surged. For example, many Pro-Hamas and Pro-Palestine hacktivists, alongside state-backed aggressors, have …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
In January 2023, the FBI collaborated with law enforcement agencies in Germany and the Netherlands to successfully dismantle one of the most notorious ransomware groups known as Hive. Since June …
Last updated at Fri, 03 Nov 2023 18:32:32 GMT
Tom Elkins, John Fenninger, Evan McCann, Matthew Smith, and Micah Young contributed attacker behavior insights to this blog.
Beginning Friday, October …
Security Joes Incident Response team volunteered to assist Israeli companies during the times of war between the state of Israel and the terrorist organization Hamas. During the forensics investigation, we …
Threat hunting encompasses a range of techniques and approaches aimed at discovering anomalies, threats, and risks associated with attacker activities. In the early days, log review by diligent system administrators …
Threat actors are known for impersonating popular brands in order to trick users. In a recent malvertising campaign, we observed a malicious Google ad for KeePass, the open-source password manager which …
Vietnamese cybercrime groups are using multiple different Malware as a Service (MaaS) infostealers and Remote Access Trojans (RATs) to target the digital marketing sector. These actors greatly value …
In recent weeks, we have noted an increase in malvertising campaigns via Google searches. Several of the threat actors we are tracking have improved their techniques to evade detection throughout …
eSentire has observed an increase in Adversary-in-the-Middle (AitM) phishing attacks, starting in mid-September 2023. AitM phishing attacks involve socially-engineering end-users into opening malicious links contained in emails. Data …
In February 2023, Microsoft disclosed its new AI-assisted search engine, Bing Chat, powered by OpenAI’s GPT-4. Even though Google has been dominating the search industry for years, this event was …
eSentire, a top global Managed Detection and Response (MDR) security services provider, intercepted and shut down three separate ransomware attacks launched by affiliates of the notorious, Russia-linked LockBit …
A new malvertising campaign is targeting corporate users who are downloading the popular web conferencing software Webex. Threat actors have bought an advert that impersonates Cisco’s brand and is displayed …
Knowledge is our best weapon in the fight against cybercrime. An understanding of how various gangs operate and what tools they use helps build competent defenses and investigate incidents. …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
Security Joes Incident Response team recently became aware of a set of relatively new CVEs that were released at the end of March 2023. Surprisingly, these vulnerabilities have received little …
Authored by Preksha Saxena
McAfee labs observed a Remcos RAT campaign where malicious VBS files were delivered via phishing email. A phishing email contained a ZIP/RAR attachment. Inside this ZIP, …
Last updated at Tue, 07 Nov 2023 16:33:39 GMT
Technical Analysis by: Thomas Elkins, Natalie ZargarovContributions: Evan McCann, Tyler McGraw
Recently, Rapid7 observed the Fake Browser Update lure tricking users …
Last updated at Thu, 07 Sep 2023 14:02:21 GMT
Tyler Starks, Christiaan Beek, Robert Knapp, Zach Dayton, and Caitlin Condon contributed to this blog.
Rapid7’s managed detection and response (MDR) …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
Awareness of the newest shifts and patterns is vital in the fast-changing world of cyber threats. This rings particularly true with ransomware, known for its quick changes and intricate tactics. …
CrowdStrike Counter Adversary Operations is committed to analyzing active exploitation campaigns and detecting and blocking zero-days to protect our customers. In July 2023, the CrowdStrike Falcon® Complete managed detection and …
Updated 19:35 UTC, 26 July 2023 to add information about additional research available on Nitrogen.
In mid-June, Sophos X-Ops identified a previously unreported initial-access malware campaign leveraging malicious advertising (malvertising) …
We all have thoughts that keep us up at night.
Will the ticking noise the car made end up being an expensive repair? When will YouTube superstar John Hammond respond …
WhiteSnake Stealer first appeared on hacking forums at the beginning of February 2022.
The stealer collects data from various browsers such as Firefox, Chrome, Chromium, Edge, Brave, Vivaldi, …
We often think of malvertising as being malicious ads that push malware or scams, and quite rightly so these are probably the most common payloads. However, malvertising is also a great …
During the week of February 20, 2023, Sophos X-Ops MDR team received two separate requests for threat hunts related to unusual activity in two customers’ Microsoft 365 (formerly Office 365) …
Since November 2022, the eSentire Threat Response Unit (TRU) has observed the resurgence of what we believe to be a malicious campaign targeting the manufacturing, commercial, and healthcare organizations. The …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
Since December 2022, the eSentire Threat Response Unit (TRU) has observed Aurora Stealer malware infections in the manufacturing industry. It’s distributed via fake Google Ads for Notepad++ installer. Aurora Stealer …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
On May 8, 2023, a known cybercriminal group attempted and failed at an extortion scheme against Dragos. No Dragos systems were breached, including anything related to the Dragos Platform.
Dragos …
With recent reports that Charming Kitten group (aka Mint Sandstorm) is actively targeting critical infrastructure in the US and other countries, we would like to share the most recent insights …
Financial accountant firms and CPAs are in the crosshairs this tax season, as a threat actor is targeting that industry with an attack that combines social engineering with a novel …
In the first week of April 2023, the eSentire Threat Intelligence team observed a significant increase in Qakbot incidents impacting various industries. Qakbot is an information-stealing malware. Qakbot …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
Web application vulnerabilities are like doorways: you never know who or what will walk through. Between December 2021 and July 2022, the Mandiant Managed Defense and Incident Response teams responded …
Last updated at Tue, 27 Feb 2024 17:17:29 GMT
Note: While Rapid7 did not definitively tie the attacker behavior in this blog to a specific CVE at time of publication, …
Late last year, Sophos X-Ops responded to exploitation of what appeared to be the ProxyNotShell attack flow, which targets Microsoft Exchange servers, and which Microsoft attempted to address in an …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
In recent weeks OneNote has gotten a lot of media attention as threat actors are abusing the embedded files feature in OneNote in their phishing campaigns.I first observed this OneNote …
By Securonix Threat Labs, Threat Research: D. Iuzvyk, T. Peck, O. Kolesnikov
Figure 1: Spot the PowerShell invoke expression
IntroductionWhile the image above appears to be purely nonsense, believe …
Starting on January 20 2023, Bitdefender Labs started to notice a global increase in attacks using the ManageEngine exploit CVE-2022-47966. This Remote Code Execution (RCE) vulnerability (CVSSv3 critical score 9.8) allows …
First introduced in July 2022, Icarus Stealer is an infostealer malware that uses an hVNC capability so that the threat actor can create a new hidden desktop to navigate through …