Check out our on-demand Annual Report webinar or read on for a summary of key topics and themes in the report.

2023 was a year in which cybercrime evolved in significant ways. Our 2023 annual report serves as a playbook of adversaries’ tactics, techniques, and procedures (TTPs) in 2023, with the goal of giving your security team a 360-degree view of the threat landscape.…

Read More

Summary: This content discusses the rise of social media as a browser security challenge in the modern workspace, where personal and professional digital spaces are becoming increasingly blurred. It highlights the cybersecurity challenges that arise when employees engage with their personal social media accounts on company devices, making them inadvertent targets for threat actors.…

Read More

Summary: This article discusses the escalating threat of a fake e-shop campaign that targets banking security across various regions. The campaign has expanded from targeting Malaysian banks to financial institutions in Vietnam and Myanmar, using sophisticated tactics and Android malware with screen-sharing capabilities.

Threat Actor: Unknown | fake e-shop campaign Victim: Financial institutions in Malaysia, Vietnam, and Myanmar | Malaysian banks, Vietnam, Myanmar

Key Point :

A fake e-shop campaign has expanded its reach from Malaysian banks to financial institutions in Vietnam and Myanmar.…
Read More

Key Points

In early April 2024, ReliaQuest investigated numerous similar incidents targeting customers in the health care sector.We concluded that these intrusions form part of a new campaign targeting health care organizations with the goal of accessing banking information.The attacks used social engineering techniques against help desk staff to bypass account access controls.…
Read More

In 2022, the DonutLeaks group emerged as a significant player, demonstrating a sophisticated approach to data extortion. Linked to cyber incidents targeting notable enterprises such as Greek natural gas company DESFA, UK architectural firm Sheppard Robson, and multinational construction company Sando, DonutLeaks has swiftly garnered attention for its aggressive tactics and extensive data leaks when it first emerged.…

Read More

Key Point: – Only 3% of organizations have the ‘mature’ level of readiness for cybersecurity risks. – Readiness has decreased significantly from one year ago. – Companies struggle to defend against various cyber attacks. – There is a disparity between confidence and readiness in companies. – Investments in integrated platforms and AI are necessary for effective defense.…

Read More

On February 21st, 2024, Cofense Intelligence identified an advanced phishing campaign that targeted the Oil and Gas sector to deliver Rhadamanthys Stealer, an advanced information stealer offered as Malware-as-a-Service (MaaS). The campaign incorporates several complex tactics, techniques, and procedures (TTPs) along with a unique vehicle incident lure that spoofs the Federal Bureau of Transportation.…

Read More

This blog discusses the Darktrace Threat Research team’s investigation into Raspberry Robin, an evasive worm that is primarily distributed through infected USB drives. Once it has gained access to a target network, Raspberry Robin is able to infect devices with additional malware variants.

Introduction

In the face of increasingly hardened digital infrastructures and skilled security teams, malicious actors are forced to constantly adapt their attack methods, resulting in sophisticated attacks that are designed to evade human detection and bypass traditional network security measures.…

Read More

____________________

Armed forces use war-gaming exercises for training, and cybersecurity exercises are now being used to test and improve organizations’ ability to detect and respond to cyber threats.

Key Point : ⭐ Cybersecurity exercises help organizations proactively identify and address vulnerabilities. ⭐ Types of cybersecurity exercises include table-top simulations, digital simulations, red and blue teaming, penetration testing, and phishing exercises.…

Read More

On January 25, 2024, Microsoft reported a breach of their systems by the Russian APT group Midnight Blizzard, also known as APT29 and Cozy Bear. The attackers performed a password spray, compromised a Microsoft 365 test tenant account that didn’t have multi-factor authentication (MFA) enabled, and leveraged the account’s access to a legacy OAuth app to escalate privileges and exfiltrate email messages from Microsoft’s corporate Exchange Online environment.…

Read More

Jamf Threat Labs dissects ongoing infostealer attacks targeting macOS users. Each with different means of compromising victim’s Macs but with similar aims: to steal sensitive user data.

Introduction

Over the past year, the macOS environment has been under constant attack by infostealers. Many of these stealers are targeting individuals involved in the crypto industry with a focus on harvesting credentials along with data from various crypto wallets.…

Read More

MuddyWater APT has targeted government and private companies since 2017, including critical sectors such as energy, telecommunications, government, and defense. In February 2024, MuddyWater resumed spear-phishing attacks using new techniques. The National Cyber Directorate of Israel attributed the team’s attack toolkit and attack pattern findings to the MuddyWater group in March 2024, following an increase in new attacks.…

Read More