April 10, 2024
Tommy Madjar, Selena Larson and the Proofpoint Threat Research Team
What happenedProofpoint identified TA547 targeting German organizations with an email campaign delivering Rhadamanthys malware. This is the first time researchers observed TA547 use Rhadamanthys, an information stealer that is used by multiple cybercriminal threat actors. …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes.
We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.…
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes.
We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.…
Check out our on-demand Annual Report webinar or read on for a summary of key topics and themes in the report.
2023 was a year in which cybercrime evolved in significant ways. Our 2023 annual report serves as a playbook of adversaries’ tactics, techniques, and procedures (TTPs) in 2023, with the goal of giving your security team a 360-degree view of the threat landscape.…
Summary: The U.S. Department of Health and Human Services (HHS) has warned that hackers are using social engineering tactics to target IT help desks in the Healthcare and Public Health sector, allowing them to gain access to organizations’ systems and carry out business email compromise attacks.…
Summary: This content discusses the rise of social media as a browser security challenge in the modern workspace, where personal and professional digital spaces are becoming increasingly blurred. It highlights the cybersecurity challenges that arise when employees engage with their personal social media accounts on company devices, making them inadvertent targets for threat actors.…
Summary: This article discusses the escalating threat of a fake e-shop campaign that targets banking security across various regions. The campaign has expanded from targeting Malaysian banks to financial institutions in Vietnam and Myanmar, using sophisticated tactics and Android malware with screen-sharing capabilities.
Threat Actor: Unknown | fake e-shop campaign Victim: Financial institutions in Malaysia, Vietnam, and Myanmar | Malaysian banks, Vietnam, Myanmar
Key Point :
A fake e-shop campaign has expanded its reach from Malaysian banks to financial institutions in Vietnam and Myanmar.…Key Points
In early April 2024, ReliaQuest investigated numerous similar incidents targeting customers in the health care sector.We concluded that these intrusions form part of a new campaign targeting health care organizations with the goal of accessing banking information.The attacks used social engineering techniques against help desk staff to bypass account access controls.…In 2022, the DonutLeaks group emerged as a significant player, demonstrating a sophisticated approach to data extortion. Linked to cyber incidents targeting notable enterprises such as Greek natural gas company DESFA, UK architectural firm Sheppard Robson, and multinational construction company Sando, DonutLeaks has swiftly garnered attention for its aggressive tactics and extensive data leaks when it first emerged.…
Key Point: – Only 3% of organizations have the ‘mature’ level of readiness for cybersecurity risks. – Readiness has decreased significantly from one year ago. – Companies struggle to defend against various cyber attacks. – There is a disparity between confidence and readiness in companies. – Investments in integrated platforms and AI are necessary for effective defense.…
Key Point : – Phishing attacks targeting login credentials for IAM, cloud resources, and SSO-enabled systems are on the rise. – SMS phishing (smishing) has seen a significant surge in 2024. – The Com, a geographically diverse group of threat actors, is responsible for these attacks.…
On February 21st, 2024, Cofense Intelligence identified an advanced phishing campaign that targeted the Oil and Gas sector to deliver Rhadamanthys Stealer, an advanced information stealer offered as Malware-as-a-Service (MaaS). The campaign incorporates several complex tactics, techniques, and procedures (TTPs) along with a unique vehicle incident lure that spoofs the Federal Bureau of Transportation.…
This blog discusses the Darktrace Threat Research team’s investigation into Raspberry Robin, an evasive worm that is primarily distributed through infected USB drives. Once it has gained access to a target network, Raspberry Robin is able to infect devices with additional malware variants.
IntroductionIn the face of increasingly hardened digital infrastructures and skilled security teams, malicious actors are forced to constantly adapt their attack methods, resulting in sophisticated attacks that are designed to evade human detection and bypass traditional network security measures.…
Published On : 2024-03-27
EXECUTIVE SUMMARYAt CYFIRMA, we are dedicated to providing current insights into prevalent threats and strategies utilized by malicious entities, targeting both organizations and individuals. This in-depth examination focuses on Sync-Scheduler stealer, a malware that specifically targets documents, and has been designed with anti-analysis capabilities.…
____________________
Armed forces use war-gaming exercises for training, and cybersecurity exercises are now being used to test and improve organizations’ ability to detect and respond to cyber threats.
Key Point :
Cybersecurity exercises help organizations proactively identify and address vulnerabilities.
Types of cybersecurity exercises include table-top simulations, digital simulations, red and blue teaming, penetration testing, and phishing exercises.…
On January 25, 2024, Microsoft reported a breach of their systems by the Russian APT group Midnight Blizzard, also known as APT29 and Cozy Bear. The attackers performed a password spray, compromised a Microsoft 365 test tenant account that didn’t have multi-factor authentication (MFA) enabled, and leveraged the account’s access to a legacy OAuth app to escalate privileges and exfiltrate email messages from Microsoft’s corporate Exchange Online environment.…
Jamf Threat Labs dissects ongoing infostealer attacks targeting macOS users. Each with different means of compromising victim’s Macs but with similar aims: to steal sensitive user data.
IntroductionOver the past year, the macOS environment has been under constant attack by infostealers. Many of these stealers are targeting individuals involved in the crypto industry with a focus on harvesting credentials along with data from various crypto wallets.…
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes.
We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.…
macOS stealer found camouflaged in an Apple/Bash payload
In the ever-evolving landscape of cybersecurity threats, macOS users now face a new danger. This time, it comes in the form of a DMG trojan involving a partially obfuscated AppleScript and Bash payload hosted on a remote server.…
MuddyWater APT has targeted government and private companies since 2017, including critical sectors such as energy, telecommunications, government, and defense. In February 2024, MuddyWater resumed spear-phishing attacks using new techniques. The National Cyber Directorate of Israel attributed the team’s attack toolkit and attack pattern findings to the MuddyWater group in March 2024, following an increase in new attacks.…