Key Point: – Only 3% of organizations have the ‘mature’ level of readiness for cybersecurity risks. – Readiness has decreased significantly from one year ago. – Companies struggle to defend against various cyber attacks. – There is a disparity between confidence and readiness in companies. – Investments in integrated platforms and AI are necessary for effective defense.…
Tag: SOCIAL ENGINEERING
Key Point : – Phishing attacks targeting login credentials for IAM, cloud resources, and SSO-enabled systems are on the rise. – SMS phishing (smishing) has seen a significant surge in 2024. – The Com, a geographically diverse group of threat actors, is responsible for these attacks.…
On February 21st, 2024, Cofense Intelligence identified an advanced phishing campaign that targeted the Oil and Gas sector to deliver Rhadamanthys Stealer, an advanced information stealer offered as Malware-as-a-Service (MaaS). The campaign incorporates several complex tactics, techniques, and procedures (TTPs) along with a unique vehicle incident lure that spoofs the Federal Bureau of Transportation.…
This blog discusses the Darktrace Threat Research team’s investigation into Raspberry Robin, an evasive worm that is primarily distributed through infected USB drives. Once it has gained access to a target network, Raspberry Robin is able to infect devices with additional malware variants.
IntroductionIn the face of increasingly hardened digital infrastructures and skilled security teams, malicious actors are forced to constantly adapt their attack methods, resulting in sophisticated attacks that are designed to evade human detection and bypass traditional network security measures.…
Published On : 2024-03-27
EXECUTIVE SUMMARYAt CYFIRMA, we are dedicated to providing current insights into prevalent threats and strategies utilized by malicious entities, targeting both organizations and individuals. This in-depth examination focuses on Sync-Scheduler stealer, a malware that specifically targets documents, and has been designed with anti-analysis capabilities.…
____________________
Armed forces use war-gaming exercises for training, and cybersecurity exercises are now being used to test and improve organizations’ ability to detect and respond to cyber threats.
Key Point : ⭐ Cybersecurity exercises help organizations proactively identify and address vulnerabilities. ⭐ Types of cybersecurity exercises include table-top simulations, digital simulations, red and blue teaming, penetration testing, and phishing exercises.…
On January 25, 2024, Microsoft reported a breach of their systems by the Russian APT group Midnight Blizzard, also known as APT29 and Cozy Bear. The attackers performed a password spray, compromised a Microsoft 365 test tenant account that didn’t have multi-factor authentication (MFA) enabled, and leveraged the account’s access to a legacy OAuth app to escalate privileges and exfiltrate email messages from Microsoft’s corporate Exchange Online environment.…
Jamf Threat Labs dissects ongoing infostealer attacks targeting macOS users. Each with different means of compromising victim’s Macs but with similar aims: to steal sensitive user data.
IntroductionOver the past year, the macOS environment has been under constant attack by infostealers. Many of these stealers are targeting individuals involved in the crypto industry with a focus on harvesting credentials along with data from various crypto wallets.…
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes.
We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.…
macOS stealer found camouflaged in an Apple/Bash payload
In the ever-evolving landscape of cybersecurity threats, macOS users now face a new danger. This time, it comes in the form of a DMG trojan involving a partially obfuscated AppleScript and Bash payload hosted on a remote server.…
MuddyWater APT has targeted government and private companies since 2017, including critical sectors such as energy, telecommunications, government, and defense. In February 2024, MuddyWater resumed spear-phishing attacks using new techniques. The National Cyber Directorate of Israel attributed the team’s attack toolkit and attack pattern findings to the MuddyWater group in March 2024, following an increase in new attacks.…
Key TakeawaysThreat actors (TAs) are actively exploiting platforms like Google Ads and social media platforms such as X (formerly Twitter) to disseminate crypto drainers, employing tactics such as compromising famous accounts, generating counterfeit profiles, and using malicious advertisements.
Cyble Research and Intelligence Labs (CRIL) found multiple drainer source codes leaked on cybercrime forums, including a recent leak of a Solana drainer’s source code. …
Read More Summary : Trezor’s Twitter account was hijacked by cryptocurrency scammers through a fake Calendly invite, leading to offensive tweets being posted. Despite security precautions, the attackers managed to compromise the account.
Key Point : 🔒 Imposter posing as credible entity tricked PR team into clicking on fake Calendly invite link.…
Key FindingsExplosive AI growth: Enterprise AI/ML transactions surged by 595% between April 2023 and January 2024.Concurrent rise in blocked AI traffic: Even as enterprise AI usage accelerates, enterprises block 18.5% of all AI transactions, a 577% increase signaling rising security concerns. Primary industries driving AI traffic: manufacturing accounts for 21% of all AI transactions in the Zscaler security cloud, followed by Finance and Insurance (20%) and Services (17%).…
Read More Summary: The State Department is warning employees about a fraudulent scheme targeting their payroll accounts, involving phishing and social engineering tactics.
Key Point: 🔒 Cybercriminals are using phishing, email takeovers, and social engineering to redirect employee payroll deposits. 📧 The scheme initially targeted annuity accounts before evolving into phishing attempts for login data.…
Key TakeawaysIn February, the FBI took down the WarzoneRAT malware operation, seizing its infrastructure and arrested two individuals linked to the cybercrime operation. Recently, Cyble Research and Intelligence Labs (CRIL) observed few samples of malware campaign possibly distributed via tax-themed spam emails, deploying WarzoneRAT (Avemaria) as the final payload. …
Read More Reinforcement learning is the path forward for AI integration into cybersecurity – Help Net Security
__________________________________________________ Summary: Reinforcement learning is crucial for AI integration into cybersecurity, helping to sift through alerts efficiently and identify real threats. It can enhance detection, prediction, and prevention of cyber attacks.
Key Point: 🔒 Reinforcement learning maximizes capabilities over time by using rewards and punishments to calculate positive and negative behavior.…
Summary : Phishing remains the top route to initial access, with threat actors using social engineering tactics to exploit human behavior and gain entry into compromised environments.
Key Point : 🎣 Phishing links or attacks were used in 71% of all security incidents in 2023. 🔒 Most tactics used for initial access involved user interaction or error.…
Typically spread through malicious attachments, drive-by downloads, or social engineering, Remcos RAT has been active since 2016. Initially presented by BreakingSecurity, a European company, as a legitimate remote control tool, it has since been exploited by threat actors for nefarious purposes, despite claims of restricted access for lawful use.…
This blog entry discusses the Agenda ransomware group’s use of its latest Rust variant to propagate to VMWare vCenter and ESXi servers.
Since its discovery in 2022, the Agenda Ransomware group (also known as Qilin) has been active and in development. Agenda, which Trend Micro tracks as Water Galura, continues infecting victims globally with the US, Argentina, and Australia, and Thailand being among its top targets (based on the threat actor’s leak site data).…