FOCUS MODE
EXTRACT IOC
0Trash

ZDI Threat Hunting 2024 Highlights Trends and Challenges

admin
ZDI Threat Hunting 2024 Highlights Trends and Challenges
In 2024, the Zero Day Initiative Threat Hunting team made significant strides in identifying and addressing zero-day vulnerabilities, highlighting the challenges of narrow patching and the rise of sophisticated phishing attacks. This blog outlines key achievements and trends, emphasizing the importance of proactive threat hunting and collaboration with software vendors. Affected: Microsoft Windows, Dropbox

Keypoints :

  • The Zero Day Initiative Threat Hunting team identified numerous zero-day vulnerabilities throughout 2024.
  • Notable vulnerabilities included CVE-2024-21412 and CVE-2024-29988, both related to SmartScreen bypasses.
  • Threat actors like the Water Hydra APT group exploited these vulnerabilities in campaigns targeting financial sectors.
  • Virtual patching provided Trend Micro customers with protection before official vendor patches were released.
  • The rise of AI and LLMs has led to more sophisticated phishing attacks.
  • Narrow patching remains a significant issue, allowing threat actors to exploit vulnerabilities shortly after patches are released.
  • Communication breakdowns between software vendors and security researchers hinder effective vulnerability management.
  • Flaws in the Common Vulnerability Scoring System (CVSS) can lead to misprioritization of vulnerabilities.
  • The Zero Day Initiative emphasizes the need for secure-by-design principles across software vendors.

MITRE Techniques :

  • Tactic: Initial Access, Technique: Exploit Public-Facing Application (T1190), Procedure: Exploitation of CVE-2024-21412 by Water Hydra APT group.
  • Tactic: Execution, Technique: Command-Line Interface (T1059), Procedure: Use of CVE-2024-38112 to infect users with Atlantida stealer.
  • Tactic: Defense Evasion, Technique: Obfuscated Files or Information (T1027), Procedure: Spoofing file extensions using CVE-2024-43461.
  • Tactic: Privilege Escalation, Technique: Exploit Vulnerability (T1203), Procedure: Exploitation of CVE-2024-38213 to bypass SmartScreen protections.
  • Tactic: Credential Access, Technique: Phishing (T1566), Procedure: Use of AI-generated phishing content to target users.

Indicator of Compromise :

  • [url] CVE-2024-21412
  • [url] CVE-2024-29988
  • [url] CVE-2024-38112
  • [url] CVE-2024-43461
  • [url] CVE-2024-49041
  • Check the article for all found IoCs.

Full Research: https://malware.news/t/zdi-threat-hunting-2024-highlights-trends-challenges/89995

Tags: DEFENSE EVASION, INITIAL ACCESS, CRYPTO, THREAT HUNTING, SPOOFING, IMPACT, PRIVILEGE, HUNTING