Tag Archive for: Activity

Nuspire Threat Report Reveals Continued Surge in Q3 2022 Threat Activity

/in


Threat activity in Q3 continued to surge following Q2, one of the most active quarters in recent history. According to Nuspire’s Q3 Threat Landscape Report, the company’s researchers noted that threat actors remain opportunistic, preying on organizations that are slow to patch against new vulnerabilities. They also continue to launch widespread phishing campaigns, hoping to lure a victim into interacting with their malicious payloads.

These researchers – Josh Smith, Cyber Threat Analyst, and Justin Heard, Threat Intelligence Manager – spent time reviewing their findings during a recent webinar. Read on for a recap of the key data points, attack vectors and mitigation strategies Josh and Justin shared.

Malware – CoinMiner activity decreases while Kryptik is on the rise

Malware saw an overall decrease in Q3 of 15.73%, however Nuspire witnessed surges in info stealer malware variants like Kryptik.

“Kryptik is a type of trojan malware that seeks to steal credentials from browsers and applications, as well as cryptocurrency wallets, files and SSH keys,” said Josh. “We saw a 236% increase over Q2, which is indicative of a rising usage of information-stealing malware.”

CoinMiner was a top malware in Q2, and while its usage decreased in Q3, it still remained a top variant.

“CoinMiner activity decreased almost 40% in Q3, which could have to do with the struggles we’re seeing in the cryptocurrency arena,” said Josh. “Perhaps this malware isn’t as attractive as it used to be, however I don’t see it going away, because this is a passive income strategy, meaning threat actors don’t have to do a lot of work to reap their rewards.”

Mitigation

There are several ways to combat malware threats to protect your environment from a breach.

“Next generation antivirus is great because it’s not only looking for a specific signature, but also, it can detect certain behaviors that are indicative of a threat,” said Justin. “Another strategy is network segmentation, where you segregate devices in a way that disallows a threat actor to get into other areas of your network.”

Botnets – Torpig Mebroot continues to dominate

Botnets shot up over 100% in Q2, and…

Source…

Akamai Reports Massive Spike in Malicious Domain Activity

/in


Akamai reported today it identified nearly 79 million malicious domains in the first half of 2022, which collectively represent a little more than 20% of all the newly observed domains (NODs) accessed via its content delivery network (CDN) and other services the company provides.

That roughly equates to 13 million malicious domains per month, the report noted. Akamai researchers also noted that two weeks before Russia’s invasion of Ukraine, a spike in activity led to the identification of nearly 40,000 malicious NODs per day before reaching a peak of more than 250,000 unique malicious .ru domain names per day created in the second half of March.

Gregorio Ferreira, a data scientist for Akamai, said it’s difficult to assess just how many malicious domains there are in the world but it’s apparent the web is increasingly being overwhelmed. On a typical day, Akamai researchers observed approximately 12 million new NODs, of which slightly more than two million successfully resolved a DNS query.

Instances of Akamai CacheServe currently process more than 80 million DNS queries per second, or approximately seven trillion requests per day, from all over the world. Malicious actors often register thousands of domain names in bulk because if one or more of their domains are flagged and blocked, they can simply switch to one of the other domains they own. Most of those domain names are created programmatically using a domain generation algorithm (DGA). Many names in the NOD dataset look like names you’d never type into a browser window. Digits, for example, are often inserted into domain names to reduce the odds an automatically-generated domain has already been registered.

It’s not clear how all these malicious NODs will be operationalized, but it’s apparent that the level of scale at which malicious domains are created is part of a larger, unprecedented cyberwarfare strategy. While the number of malicious NODs being created is going to be a major concern for governments around the world, it’s usually businesses that wind up suffering the most collateral damage. The days when organizations could rely solely on a firewall and endpoint protection software to protect themselves from…

Source…

New Ransomware Group BianLian Activity Exploding

/in


A new ransomware group operating under the name BianLian emerged in late 2021 and has become increasingly active since.

The threat actor already has twenty alleged victims across several industries (insurance, medicine, law and engineering), according to a research paper from US cybersecurity firm Redacted, published on September 1, 2022.

The majority of the victim organizations have been based in Australia, North America and the UK.

The research team has given no attribution yet but believes the threat actor “represents a group of individuals who are very skilled in network penetration but are relatively new to the extortion/ransomware business.”

BianLian uses a custom toolkit, including homemade encryptors and encryption backdoors. Both, as well as the command-and-control (C&C) software the hackers use, are written in Go, an increasingly popular programming language among ransomware threat actors.

Troublingly, the Redacted team of researchers has found evidence that BianLian is likely now trying to up their game.

“Starting in August, we observed what appeared to be a somewhat troubling explosion in the rate by which BianLian was bringing new [C&C] servers online. […] While we lack the insight to know the exact cause for this sudden explosion in growth, this may signal that they are ready to increase their operational tempo, though whatever the reason, there is little good that comes from a ransomware operator having more resources available to them,” warns the advisory.

To gain initial access into victim networks, BianLian typically targets the ProxyShell vulnerability chain (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207), SonicWall VPN devices, or servers that provide remote network access via solutions such as Remote Desktop,

“After exploitation, they deployed either a webshell or a lightweight remote access solution such as ngrok as the follow-on payload,” the research paper reads.

Once in the network,…

Source…

Microsoft and Google Leading Cybersecurity M&A Activity |

/in


LONDON, July 20, 2022 (GLOBE NEWSWIRE) — The Cybersecurity – Thematic Research report offered by GlobalData Plc provides an overview of the cybersecurity theme and identifies the key trends impacting the growth of the theme over the next 12 to 24 months. The report also includes a comprehensive industry analysis, including market size forecasts for cybersecurity and analysis of patents, company filings, hiring, and social media trends. Moreover, it contains details of M&A deals driven by the cybersecurity theme and a timeline highlighting milestones in the development of cybersecurity.

According to the thematic intelligence report published by GlobalData, the global cybersecurity market size was valued at $125.5 billion in 2020 and is expected to grow at a CAGR of more than 9% by 2025. Factors such as the need for securing hybrid working, coping with ransomware, continuing supply chain threats, and moving to a zero-trust security model as a long-term solution to data breaches will drive strong cybersecurity market growth over the next three years. Most cybersecurity M&A deals in 2021 were related to managed security services, network security, endpoint security, identity management, and cloud security. Microsoft, which bought cloud infrastructure company CloudKnox, threat intelligence and attack service management firm RiskIQ, and Internet of Things (IoT) security company ReFirm Labs, was one of the leading acquirers in 2021.

For more insights on the global cybersecurity market forecast, download a sample report

Cybersecurity Mergers and Acquisitions

Since the start of the COVID pandemic in early 2020, the cybersecurity market has seen many mergers and acquisitions (M&A) spurred by the widespread move to remote work. Towards the end of 2021, the number of M&A deals involving cybersecurity companies reached 40 a month. Data security, IoT, cloud security, and AI are some of the strongest drivers of cybersecurity deals. With increasing numbers of ransomware and supply chain attacks, there is a high likelihood that the number of cybersecurity M&A deals will continue to rise. Companies such as Google and Microsoft have increased their influence in cybersecurity and have…

Source…