Threat Research

Featured Article

Recruiter phishing leads to more_eggs infection

August 15, 2024
With additional investigative and analytical contributions by Kevin Olson, Principal Security Analyst. Introduction We recently encountered a scenario where Critical Start MDR observed a large amount of discovery and credential access behavior for one of our customers. This included tool usage to gather information about the host, the domain it was joined to, performance and […]

Latest Threat Research

Recruiter phishing leads to more_eggs infection

August 15, 2024

The Rise of the Cybercriminal

December 19, 2023

The Ongoing Impact of Malware-as-a-Service

December 19, 2023

AI Evolution in Cybercrime: Threats and Deceptive Tactics

December 18, 2023

Geopolitical Factors Shaping the Future of the Cyber Domain

December 18, 2023

Cloud – Evolution of Malicious Traffic Concealment

December 18, 2023

The State of Cybersecurity: 2023 Trends and 2024 Predictions

December 12, 2023

Navigating Cybersecurity Challenges Amidst Black Friday and Cyber Monday Frenzy

November 22, 2023

Navigating the Digital Highway: Cyber Risks in Holiday Travel Transportation

November 22, 2023

Defending Your Online Presence: Holiday Brand Impersonation and Web Skimming

November 22, 2023
    Threat Research

    Threat Landscape Overview

    The cyber threat landscape is constantly evolving, with new threats and attack vectors emerging all the time. To stay ahead of these threats, organizations need to adopt a proactive approach to cybersecurity. This includes leveraging a variety of threat intelligence sources, including open-source intelligence, social media monitoring, and dark web monitoring. By consolidating this information into a single platform, organizations can gain a more comprehensive view of the threat landscape and develop effective strategies to protect their assets. Threat intelligence is essential for identifying and responding to cyber threats in real-time. By leveraging a combination of internal and external threat intelligence sources, organizations can gain a better understanding of the threat landscape and develop effective incident response plans. This can help organizations minimize the impact of cyberattacks and maintain business continuity in the face of evolving threats. To further enhance their cybersecurity posture, organizations should also invest in employee training and awareness programs, regularly update their security protocols, and work with trusted partners to identify and address potential vulnerabilities. 

    Vulnerability Exploitation

    Vulnerabilities are flaws or weaknesses in software, hardware, or network systems that can be exploited by cybercriminals to gain unauthorized access, steal data, or cause damage. A vulnerability can manifest in a variety of ways, including missing security patches, configuration errors, and software bugs. By identifying and addressing vulnerabilities in a timely manner, organizations can reduce their risk of cyberattacks and mitigate potential damage. 

    Vulnerability Severity

    Vulnerability severity refers to the level of risk posed by a vulnerability. Severity is often categorized based on a numerical or color-coded scale, with higher numbers or colors indicating a more severe vulnerability. Severity is determined based on factors such as the potential impact of a successful exploit, the ease with which the vulnerability can be exploited, and the likelihood of an attacker attempting to exploit the vulnerability. 

    Vulnerability Risk

    Vulnerability risk refers to the likelihood that a vulnerability will be exploited by cybercriminals and the potential impact of a successful exploit. Risk is often determined by assessing the severity of the vulnerability, the potential impact of a successful exploit, and the likelihood of an attacker attempting to exploit the vulnerability. By analyzing vulnerability risk, organizations can prioritize their remediation efforts and focus on addressing the most critical vulnerabilities first. 

    Malware

    Emotet

    Emotet is a modular banking Trojan that first emerged in 2014. It is known for its worm-like propagation capabilities and ability to download additional malware payloads. Emotet has been used to deliver various types of malware, including ransomware and credential stealers.

    TrickBot

    TrickBot is a banking Trojan that is often distributed via spam emails and malicious attachments. It is known for its modular design, which allows threat actors to customize the malware’s capabilities based on their objectives. TrickBot has been used to deliver other malware families, such as Ryuk ransomware.

    Ryuk

    Ryuk is a ransomware family that has been active since 2018. It is often distributed via TrickBot and other malware families and is known for its highly targeted attacks on organizations, often demanding high ransom amounts. Ryuk has been linked to various threat actors, including the Lazarus group.

    Dridex

    Dridex is a banking Trojan that is often distributed via spam emails and malicious attachments. It is known for its modular design and ability to steal sensitive data, including banking credentials and personal information. Dridex has been linked to various cybercrime groups, including Evil Corp.

    2022 Themes

    Ransomware

    Ransomware attacks have become more sophisticated and frequent in recent years, posing a significant threat to organizations. CTI experts have emphasized the need for effective incident response plans, data backups, and user awareness training to mitigate the impact of ransomware attacks.

    Geography

    Geopolitical factors can play a significant role in the threat landscape and affect the emergence of cyber threats and attack campaigns. Some regions or countries may be more prone to certain types of threats or attack methods, depending on factors such as political tensions, economic interests, or technology adoption rates. CTI analysts often monitor geopolitical events and regional threat actors to identify potential threats and vulnerabilities.

    Threat Intelligence Automation

    With the increasing volume and complexity of threat intelligence data, automation has become an essential component of CTI. CTI experts are emphasizing the need for automated threat intelligence collection, analysis, and dissemination to enhance the speed and accuracy of threat detection and response.

    Targeted Industries

    Financial Services

     The financial services industry is a prime target for cybercriminals due to the high value of financial data and the sensitive nature of customer information. Cyber threat intelligence (CTI) can help financial institutions stay ahead of evolving threats and ensure compliance with regulatory requirements. By leveraging CTI, financial organizations can proactively identify and address potential cyber risks, protecting both their own assets and those of their clients. 

    Manufacturing

    The manufacturing industry is a top target for cyber espionage and intellectual property theft. As Industry 4.0 technologies such as the Internet of Things (IoT) and machine learning become more prevalent, the attack surface for manufacturing organizations continues to expand. To stay ahead of emerging threats, manufacturers need to prioritize cyber threat intelligence to identify and mitigate potential cyber risks. 

    Retail

    The retail industry faces numerous cyber threats, including data breaches, point-of-sale attacks, and supply chain compromises. Cyber threat intelligence (CTI) can help retail organizations better understand emerging threats, improve their security posture, and stay compliant with industry regulations. By leveraging CTI, retailers can protect their customers’ personal information, mitigate financial risk, and preserve their reputation. 

    Government

    Government agencies face a wide range of cyber threats, from espionage and cyberattacks by nation-states, to insider threats and supply chain attacks. To effectively defend against these threats, government organizations need to be proactive in their approach to cybersecurity. Cyber threat intelligence (CTI) can help government agencies stay ahead of emerging threats and develop effective incident response plans. 

    Healthcare

    The healthcare industry is increasingly reliant on digital technologies to store, process, and transmit patient information. As a result, healthcare organizations face a growing number of cyber threats, including ransomware attacks, data breaches, and phishing scams. Cyber threat intelligence can help healthcare organizations better understand the threats they face and develop effective cybersecurity strategies to protect sensitive patient data. 

    Energy Sector

    The energy sector faces a wide range of cyber threats, including attacks on critical infrastructure, data breaches, and industrial espionage. As energy organizations become more reliant on connected devices and digital technologies, the attack surface for cyber threats continues to expand. Cyber threat intelligence can help energy organizations better understand emerging threats and develop effective strategies to protect critical assets and infrastructure. 

    Educational Institutions

    Educational institutions face a range of cyber threats, from phishing scams and ransomware attacks to intellectual property theft and data breaches. As schools and universities increasingly rely on digital technologies to store and process sensitive student data, the risk of cyberattacks continues to grow. Cyber threat intelligence can help educational institutions better understand emerging threats and develop effective cybersecurity strategies to protect student and faculty data.