RST Cloud

📸 Exciting moments from Black Hat USA 2024! RST Cloud Founder Yury Sergeev is connecting with industry leaders Samuel Hassine and Mark Thomasson. Looking forward to the great conversations and insights ahead! 🌟 #BlackHatUSA #CyberSecurity #Networking #ThreatIntelligence #BHUSA #BHUSA2024 #CTI

Phishing (T1566) remains the leading method for initial access, appearing in 37% of true-positive incidents. This highlights its simplicity and effectiveness in exploiting human error. Internal Spearphishing (T1534), occurring in 7.5% of incidents, shows how attackers leverage gained access to compromise other users. Malicious files, often disguised as PDFs, are commonly deployed post-initial access, resulting in potential data breaches and operational disruptions. Top Malware Threats 🚨: - **SocGholish** (Fake Updates) was observed in 74% of malware-related incidents. It poses a high risk, especially in sectors like government, healthcare, and financial services. Recommendations for defence include restricting JavaScript execution and controlling application usage. Dark Web Insights 🕵️♂️: - Cybercriminal forums showed ongoing discussions on exposed credentials and methods to steal data. Dark web trends suggest that businesses need to implement robust credential management practices, as older, leaked credentials continue to pose threats. Malicious Files and IOCs 🗂️: - Malicious files were frequently disguised and employed to bypass conventional security measures. Monitoring for unusual user behaviour is critical to countering these threats. - Threat actors primarily used new infrastructure and compromised domains to facilitate attacks, necessitating behaviour-based detection methods. Ransomware Trends 🔒: - Ransomware remains a significant threat, with the US being the most targeted region. Manufacturing and professional services are particularly vulnerable due to outdated operational technology. - Recommended mitigation strategies include routine patching, hardening remote connections, and applying multilevel security controls. Summary (auto generated) from the Top Cyber Attacker Techniques, May–July 2024 by ReliaQuest Source: https://lnkd.in/gnde_nvq #securitytrends #infosec #cybersecurity #threatintel #threatintelligence #ciso

🛡️As 2024 progresses, the threat landscape remains dynamic, with evolving security risks impacting various sectors. A specific actor, hinting at "Bolt Teaspoon," is particularly concerning in 2024. The infostealer market has matured, complicating defensive measures for organisations. Key Threat Research Highlights of 2024 📊: 1. **Drivers Exploits** (Jan): Focused on the use of malicious Windows drivers, making detection challenging for defenders. 2. **Zardoor Backdoor** (Feb): Significant cyber espionage targeting Islamic organisations with a new malware variant. 3. **TinyTurla Next Generation** (Feb): APT group implicated in espionage against Polish NGOs using similar techniques to prior operations. 4. **Google Cloud Run Abuse** (Feb): Increased malicious emails using this service for banking trojan infections in LATAM. 5. **TimbreStealer Campaign** (Feb): Phishing operations in Mexico using a new information-stealing malware. 6. **GhostSec Ransomware Surge** (Mar): Observations of enhanced malicious activity and new ransomware variants. 7. **Human Rights Attack** (Apr): New malware targeting human rights defenders in North Africa. 8. **VPN Brute-Force Attacks** (Apr): Noted rise in brute-force attempts across various platforms. 9. **ArcaneDoor Espionage Campaign** (Apr): State-sponsored actors targeted perimeter network devices for intrusions. 10. **Brand Impersonation** (May): Introduction of features to detect impersonation attempts in emails. 11. **CarnavalHeist Trojan** (May): A new banking trojan actively targeting Brazilian users. 12. **Advanced Persistent Threats (APT)** (Aug): APT41's activity related to Taiwanese government-affiliated entities. 13. **BlackByte Ransomware Group** (Aug): Observations of evolving attack techniques linked to previously established methods. Notable Emerging Threats 🔥: - **Cryptocurrency Drainer Phishing**: Increasing attacks targeting crypto users, exploiting sophisticated schemes. - **Vulnerability Backlog**: Ongoing challenges in vulnerability management, particularly noted in the National Vulnerability Database (NVD). Summary (auto generated) from the The 2024 Threat Landscape State of Play by Cisco Talos Source: https://lnkd.in/gdBGTWtu #securitytrends #infosec #cybersecurity #threatintel #threatintelligence #ciso

Sandbox evasion techniques are evolving as security measures become more sophisticated. Attackers increasingly utilise methods to bypass automated analysis in sandbox environments, making detection difficult. 💻 Current Techniques: - **Sensing Environment**: Many malware strains now check for signs of a sandbox. This includes looking for specific process names or unusual system activities that are typical in a sandbox. - **Time Delays**: Some malware incorporate time delays to avoid execution during sandbox analysis. By delaying execution, they can evade detection until after the analysis period ends. 🌐 Technology-Driven Evasion: - Malicious actors are employing machine learning algorithms to adapt and continuously improve evasion techniques. - There’s a growing trend towards dual-use technologies that can serve both legitimate purposes and malicious intents. 🔒 Security Implications: - Evasion strategies could lead to an increase in successful cyberattacks, as organisations may struggle to detect and respond effectively. - It is crucial for organisations to stay updated with current evasion techniques and adjust their defence strategies accordingly. 🛡️ Defensive Measures: - Security professionals are encouraged to implement multi-layered security approaches that combine traditional and modern detection techniques. - Continuous monitoring and threat intelligence sharing are important for identifying new evasion tactics promptly. 📈 Looking Ahead: - As sandbox evasion techniques become more sophisticated, ongoing research and adaptation of security measures will be essential. - Staying proactive in the detection and response strategies will be vital to combat rising threats effectively. Summary (auto generated) from the The state of sandbox evasion techniques in 2024 by Reddit, Inc. Source: https://lnkd.in/gDVQieTT #securitytrends #infosec #cybersecurity #threatintel #threatintelligence #ciso

Don't forget to check out the latest cyber threat intelligence updates in our digest! 🛡️🔍 Read it here: https://lnkd.in/d5zV2z48 #CyberSecurity #ThreatIntelligence #RSTCloud #cybernews. #informationsecurity #cybersecuritynews

🌍 The manufacturing industry is under constant threat from financially motivated attackers, often seen as soft targets. Slow incident response, partly due to limited automated response systems, can worsen the impact of cyberattacks. Cyber threats faced by the #manufacturing industry (this sector is particularly vulnerable due to the reliance on legacy systems, operational technologies (#OT), and the substantial costs associated with operational downtime): 💡 Initial Access Techniques: Cybercriminals predominantly employ simple #phishing methods, such as "Spearphishing Link" and "Spearphishing Attachment". This indicates a broad and indiscriminate targeting strategy. 💡 Post-Access Techniques: A significant threat involves users executing malicious files, with such incidents occurring over three times more often in manufacturing than in other sectors. 💡 Operational Challenges: The unique blend of legacy OT systems and modern IT makes incident response particularly complex, highlighting the importance of reducing the mean time to contain (MTTC) incidents to ensure business continuity. Dark Web Insights 🌑: - Cybercriminals are actively discussing vulnerabilities in industrial control systems and IIoT devices on dark web forums. Although the scale of potential attacks may be limited, the ease of exploiting these vulnerabilities is concerning. Emerging Cyber Threats 📈 1. Industrial Internet of Things (IIoT): - There has been a 400% rise in IoT malware in 2023 compared to the previous year. Ensuring visibility and encryption across IIoT communications is crucial. 2. Supply-Chain Attacks: - As industrial manufacturers adopt more cloud services and third-party solutions, they become more susceptible to third-party breaches. 3. Ransomware Threats: - The manufacturing sector may face increasing ransomware threats, particularly from emerging ransomware-as-a-service (RaaS) groups that perceive manufacturing as easy targets. Summary (auto generated) from the Introducing: Manufacturing Sector Threat Landscape by ReliaQuest. Source: https://lnkd.in/gGqQJ8Mm #securitytrends #infosec #cybersecurity #threatintel #threatintelligence #ciso

Hacktivist groups have evolved significantly since early 2022, moving beyond minor acts like website defacement to more aggressive actions linked to state agendas: - New "hacktivist-like" groups, notably pro-Russian ones, demonstrate high coordination and resource backing, raising concerns about their potential threat levels. - KillNet, a notable group emerging in late 2021, initially focused on DDoS attacks and propaganda for Russia but now operates more as a local forum promoting illicit activities. - Their engagement with the Darknet reflects a complex network involving ransomware. - Russian cybercrime features interconnectedness among hacktivist-like groups, Darknet marketplaces, and ransomware actors. - A cultural collectivist mindset bolstered by political pressures fosters this collaboration. Increasing Offensive Operations: - Modern hacktivist-like groups are progressing to sophisticated attacks, including data breaches and ransomware. - Recent actions by the Cyber Army of Russia include physical damage to infrastructure, reinforcing their operational capabilities. Suspected Ransomware Involvement: - There are claims of ransomware activity related to hacktivist-like groups, notably during attacks against targets like Israeli entities. - Some ransomware groups are adopting hacktivist traits, evidenced in observed collaborations that blend ransomware with political influence activities. Geopolitical Context and Strategy: - The overlap between ransomware and hacktivism signifies an integrated cyber strategy shaped by Russia’s geopolitical goals. - Russian propaganda promotes participation in cyber warfare as a patriotic duty, with state rewards offered to supportive cybercriminals. Summary (auto generated) from the Double Trouble: Ransomware & Hacktivism Collaboration, Fact or Fiction? by Analyst1. Source: https://lnkd.in/ddvTkA7j #securitytrends #infosec #cybersecurity #threatintel #threatintelligence #ciso

Seasons are changing, but our weekly TI digest is always on point. 🌟 This week’s spotlight: #Blacksuit (Royal) #Ransomware, #PEAKLIGHT, #PhantomCore group, and more. Stay ahead with us! Read more here: https://lnkd.in/dDBhepA2 #CyberSecurity #ThreatIntel

#Cyber #threats are becoming increasingly sophisticated, often using advanced techniques to evade detection. These tactics include interacting with well-known resources, leveraging public clouds, or deploying on-premises software. Consequently, this results in a higher number of false positives in alerts related to indicators of compromise (#IoCs), leading to unnecessary workload and additional security events that require #SOC analyst attention. To effectively reduce false positives, consider the following strategies: 🔍  Enhance IoC Enrichment: Provide comprehensive context for each IoC, incl. WHOIS/ASN data for domains and IPs, URL response states, historical data, and threat actor attribution, etc. This additional information helps in identifying genuine threats using enrichment services such VirusTotal or RST Cloud IoC Lookup. 🛠️ Implement Advanced Filtering: Utilise advanced filtering techniques to refine IoCs based on criteria specific to your organisation’s threat profile. This could involve filtering by risk level, threat type (like for e.g., malware), or indicators relevant to your environment (for your software, geographic location, or industry, etc). 🔄  Regularly Update and Tune Exceptions: Continuously update your exception lists and fine-tune detection parameters based on the latest threat intelligence and feedback. 🔍 Conduct Regular Reviews and Validation: Periodically assess and validate your IoC sources to ensure their accuracy and reliability. Reevaluate the relevance and trustworthiness of indicators based on current threat assessments. ⚙️ Leverage Automation and External Services: Utilise tools like RST Noise Control, which help reduce false positives by filtering out known-good IoCs using extensive, constantly updated datasets of exceptions and heuristics. For guidance on filtering IoCs with RST Cloud Noise Control within the OpenCTI platform, check out our blog:  https://lnkd.in/diNSdxbZ Collaboration and information sharing remain crucial. By working together, we can enhance the accuracy and effectiveness of threat intelligence. #threatintelligence #CTI #CISO #threatintel #SOC #SIEM #MSS #SOAR #MSSP #cybersecurity #ManagedSecurity #ThreatDetection #TechTrends

In July 2024, Bitdefender identified **229 claimed victims** from #ransomware group websites. This analysis reflects the **ransomware-as-a-service (RaaS)** market, although information is derived directly from criminals and may not fully represent financial impacts. Ransomware Families & Geographic Impact 🌎: Ransomware gangs increasingly target **developed countries**, aiming to extract maximum financial gain. The report outlines the **top 10 countries** that experienced significant ransomware attacks. Summary (auto generated) from the Bitdefender Threat Debrief | August 2024 by Bitdefender Source: https://lnkd.in/dxuqiaza #securitytrends #infosec #cybersecurity #threatintel #threatintelligence #ciso