Another traitorous sysadmin story, this one busted by system logs that gave his game away…Read More
The all in one place for non-profit security aid.
Another traitorous sysadmin story, this one busted by system logs that gave his game away…Read More
CISO Spotlight, the State of Ransomware, & Intel Briefing
In this episode of the Retail & Hospitality ISAC podcast, host Luke Vander Linden sits down with Marnie Wilking, CISO at Booking.com, to discuss her background in cybersecurity, the global threat landscape, and emerging technology such as AI. Then, Luke is joined by Chip Witt, vice president of product management at SpyCloud, to talk about the state of ransomware and how threat actors are circumventing authentication. Chip also reviews techniques retailers can use to better protect themselves. Finally, Lee Clark, cyber threat intelligence analyst & writer at RH-ISAC, provides the latest intel briefing covering the latest Intelligence Trends Summary Report and cyber incidents stemming from the Israeli–Palestinian conflict. Read More
The CyberWire
Malware Trends 2024: Lessons From 2023 – A Detailed Report
As the new year kicks off, it’s time to take a retrospective look at the past year’s malware landscape. Let’s see what the top malware families, Types, Tactics, Techniques, and Procedures (TTPs) used by attackers in 2023 can tell us about what to expect in 2024.
We utilized data from ANY to gain insights into the cybersecurity threats of 2023. ANY.RUN, a malware analysis sandbox. This service analyzes thousands of files and links users submit worldwide, providing valuable information on emerging and persistent threats.
In Q4 2023 alone, ANY.RUN analyzed over 748,000 files and links, identifying over 210 million indicators of compromise (IOCs).
Document
Analyse Shopisticated Malware with ANY.RUN
Try ANY.RUN Yourself with a 14-day Free Trial
More than 300,000 analysts use ANY.RUN is a malware analysis sandbox worldwide. Join the community to conduct in-depth investigations into the top threats and collect detailed reports on their behavior..
In 2023, ANY.RUN detected most malware as three different types, with loaders leading the way and stealers and RATs following.
Loaders, the gateway for more sophisticated malware, remained a significant threat throughout the year.
Their primary function is to download and install malicious payloads onto infected systems, often opening the door for further attacks. The increasing accessibility of loaders and the decreasing price tag will likely make them a persistent threat in 2024.
In a notable development, stealers, which focus on stealing financial information and personal data, became the second most prevalent malware type in 2023 despite significantly surging in Q4 with 6,662 detections.
They are poised to remain a major concern in 2024, particularly as cybercriminals seek to exploit the growing reliance on online banking and e-commerce.
RATs, which grant attackers remote access to and control of infected devices, remained the most versatile type of malware, capable of various malicious activities, from data theft to espionage.
Despite earning their spot as the most common malware type in Q2, they only became #3 in 2023. RATs are expected to become more prevalent in 2024 as attackers continue to exploit their effectiveness for various malicious purposes.
Four of the top five malware families in 2023 were remote access Trojans (RATs), largely dominating the malware family landscape.
Remcos (1,385 detections in Q1) and AgentTesla (1,769 detections in Q4) were the two most prevalent examples, closely followed by NjRAT and AsyncRAT.
The popularity of the first two can be attributed to several factors, including ongoing developer support, affordable pricing, and a diverse range of malicious capabilities.
Having been in operation for over 8 years, Remcos and AgentTesla are positioned to remain significant threats in 2024.
However, the title of most popular malicious software of the year went to the Redline stealer, with the largest number of instances detected by ANY.RUN in Q2.
Operable on a malware-as-a-service (MaaS) model, Redline’s ease of use and affordable subscription make it a preferred choice for cybercriminals worldwide.
Its extensive arsenal, including data theft, keylogging, file exfiltration, and loader functionalities, ensures its continued prominence in 2024.
In Q4, ANY.RUN discovered the use of T1036.005 in over 98,500 malicious samples.
Attackers frequently mimic legitimate file names to appear trustworthy and avoid detection. Due to its effectiveness and ease of use, it will likely remain prevalent in 2024.
T1218.011 is another popular TTP that exploits Rundll32, a legitimate Windows DLL, to execute malicious code, allowing attackers to bypass security measures that typically protect against unsigned code execution. Since it remains a reliable method for executing malicious code without triggering security alerts, it will retain popularity in 2024.
Ranking third with 20,097 detections in Q4, T1059.003 is based on the abuse of the Windows Command Shell to execute commands and scripts on compromised systems.
It is often used to install malware, steal data, and escalate privileges. Its versatility will likely help it sustain its position as a top TTP in 2024.
T1036.003 deserves special attention because, despite coming in sixth place overall, it became a crucial TTP that attackers used in Q3 and Q4 of 2023.
This technique allows attackers to bypass security solutions by renaming system utilities. Having gained traction for the past two quarters, T1036.003 stands a good chance of maintaining its popularity in the early stages of 2024.
More than 300,000 analysts use ANY.RUN, a malware analysis sandbox worldwide. Join the community to conduct in-depth investigations into the top threats and collect detailed reports on their behavior.
Try all features of ANY.RUN at zero cost for 14 days with a free trial.
The post Malware Trends 2024: Lessons From 2023 – A Detailed Report appeared first on Cyber Security News.
Cyber Security News
Lessons Learned from the CISA – Ivanti Cyberattack – 2024
[[{“value”:”
In today’s digital era, the frequency and sophistication of cyberattacks are on the rise, posing a serious threat to businesses and organizations worldwide. Among these incidents, the cyberattack on the Cybersecurity and Infrastructure Security Agency (CISA) this year due to Ivanti software vulnerabilities is a stark reminder of the vulnerabilities within even the most secure systems.
The CISA-Ivanti cyberattack not only highlighted the vulnerabilities in cybersecurity practices but also provided valuable insights into how organizations can better protect themselves against future threats. This blog post aims to shed light on the lessons learned from this cyberattack, emphasizing the importance of proactive measures in safeguarding digital assets.
First and foremost, the incident underscores the critical need for comprehensive vulnerability assessments. Such assessments are vital in identifying potential security gaps that cybercriminals could exploit.
However, effectively conducting these assessments requires specialized knowledge and tools that many organizations may not possess internally. This is where a cyber security company’s role becomes invaluable. Partnering with them enables organizations to gain access to expert knowledge and advanced technologies designed for in-depth vulnerability analysis.
Moreover, these companies offer continuous monitoring and periodic assessments, ensuring that emerging threats are identified and addressed promptly, thereby significantly reducing the risk of a successful cyberattack.
Patch management is a critical cybersecurity practice that involves regularly updating software and systems with patches released by vendors to fix vulnerabilities. Neglecting this practice opens the door for cybercriminals to exploit known vulnerabilities, potentially leading to data breaches, system disruptions, and significant financial and reputational damage.
Effective patch management not only includes the timely application of these updates but also requires a systematic approach to ensure that all systems are consistently monitored and updated. This prevents the creation of security gaps that could be exploited in a coordinated attack.
The challenge of patch management lies in its complexity, especially for organizations with diverse and sprawling IT environments. It’s not uncommon for systems to be missed during the update process or for patches to be incompatible with certain applications, leading to further issues. Here, the expertise of a cyber security company can be invaluable.
These companies can automate the patch management process, ensuring comprehensive coverage of all systems, and perform thorough testing to verify that patches don’t introduce new issues. Prioritizing and streamlining this process will enable organizations to reduce their attack surface and enhance their overall security significantly.
Human error remains one of the most significant vulnerabilities in any security system. Phishing attacks, password mishandling, and inadvertent data leaks are common issues that can lead to major security breaches. Hence, regular, engaging training sessions on cybersecurity, recognizing potential threats, and learning best practices for maintaining security are still essential components of a robust cybersecurity strategy.
Beyond basic training, organizations should strive to create an environment where cybersecurity awareness is part of the daily routine. This involves regular updates on new threats, sharing incidents of attempted breaches (without assigning blame), and encouraging open communication about security concerns.
A cyber security company can provide valuable support in this area, offering up-to-date training modules, simulated phishing exercises, and awareness campaigns tailored to the organization’s specific needs and threats.
Multi-factor authentication (MFA) is increasingly recognized as a critical defence mechanism against unauthorized access to systems and data. Implementing multiple verification factors, such as a password, security token, or biometric information, is essential to enhance security and ensure safe access to sensitive information. This multifaceted approach significantly complicates attackers’ efforts, as the compromise of one factor alone is insufficient to breach the system.
Implementing MFA can present challenges, particularly in terms of user convenience and integration with existing systems. However, the security benefits far outweigh these challenges.
A cyber security company can assist in the seamless integration of MFA, ensuring that it complements the existing infrastructure without diminishing user experience. They can also guide the most effective authentication methods for different levels of access, ensuring that security measures are proportionate to the sensitivity of the information being protected.
A robust incident response plan is essential for minimizing the impact of a cyberattack. In the event of an incident, it’s crucial to have a plan in place that outlines procedures for a swift and coordinated response to contain and mitigate damage.
Key components include establishing an incident response team, clear communication channels, and predefined roles and responsibilities. Preparation, through regular drills and simulations, ensures that the team can act decisively under pressure, reducing downtime and financial loss.
Furthermore, post-incident analysis conducted by external experts can reveal valuable lessons, guiding improvements to the incident response plan and the broader security strategy. This continuous preparation, response, and improvement cycle is important in building resilience against future cyber threats.
The CISA-Ivanti cyberattack brought light to several critical lessons in cybersecurity practices. Given the complexity and sophistication of such cyber threats, it becomes evident that navigating these challenges requires the expertise and resources of professional cybersecurity companies.
The post Lessons Learned from the CISA – Ivanti Cyberattack – 2024 appeared first on Cyber Security News.
“}]] Read More
Cyber Security News