research

The 2024 Annual Guarding Report: Navigating the Changing Weather

Posted on by Admin
The 2024 Annual Guarding Report: Navigating the Changing Weather

Workplace violence, civil and political unrest, property crimes, and weather-related challenges are all on the plate of guarding companies and their clients, who must respond with the right training, equipment and technology, and hiring and retention initiatives to ensure they keep people and assets safe and secure. The Archers-Daniels-Midland Company (ADM), which mostly uses GardaWorld Security in North America but a variety of other companies around the world, has experienced an increased need for guards…

Read More

Number of Active Ransomware Groups Highest on Record

Posted on by Admin
Number of Active Ransomware Groups Highest on Record

This year has seen the highest number of active ransomware groups on record, with 58 attacking global businesses in the second quarter. Threat intelligence platform provider Cyberint has reported only a slight dip in the third quarter, with 57 active groups. Furthermore, in Q3, the top 10 ransomware groups were responsible for only 58.3% of all detected attacks. This reflects both the increase in the number of active groups in general and a decline in…

Read More

Podcast bait, malware switch.

Posted on by Admin
Podcast bait, malware switch.

Joshua Miller from Proofpoint is discussing their work on “Best Laid Plans: TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset.” Proofpoint identified Iranian threat actor TA453 targeting a prominent Jewish figure with a fake podcast interview invitation, using a benign email to build trust before sending a malicious link. The attack attempted to deliver new malware called BlackSmith, containing a PowerShell trojan dubbed AnvilEcho, designed for intelligence gathering and exfiltration….

Read More

RansomHub threat actors observed using EDR-killing tool

Posted on by Admin
RansomHub threat actors observed using EDR-killing tool

Threat research from Sophos details a recent encounter with the ransomware group known as RansomHub. The research reports that the attack was unsuccessful; however, researchers were able to analyze the attack and discovered the use of an EDR-killing tool. The research has labelled this utility the EDRKillShifter.  John Bambenek, President at Bambenek Consulting, comments, “At present, only RansomHub is using the tool. However, as it was sold on the dark web, it is more than likely that…

Read More

Olympic scammers go for gold.

Posted on by Admin
Olympic scammers go for gold.

This week, we are joined by Selena Larson, Staff Threat Researcher, Lead Intelligence Analysis and Strategy at Proofpoint, as well as host of the “Only Malware in the Building” podcast, as she is discussing their research on “Scammers Create Fraudulent Olympics Ticketing Websites.” Proofpoint recently identified a fraudulent website selling fake tickets to the Paris 2024 Summer Olympics and quickly suspended the domain. This site was among many identified by the French Gendarmerie Nationale and…

Read More

AI arms race: Cybersecurity defenders in the age of evolving threats

Posted on by Admin
AI arms race: Cybersecurity defenders in the age of evolving threats

As web application cyberattacks surge, defenders are on the frontline of an ever-evolving battlefield. With adversaries leveraging artificial intelligence (AI) to sharpen their assaults, defenders face unprecedented challenges. However, AI isn’t just empowering attackers — it’s also emerging as a crucial ally for defenders. Organizations can use AI’s capabilities and implement strong security training to identify and neutralize threats.  Rest assured, the rise in web application attacks signifies a persistent shift rather than a passing…

Read More

Email obfuscation tactics elude security protections

Posted on by Admin
Email obfuscation tactics elude security protections

Cyber attackers have used email obfuscation techniques for decades to conceal malicious code or data within a file, script or network traffic. There are many email obfuscation methods, such as putting addresses into images, captchas or texts that bots cannot read. Such traditional email obfuscation tactics are well known, and security controls have historically been good at patching and stopping them. But recently our threat researchers have uncovered some newly evolving techniques that are designed…

Read More

Women face nearly twice as much exclusion in cybersecurity than men

Posted on by Admin
Women face nearly twice as much exclusion in cybersecurity than men

A report by Women in CyberSecurity (WiCyS) reveals key findings on the current state of inclusion in cybersecurity. By conducting a survey of 1,000 employees (65% women and 35% men) the report found notable gender disparities in the cybersecurity industry.  In the report, surveyed women noted the top four categories in which they experience exclusion: respect, career and growth, access and participation and recognition. When compared to their male counterparts, women reported 350% more exclusion…

Read More

The art of information gathering.

Posted on by Admin
The art of information gathering.

Greg Lesnewich, senior threat researcher at Proofpoint, sits down to discuss “From Social Engineering to DMARC Abuse: TA427’s Art of Information Gathering.” Since 2023, TA427 has directly solicited foreign policy experts for their opinions on nuclear disarmament, US-ROK policies, and sanction topics via benign conversation starting emails.  The research states “While our researchers have consistently observed TA427 rely on social engineering tactics and regularly rotating its email infrastructure, in December 2023 the threat actor began to abuse…

Read More

The return of a malware menace.

Posted on by Admin
The return of a malware menace.

This week we are joined by, Selena Larson from Proofpoint, who is discussing their research, “Bumblebee Buzzes Back in Black.” Bumblebee is a sophisticated downloader used by multiple cybercriminal threat actors and was a favored payload from its first appearance in March 2022 through October 2023 before disappearing. After a four month hiatus, Proofpoint researchers found that the downloader returned. Its return aligns with a surge of cybercriminal threat activity after a notable absence of…

Read More
1 2 3 18