Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

So, here’s the deal with AntiVirus software these days: It’s mostly playing catch-up with super-fast athletes — the malware guys. Traditional AV software is like old-school detectives who need a picture (or, in this case, a ‘signature’) of the bad guys to know who they’re chasing. The trouble is, these malware creators are quite sneaky — constantly changing their look and creating new disguises faster than AntiVirus can keep up with their photos.

TA4557 targets recruiters via email, threat actors use OAuth apps to automate BEC and cryptomining attacks, and researchers discover Sandman APT’s connection to the China-based KEYPLUG backdoor.

Threat actors often employ stealthy attack techniques to elude detection and stay under the defender’s radar. One way they do so is by using uncommon programming languages to develop malware. Using an uncommon programming language to develop malware provides several benefits, including: Netskope recently analyzed a malicious backdoor written in Nim, which is a relatively new programming language.

This new attack is pretty simple to spot on the front, but should it be successful in launching its’ malicious code, it’s going to take its’ victims for everything of value they have on their computer. The new Mr. Anon infostealer captures much more than just browser caches and passwords. It also uses basic social engineering tactics that prove to be effective enough to make attacks successful.

SecurityScorecard is analyzing a phishing campaign that deployed the Menorah malware, which is taking aim at users in the Middle East. This sophisticated campaign is being mounted by the threat actor group tracked as APT34, which is linked to Iran. This group is known for its focus on collecting sensitive intelligence and taking on high-profile targets across the Middle East including critical infrastructure and telecommunications entities.

The TargetCompany ransomware group, first identified in June 2021, garnered its name due to its distinctive practice of appending the names of the targeted organizations to encrypted files. Over time, the group has exhibited a dynamic evolution, frequently changing encryption algorithms, decryptor characteristics, and file name extensions.

On December 18th, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) issued an urgent advisory to highlight the ongoing malicious activities being conducted by the Play ransomware group.

Netskope Threat Labs publishes a monthly summary blog post of the top threats we are tracking on the Netskope platform. The purpose of this post is to provide strategic, actionable intelligence on active threats against enterprise users worldwide.

On December 19, 2023, the FBI successfully dismantled one of the ALPHV/BlackCat ransomware sites. The customary FBI banner now adorns its main page, while the other sites associated with the cybercrime gang remain operational. This development may be linked to the recent 5-day disruption of the entire gang’s Darknet infrastructure.