Threats & Defenses

Cyber Security Reviews on threats and defenses on the web can give readers valuable daily updates on the trends and how to prevent it.

0 Comments
Summary In response to the SolarWinds supply chain compromise, the U.S. National Security Agency (NSA) published an advisory describing advanced techniques that threat actors can use to maintain persistent access to compromised cloud tenants and exfiltrate sensitive data. Most of the public commentary about this advisory has focused on the theft of Active Directory Federation
0 Comments
Practically every organization has internet connectivity and some form of IT infrastructure, which means nearly all organizations are at risk of a cyber attack. To understand how great this risk is and to be able to manage it, organizations need to complete a cybersecurity risk assessment, a process that identifies which assets are most vulnerable to the risks the organization faces.
0 Comments
Citrix has issued an emergency advisory warning its customers of a security issue affecting its NetScaler application delivery controller (ADC) devices that attackers are abusing to launch amplified distributed denial-of-service (DDoS) attacks against several targets. “An attacker or bots can overwhelm the Citrix ADC [Datagram Transport Layer Security] network throughput, potentially leading to outbound bandwidth
0 Comments
An authentication bypass vulnerability in the SolarWinds Orion software may have been leveraged by adversaries as zero-day to deploy the SUPERNOVA malware in target environments. According to an advisory published yesterday by the CERT Coordination Center, the SolarWinds Orion API that’s used to interface with all other Orion system monitoring and management products suffers from
0 Comments
IBM Security X-Force’s COVID-19 threat intelligence task force discovered a massive phishing campaign earlier this month aimed at organizations within the vaccine distribution cold chain. Caleb Barlow, president and CEO of healthcare cybersecurity firm CynergisTek, said that part of the supply chain, which ensures vaccines are stored at the proper temperature, is especially vital for
0 Comments
As if the exponential rise in phishing scams and malware attacks in the last five years wasn’t enough, the COVID-19 crisis has worsened it further. The current scenario has given a viable opportunity to cybercriminals to find a way to target individuals, small and large enterprises, government corporations. According to Interpol’s COVID-19 Cybercrime Analysis Report,
0 Comments
The most common threat in the cybersecurity world often sounds like a plot from a blockbuster movie. The clock is ticking… You have only a few hours… Can you solve the mystery before you have to pay the ransom? According to Secureworks’ Director of Intelligence, Mike McLellan, year after year, threat actors around the world
0 Comments
Disinformation is a known tool for nation-state threat actors. Learn what it means for threat intelligence practitioners. Tuesday, August 25, 2020 By: Secureworks When the first page of the calendar turned to 2020, none of us knew what would come in a few months’ time. In fact, Secureworks’ Senior Security Researcher Rafe Pilling thought the
0 Comments
Since 2015, Secureworks® Counter Threat Unit™ (CTU) researchers have observed a massive increase in the number and impact of post-intrusion ransomware incidents. In these attacks, a threat actor gains access to a compromised network, moves laterally to other systems and networks, locates the critical business assets, and then chooses a time (which could be days
0 Comments
The following analysis was compiled and published to Threat Intelligence clients in November 2018. The Secureworks® Counter Threat Unit™ (CTU) research team is publicly sharing insights about BRONZE VINEWOOD and its use of the HanaLoader malware and DropboxAES RAT, to increase visibility of the threat group’s activities. In mid-2018, Secureworks® Counter Threat Unit™ (CTU) researchers identified
0 Comments
The following analysis was compiled and published to Threat Intelligence clients in March 2019. The Secureworks® Counter Threat Unit™ (CTU) research team is publicly sharing insights about BRONZE VINEWOOD and its use of the HanaLoader malware and DropboxAES RAT, to increase visibility of the threat group’s activities. Summary DropboxAES is a simple remote access trojan (RAT) used
0 Comments
The following analysis was compiled and published to Threat Intelligence clients in April 2019. The Secureworks® Counter Threat Unit™ (CTU) research team is publicly sharing insights about BRONZE VINEWOOD and its use of the HanaLoader malware and DropboxAES RAT to increase visibility of the threat group’s activities. Summary BRONZE VINEWOOD (also known as APT31 and ZIRCONIUM) is
0 Comments
Today, the Secureworks® Counter Threat Unit™ (CTU) research team began publishing Threat Group profiles  on the Secureworks website. The profiles include a summary of the groups, their objectives, other aliases by which the groups are known, and the malware they use. Both criminal and government-sponsored Threat Groups are included. Why publish these records, given that
0 Comments
A timely snapshot of the global threat landscape for security and business leaders. Friday, April 17, 2020 By: Secureworks Counter Threat Unit As your organization continues to adapt to a new business environment, our Counter Threat Unit™ (CTU) remains vigilant in tracking coronavirus-themed cyber activity and assessing the cybersecurity risk. This concise, weekly snapshot from
0 Comments
The ongoing COVID-19 (also known as coronavirus) pandemic is creating challenges for organizations and individuals around the world. Most organizations have implemented remote working for their employees where possible. This transition changes how employees access data and communicate with colleagues and customers. That change creates an opportunity for threat actors who seek to exploit the
0 Comments
Cyberespionage operations by governments with mature cyber capabilities persist regardless of geopolitical events. Espionage typically focuses on broader long-term strategic goals. Secureworks® Counter Threat Unit™ (CTU) researchers monitor Iranian cyber operations, including the potential for retaliation after a January 2, 2020 U.S. drone strike killed Islamic Revolutionary Guard Corps (IRGC) Quds Force General Qasem Soleimani.
0 Comments
During a 2018 incident response engagement, Secureworks® analysts discovered strong evidence of a Russia-based espionage group using ‘man-on-the-side’ techniques to install malware on targeted networks. The threat actors used the same techniques in other incidents as well. This type of attack can undermine the integrity of the Internet’s fundamental communications infrastructure. What is a man-on-the-side
0 Comments
The LYCEUM threat group targets organizations in sectors of strategic national importance, including oil and gas and possibly telecommunications. The activity observed by Secureworks® Counter Threat Unit™ (CTU) researchers focuses on obtaining and expanding access within a targeted network. CTU™ research indicates that LYCEUM may have been active as early as April 2018. Domain registrations
0 Comments
Secureworks® Counter Threat Unit™ (CTU) researchers continually monitor the TrickBot botnet operated by the GOLD BLACKBURN threat group. A key feature of TrickBot is its ability to manipulate web sessions by intercepting network traffic before it is rendered by a victim’s browser. TrickBot has targeted hundreds of organizations, mostly financial institutions, since it began widespread
0 Comments
Indicator Type Context mlibo.ml Domain name Hosting phishing website used by COBALT DICKENS for August/July 2019 operations blibo.ga Domain name Hosting phishing website used by COBALT DICKENS for August/July 2019 operations azll.cf Domain name Hosting phishing website used by COBALT DICKENS for August/July 2019 operations azlll.cf Domain name Hosting phishing website used by COBALT DICKENS
0 Comments
On May 31, 2019, the developers of the highly profitable GandCrab ‘ransomware-as-a-service’ announced that they were retiring after earning over $2 billion USD since January 2018. The news was met with interest and skepticism within the security community, as multiple affiliate groups regularly conducted extremely successful GandCrab campaigns since its inception. After analyzing the threat
0 Comments
Summary The activities of some non-governmental organizations (NGOs) challenge governments on politically sensitive issues such as social, humanitarian, and environmental policies. As a result, these organizations are often exposed to increased government-directed threats aimed at monitoring their activities, discrediting their work, or stealing their intellectual property. BRONZE PRESIDENT is a likely People’s Republic of China
0 Comments
Summary The REvil (also known as Sodinokibi) ransomware was first identified on April 17, 2019. It is used by the financially motivated GOLD SOUTHFIELD threat group, which distributes ransomware via exploit kits, scan-and-exploit techniques, RDP servers, and backdoored software installers. Secureworks® Counter Threat Unit™ (CTU) analysis suggests that REvil is likely associated with the GandCrab
0 Comments
The following analysis was compiled and published to Threat Intelligence clients in August 2018. The Secureworks® Counter Threat Unit™ (CTU) research team is publicly sharing insights about the IRON LIBERTY threat group, as well as details about the Karagany and MCMD malware used exclusively by IRON LIBERTY, to supplement the discussion of the man-on-the-side technique
0 Comments
The following analysis was compiled and published to Threat Intelligence clients in September 2018. The Secureworks® Counter Threat Unit™ (CTU) research team is publicly sharing insights about the IRON LIBERTY threat group, as well as details about the Karagany and MCMD malware used exclusively by IRON LIBERTY, to supplement the discussion of the man-on-the-side technique described in