Threats & Defenses

Cyber Security Reviews on threats and defenses on the web can give readers valuable daily updates on the trends and how to prevent it.

0 Comments
Since 2015, Secureworks® Counter Threat Unit™ (CTU) researchers have observed a massive increase in the number and impact of post-intrusion ransomware incidents. In these attacks, a threat actor gains access to a compromised network, moves laterally to other systems and networks, locates the critical business assets, and then chooses a time (which could be days
0 Comments
The following analysis was compiled and published to Threat Intelligence clients in November 2018. The Secureworks® Counter Threat Unit™ (CTU) research team is publicly sharing insights about BRONZE VINEWOOD and its use of the HanaLoader malware and DropboxAES RAT, to increase visibility of the threat group’s activities. In mid-2018, Secureworks® Counter Threat Unit™ (CTU) researchers identified
0 Comments
The following analysis was compiled and published to Threat Intelligence clients in March 2019. The Secureworks® Counter Threat Unit™ (CTU) research team is publicly sharing insights about BRONZE VINEWOOD and its use of the HanaLoader malware and DropboxAES RAT, to increase visibility of the threat group’s activities. Summary DropboxAES is a simple remote access trojan (RAT) used
0 Comments
The following analysis was compiled and published to Threat Intelligence clients in April 2019. The Secureworks® Counter Threat Unit™ (CTU) research team is publicly sharing insights about BRONZE VINEWOOD and its use of the HanaLoader malware and DropboxAES RAT to increase visibility of the threat group’s activities. Summary BRONZE VINEWOOD (also known as APT31 and ZIRCONIUM) is
0 Comments
Today, the Secureworks® Counter Threat Unit™ (CTU) research team began publishing Threat Group profiles  on the Secureworks website. The profiles include a summary of the groups, their objectives, other aliases by which the groups are known, and the malware they use. Both criminal and government-sponsored Threat Groups are included. Why publish these records, given that
0 Comments
A timely snapshot of the global threat landscape for security and business leaders. Friday, April 17, 2020 By: Secureworks Counter Threat Unit As your organization continues to adapt to a new business environment, our Counter Threat Unit™ (CTU) remains vigilant in tracking coronavirus-themed cyber activity and assessing the cybersecurity risk. This concise, weekly snapshot from
0 Comments
The ongoing COVID-19 (also known as coronavirus) pandemic is creating challenges for organizations and individuals around the world. Most organizations have implemented remote working for their employees where possible. This transition changes how employees access data and communicate with colleagues and customers. That change creates an opportunity for threat actors who seek to exploit the
0 Comments
Cyberespionage operations by governments with mature cyber capabilities persist regardless of geopolitical events. Espionage typically focuses on broader long-term strategic goals. Secureworks® Counter Threat Unit™ (CTU) researchers monitor Iranian cyber operations, including the potential for retaliation after a January 2, 2020 U.S. drone strike killed Islamic Revolutionary Guard Corps (IRGC) Quds Force General Qasem Soleimani.
0 Comments
During a 2018 incident response engagement, Secureworks® analysts discovered strong evidence of a Russia-based espionage group using ‘man-on-the-side’ techniques to install malware on targeted networks. The threat actors used the same techniques in other incidents as well. This type of attack can undermine the integrity of the Internet’s fundamental communications infrastructure. What is a man-on-the-side
0 Comments
The LYCEUM threat group targets organizations in sectors of strategic national importance, including oil and gas and possibly telecommunications. The activity observed by Secureworks® Counter Threat Unit™ (CTU) researchers focuses on obtaining and expanding access within a targeted network. CTU™ research indicates that LYCEUM may have been active as early as April 2018. Domain registrations
0 Comments
Secureworks® Counter Threat Unit™ (CTU) researchers continually monitor the TrickBot botnet operated by the GOLD BLACKBURN threat group. A key feature of TrickBot is its ability to manipulate web sessions by intercepting network traffic before it is rendered by a victim’s browser. TrickBot has targeted hundreds of organizations, mostly financial institutions, since it began widespread
0 Comments
Indicator Type Context mlibo.ml Domain name Hosting phishing website used by COBALT DICKENS for August/July 2019 operations blibo.ga Domain name Hosting phishing website used by COBALT DICKENS for August/July 2019 operations azll.cf Domain name Hosting phishing website used by COBALT DICKENS for August/July 2019 operations azlll.cf Domain name Hosting phishing website used by COBALT DICKENS
0 Comments
On May 31, 2019, the developers of the highly profitable GandCrab ‘ransomware-as-a-service’ announced that they were retiring after earning over $2 billion USD since January 2018. The news was met with interest and skepticism within the security community, as multiple affiliate groups regularly conducted extremely successful GandCrab campaigns since its inception. After analyzing the threat
0 Comments
Summary The activities of some non-governmental organizations (NGOs) challenge governments on politically sensitive issues such as social, humanitarian, and environmental policies. As a result, these organizations are often exposed to increased government-directed threats aimed at monitoring their activities, discrediting their work, or stealing their intellectual property. BRONZE PRESIDENT is a likely People’s Republic of China
0 Comments
Summary The REvil (also known as Sodinokibi) ransomware was first identified on April 17, 2019. It is used by the financially motivated GOLD SOUTHFIELD threat group, which distributes ransomware via exploit kits, scan-and-exploit techniques, RDP servers, and backdoored software installers. Secureworks® Counter Threat Unit™ (CTU) analysis suggests that REvil is likely associated with the GandCrab
0 Comments
The following analysis was compiled and published to Threat Intelligence clients in August 2018. The Secureworks® Counter Threat Unit™ (CTU) research team is publicly sharing insights about the IRON LIBERTY threat group, as well as details about the Karagany and MCMD malware used exclusively by IRON LIBERTY, to supplement the discussion of the man-on-the-side technique
0 Comments
The following analysis was compiled and published to Threat Intelligence clients in September 2018. The Secureworks® Counter Threat Unit™ (CTU) research team is publicly sharing insights about the IRON LIBERTY threat group, as well as details about the Karagany and MCMD malware used exclusively by IRON LIBERTY, to supplement the discussion of the man-on-the-side technique described in
0 Comments
The following analysis was compiled and published to Threat Intelligence clients in July 2018. The Secureworks® Counter Threat Unit™ (CTU) research team is publicly sharing insights about the IRON LIBERTY threat group, as well as details about the Karagany and MCMD malware used exclusively by IRON LIBERTY, to supplement the discussion of the man-on-the-side technique described in the
0 Comments
Summary Secureworks® Counter Threat Unit™ (CTU) researchers have tracked the activities of the BRONZE UNION threat group (also known as Emissary Panda, APT 27, and LuckyMouse) since 2013. CTU™ analysis suggests that BRONZE UNION is located in the People’s Republic of China. The threat group has historically leveraged a variety of publicly available and self-developed
0 Comments
The BRONZE UNION threat group focuses on espionage and targets a broad range of organizations and groups using a variety of tools and methods. Wednesday, February 27, 2019 By: Counter Threat Unit Research Team This blog and the accompanying threat analysis, entitled A Peek Into BRONZE UNION’S Toolbox, are based on nearly two years of
0 Comments
Cloud-deployed containers and container orchestration systems are becoming mainstream. Vulnerabilities and exploits associated with containers are gathering pace; however, the best practice of securing containers continues to be overlooked. Containers allow for packaging and deployment of single applications. Decoupling applications or services from various parts of a target environment can provide a variety of operational
0 Comments
Just what is going on over in Redmond? Just weeks after issuing a Windows 10 patch of doom that started deleting users’ precious files, Microsoft ‘fixed’ Outlook 2010 with a November Patch Tuesday update that promptly blocked it. On 13 November, Microsoft released a security update, KB4461529, which fixed four security vulnerabilities. These flaws could
0 Comments
As featured in the 2018 State of Cybercrime Report released this week by Secureworks®, a small list of cybercrime malware is making the greatest impact in today’s threat landscape, including — but not exclusively limited to — malware families like Emotet. Emotet is a modular downloader, deployed by financially motivated criminals to steal credentials, collect
0 Comments
On October 4, 2018, a Bloomberg Businessweek article alleged that in 2015, manufacturers inserted microchips onto the motherboards of servers destined for U.S. public and government organizations to provide Chinese government-sponsored threat actors with unauthorized access. The story was immediately refuted in its entirety by the three companies named in the story: Apple, Amazon, and
0 Comments
If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new vulnerability that could compromise your online store. Simon Scannell, a researcher at RIPS Technologies GmbH, discovered an arbitrary file deletion vulnerability in the popular WooCommerce plugin that could allow a malicious or compromised privileged user to