Security News

Security researchers and analysts can now search Microsoft's Threat Intelligence Defender database using file hashes and URLs when pulling together information for network intrusion investigations and whatnot. "Often, analysts must go to multiple repositories to obtain the critical data sets they need to assess a suspicious domain, host, or IP address," Redmond wrote earlier about Defender Threat Intelligence, aka Defender TI. "DNS data, WHOIS information, malware, and SSL certificates provide important context to indicators of compromise, but these repositories are widely distributed and don't always share a common data structure, making it difficult to ensure analysts have all relevant data needed to make a proper and timely assessment of suspicious infrastructure."

The security researchers found that Google Play threats and Android phone infections are big business. A Google Play developer account can be bought for around $60-$200 USD depending on account characteristics such as the number of developed apps or the number of downloads.

Thieves cut through the wall of a coffee shop to get to an Apple store, bypassing the alarms in the process. My favorite example is a band of California art thieves that would break into people's houses by cutting a hole in their walls with a chainsaw.

Proactive threat hunting helps organizations save money by preventing security breaches and reducing the impact of attacks. To better understand the perspective of threat hunters who are in the trenches defending their organizations every day, Team Cymru surveyed 218 experienced security analysts to learn what works and what doesn't in their threat hunting program, how they measure success, and the biggest challenges they face.

A new Proofpoint report indicates that in late 2022, threat actor TA473 targeted elected officials and staffers in the U.S., as well as experts in European politics and economics. TA473 is a threat actor, known since 2021, that has targeted several countries aligned against the interests of Belarus and Russia; the group is also known as Winter Vivern for some security companies and governmental entities.

According to Mandiant, who has tracked APT43 since 2018, the threat actor aligns with the mission of the Reconnaissance General Bureau, the main foreign intelligence service from North Korea. In particular, malware and tools have been shared between APT43 and the infamous Lazarus threat actor.

The group's trophies included nearly 200GB of source code from Samsung, the source code for Nvidia's DLSS technology, and 250 internal projects from Microsoft. There may be vulnerabilities in the way software applications handle functions and data that could be present in the source code.

In Malwarebytes' most recent report on the current state of malware, the company has identified several high-profile cyber threats that organizations should be on the lookout for in 2023. Two of the currently most threatening malwares are Emotet and SocGholish.

Fake extortionists are piggybacking on data breaches and ransomware incidents, threatening U.S. companies with publishing or selling allegedly stolen data unless they get paid. They have also impersonated some ransomware and data extortion gangs in emails and claimed to be the authors of the intrusion, stealing hundreds of gigabytes of important data.

NCC Group's Global Threat Intelligence team, in its monthly cybersecurity Threat Pulse, noted there were 240 ransomware attacks in February 2023 - a 45% increase from the record-high number of attacks in January. The NCC Group also reported that ransomware LockBit 3.0 was the leading arrowhead, with the eponymous threat group having launched 129, or 54%, of ransomware salvos last month, including an attack on the U.K.'s Royal Mail.