Tag: tactics
-
Ransomware gangs extort victims 17 hours after intrusion on average
Tags: access, business, credentials, data, encryption, espionage, exploit, extortion, government, group, healthcare, Intruder, malicious, malware, metric, monitoring, network, ransom, ransomware, service, tactics, technology, theft, threat, tool, vulnerability, zero-dayThe initial point of access for the attackers and the privileges it provided themHow easy it is to reach other network segments and systems from the initially compromised assetWhether access into the environment was resold to a ransomware operator by an initial access brokerWhether the attackers decided to operate only outside the victim’s regular business…
-
CISO success story: How LA County trains (and retrains) workers to fight phishing
Tags: ai, awareness, breach, business, chatgpt, cio, ciso, cloud, compliance, computing, control, corporate, cybersecurity, data, dos, election, email, endpoint, government, hacker, healthcare, incident response, jobs, law, lessons-learned, malicious, marketplace, network, phishing, privacy, regulation, risk, risk-management, service, software, strategy, supply-chain, tactics, technology, threat, tool, training, vulnerability(The following interview has been edited for clarity and length.)At first glance, LA County’s reporting structure who reports to whom seems, well, fairly complex.We have a federated model: I report to the county CIO. Each department acts as an independent business and has its own department CIO and information security officer. Their job is to…
-
Lazarus Group Targets Developers Worldwide with New Malware Tactic
Tags: crypto, cyber, cybercrime, group, korea, lazarus, malware, north-korea, software, supply-chain, tacticsNorth Korea’s Lazarus Group, a state-sponsored cybercriminal organization, has launched a sophisticated global campaign targeting software developers and cryptocurrency users. Dubbed Operation Marstech Mayhem, this operation leverages the group’s latest implant, >>Marstech1,
-
Unusual attack linked to Chinese APT group combines espionage and ransomware
Tags: apt, attack, breach, china, cloud, country, credentials, crime, crimes, crypto, cyber, cybercrime, cyberespionage, data, encryption, espionage, exploit, finance, firewall, government, group, hacker, infection, insurance, intelligence, korea, microsoft, network, north-korea, ransom, ransomware, russia, software, tactics, technology, threat, veeam, vulnerabilityThe attacker demanded a $2-million ransom: The attack that resulted in the deployment of the RA World ransomware program, as well as data exfiltration, had the same chain: the toshdpdb.exe loading toshdpapi.dll then decrypting toshdp.dat which resulted in the PlugX variant being deployed. The difference is the attacker then chose to deploy the RA World…
-
Russia’s Sandworm APT Exploits Edge Bugs Globally
Sandworm (aka Seashell Blizzard) has an initial access wing called BadPilot that uses standard intrusion tactics to spread Russia’s tendrils around the world. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/microsoft-russian-sandworm-apt-exploits-edge-bugs-globally
-
Ransomware gangs shifting tactics to evade enterprise defenses
Threat actors adapted to improved threat detection, law enforcement actions, new Huntress research finds. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ransomware-gangs–tactics-/739937/
-
Getting the Most Value out of the OSCP: Pre-Course Prep
Tags: access, antivirus, attack, compliance, control, credentials, cyber, cybersecurity, detection, exploit, finance, framework, guide, hacker, hacking, infosec, infrastructure, jobs, kali, linux, mandiant, metric, microsoft, mitre, network, organized, password, penetration-testing, PurpleTeam, RedTeam, risk, service, skills, software, tactics, technology, tool, training, vulnerability, windowsThe first post in a five-part practical guide series on maximizing the professional, educational, and financial value of the OffSec certification pursuit for a successful career in offensive cybersecurity consulting Disclaimer: All opinions expressed in this article are solely my own. I have reviewed the content to ensure compliance with OffSec’s copyright policies and agreements.…
-
Cl0p Ransomware Hide Itself on Compromised Networks After Exfiltrate the Data
The Cl0p ransomware group, a prominent player in the cybercrime landscape since 2019, has intensified its operations by employing advanced techniques to remain undetected within compromised networks. Known for its association with the TA505 threat group, Cl0p has shifted its focus from merely encrypting files to leveraging double extortion tactics exfiltrating sensitive data and threatening…
-
The Rise of Typhoon Cyber Groups
Tags: access, attack, breach, communications, control, cyber, cyberattack, cybersecurity, data, defense, dns, endpoint, espionage, exploit, finance, government, group, infrastructure, intelligence, iot, military, monitoring, network, phone, resilience, supply-chain, tactics, threat, tool, vulnerability, zero-day -
CISA Places Election Security Staffers on Leave
The staffers were tasked with building relationships on the ground across the country in local election jurisdictions, teaching election officials tactics on mitigating cyber threats, cyber hygiene, combating misinformation and foreign influence, and more. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/cisa-election-security-staffers-on-leave
-
Channel Women In Security: True Crime And Adversary Tactics
Jamie Levy, director of adversary tactics at Huntress, is a seasoned expert in digital forensics and cybersecurity. Levy shares insight on personal security practices and the need for organizations to be prepared for potential breaches. First seen on crn.com Jump to article: www.crn.com/news/security/2025/true-crime-and-adversary-tactics
-
World Economic Forum Annual Meeting 2025: Takeaways, reflections, and learnings for the future
Tags: attack, best-practice, ceo, cyber, cyberattack, cybercrime, cybersecurity, finance, fortinet, group, intelligence, international, law, lessons-learned, mitigation, open-source, organized, risk, strategy, tactics, technology, threatIncreasingly sophisticated threat actors in the evolving cybersecurity landscape In a world where cybercriminals often operate with a level of efficiency mirroring that of Fortune 500 companies, it is essential that we look to ways we can better collaborate to counter them. Unfortunately, there is still a lot of room for improvement; in 2023, 87%…
-
EARLYCROW: Detecting APT Malware Command and Control Activities Over HTTPS
Tags: apt, communications, control, cyber, cyberattack, detection, malware, network, tactics, threatAdvanced Persistent Threats (APTs) represent a sophisticated and stealthy category of cyberattacks targeting critical organizations globally. Unlike common malware, APTs employ evasive tactics, techniques, and procedures (TTPs) to remain undetected for extended periods. Their command-and-control (C&C) communications often mimic legitimate web traffic, making detection particularly challenging for traditional Network Intrusion Detection Systems (NIDS). To address…
-
Researchers Found North Korean Hackers Advanced Tactics, techniques, and procedures
Recent research has highlighted the increasingly sophisticated tactics, techniques, and procedures (TTPs) employed by North Korean state-sponsored hackers. These cyber actors have demonstrated a strategic focus on espionage, financial theft, and disruption, targeting a broad range of sectors globally. Their operations align with the regime’s geopolitical objectives, including funding nuclear programs, gathering intelligence, and undermining…
-
Top 5 ways attackers use generative AI to exploit your systems
Tags: access, ai, attack, authentication, awareness, banking, captcha, chatgpt, china, control, cyber, cybercrime, cybersecurity, defense, detection, exploit, extortion, finance, flaw, fraud, group, hacker, intelligence, LLM, malicious, malware, network, phishing, ransomware, resilience, service, spam, tactics, theft, threat, tool, vulnerability, zero-dayFacilitating malware development: Artificial intelligence can also be used to generate more sophisticated or at least less labour-intensive malware.For example, cybercriminals are using gen AI to create malicious HTML documents. The XWorm attack, initiated by HTML smuggling, which contains malicious code that downloads and runs the malware, bears the hallmarks of development via AI.”The loader’s…
-
Kimsuky shifts tactics from traditional backdoors to RDP, proxies
First seen on scworld.com Jump to article: www.scworld.com/news/kimsuky-shifts-tactics-from-traditional-backdoors-to-rdp-proxies
-
Splunk Introduces >>DECEIVE<< an AI-Powered Honeypot to Track Cyber Threats
Splunk has unveiledDECEIVE(DECeption with Evaluative Integrated Validation Engine), an innovative, AI-augmented honeypot that mimics real-world systems to lure and study cyber attackers. By leveraging advanced artificial intelligence, DECEIVE provides organizations with a powerful means of tracking, analyzing, and understanding malicious activities in real time, offering actionable insights into attacker tactics and techniques. Revolutionizing Cybersecurity with…
-
4 Data-Driven Takeaways from Kasada’s 2025 Account Takeover Trends Report
Discover key insights from Kasada’s latest research on 2025 Account Takeover Attack Trends, including industry data, adversarial tactics, and defense strategies. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/4-data-driven-takeaways-from-kasadas-2025-account-takeover-trends-report/
-
Abyss Locker Ransomware Attacking Critical Network Devices including ESXi servers
The Abyss Locker ransomware, a relatively new but highly disruptive cyber threat, has been actively targeting critical network devices, including VMware ESXi servers, since its emergence in 2023. This ransomware group employs sophisticated tactics to infiltrate corporate networks, exfiltrate sensitive data, and encrypt systems for financial extortion. Its focus on virtualized environments has made it…
-
Lazarus Group tricks job seekers on LinkedIn with crypto-stealer
North Korea-linked Lazarus Group is duping job seekers and professionals in an ongoing campaign that runs a LinkedIn recruiting scam to capture browser credentials, steal crypto wallet data, and launch persistence.According to a discovery made by BitDefender Labs, threat actors reach out with fake LinkedIn job offers to lure the victims into downloading and executing…
-
XE Group Exploits Zero-Day Vulnerabilities in VeraCore CVE-2024-57968 CVE-2025-25181
Cybersecurity researchers from Intezer and Solis Security have uncovered a dramatic shift in tactics by XE Group, a First seen on securityonline.info Jump to article: securityonline.info/xe-group-exploits-zero-day-vulnerabilities-in-veracore-cve-2024-57968-cve-2025-25181/
-
MacOS Ferret operators add a deceptive bite to their malware family
The macOS Ferret family, variants of malware used by North Korean APTs for cyber espionage, has received a new member as samples of a detection-resistant variant, Flexible-Ferret, appear in the wild.The discovery of the samples was made by SentinelOne researchers who noted the variant’s capability to evade the recent XProtect signature update that Apple pushed…
-
New ValleyRAT Malware Variant Spreading via Fake Chrome Downloads
Morphisec uncovers a new ValleyRAT malware variant with advanced evasion tactics, multi-stage infection chains, and novel delivery methods… First seen on hackread.com Jump to article: hackread.com/valleyrat-malware-variant-fake-chrome-downloads/
-
Cybercriminals Exploiting HTTP Client Tools to Hijack Microsoft 365 Accounts
A recent report by Proofpoint has revealed an alarming trend of cybercriminals exploiting HTTP client tools to target Microsoft 365 accounts. These tools, originally designed for legitimate use, are now being repurposed for large-scale account takeover (ATO) attacks, employing tactics such as brute force login attempts and Adversary-in-the-Middle (AiTM) techniques. With a growing reliance on…
-
39% of IT leaders fear major incident due to excessive workloads
Enterprise security operations teams find themselves stretched thin and contending with an escalating cyber threat landscape today. Many are understaffed and underfunded, leaving CISOs on edge about the consequences for the enterprise, and their careers.A recent survey from Adaptavist about fallout from last summer’s CrowdStrike outage found that two out of five (39%) IT leaders…
-
The Hidden Cyber Trap: How Compromised Websites and Malicious AdTech Manipulate Users
In the cybersecurity world, analysts often focus on the adversary’s tactics, techniques, and procedures (TTPs), but what happens First seen on securityonline.info Jump to article: securityonline.info/the-hidden-cyber-trap-how-compromised-websites-and-malicious-adtech-manipulate-users/