InQuest Insider - March 2024
InQuest.net
Take your risk out of their hands. File-based cybersecurity protection to enforce Zero Trust and minimize end-user risk.
Recent discussions surrounding an emerging information-stealing trojan project reinforce the ongoing necessity of monitoring intelligence on adversaries' capabilities for gathering sensitive data. InQuest's TI team delve into the details of a newer threat known as Planet Stealer, which has recently surfaced in underground forums and garnered attention for its potential impact on cybersecurity.
Planet Stealer, also referred to as PlanetStealer, is an information-stealing trojan implemented in Go. These types of malware are designed to surreptitiously collect and transmit sensitive information from compromised hosts, providing threat actors with access to valuable data. As a prevalent component of the malware-as-a-service (MaaS) ecosystem, information stealers like Planet Stealer attract financially motivated adversaries seeking to exploit user data for various nefarious purposes. Dive deeper into the insights provided by our analysts in the full blog post.
Read the full analysis.
InQuest Email Attack Simulation
This month we harvested 336 samples from the wild capable of bypassing either Microsoft or Google. Of those, Microsoft missed 229 (68%), and Google missed 136 (40%). InQuest, MailTAC for reference, missed 54 (16%). The distribution of misses by file type is depicted below:
InQuest EAS includes samples sourced from 50+ industry-leading blogs. This month, we sourced 424 samples from these blogs for inclusion in attack simulation.
Want to validate the efficacy of your email security stack? InQuire here for a one-month free email attack simulation.
Latest Blogs
Understanding Phishing: Banner Effectiveness
Posted on 2024-03-26 by Isabelle Quinn
One of InQuest’s most distinguishing features is its banner system. While most of InQuest’s work detecting phish takes place “under the hood,” the banners are what recipients see. These distinctive yet unobtrusive signposts tell the reader where each email sits on the safe-dangerous spectrum. The color (gray, yellow, and red) gives a general impression. The brief text phrases explain why InQuest marked the email that way. The links in the banner allow the recipient to inquire further or report the mail to InQuest staff for further analysis
InQuest Labs Research Spotlight
ReverserAI
Provides automated reverse engineering assistance through the use of local large language models (LLMs) on consumer hardware.
领英推荐
bincapz
Enumerates program capabilities and malicious behaviors using fragment analysis.
Tabby
A tool that converts a payload into tabs and spaces and executes.
Global Security Events
Dissecting a complex vulnerability and achieving arbitrary code execution in Ichitaro Word
A complex vulnerability in JustSystems' Ichitaro Word Processor was exploited for arbitrary code execution, demonstrating the exploit's development process and challenges.
Suspected MFA Bombing Attacks Target Apple iPhone Users
Attackers are targeting Apple iPhone users with a rash of MFA bombing attacks that use a relentless series of legitimate password-reset notification alerts in what appears to be an attempt to take over their iCloud accounts. The activity has focused attention on the evolving nature of so-called multifactor authentication (MFA) bombing attacks.
Inside the Rabbit Hole: BunnyLoader 3.0 Unveiled
This article will focus on the newly released BunnyLoader 3.0, as well as historically observed BunnyLoader infrastructure and an overview of its capabilities. BunnyLoader is dynamically developing malware with the capability to steal information, credentials and cryptocurrency, as well as deliver additional malware to its victims.