Trellix Advanced Research Center: Digest #10

The Iranian Cyber Capability by Ernesto Fernández Provecho, Pham D. and John Fokker

In recent years, The Islamic Republic of Iran has extensively promoted the execution of cyber campaigns to protect its national interests, deter adversaries, and conduct cyber espionage. These incursions have been developed by specific government units that are believed to operate under the umbrella of two main institutions, the Islamic Revolutionary Guard Corps (IRGC) and the Ministry of Intelligence and Security (MOIS) [1]. Moreover, many individuals have also started to conduct cyber attacks to protect the interests of the country under the guise of hacktivism.

READ MORE

Unmasking the Hidden Threat: Inside a Sophisticated Excel-Based Attack Delivering Fileless Remcos RAT by Trishaan Kalra

In the rapidly evolving landscape of cybersecurity, attackers are continuously refining their methods to bypass detection and deliver malicious payloads. This blog dissects a recent advanced malware campaign that leverages a seemingly benign Excel file delivered via phishing that exploits CVE-2017-0199, a critical vulnerability in Microsoft Office and WordPad that allows attackers to execute arbitrary code when a user opens a specially crafted document. Specifically, this vulnerability occurs in the handling of Object Linking and Embedding (OLE) objects, enabling an attacker to embed malicious code within a file that appears benign. This sophisticated campaign utilizes encrypted Microsoft Office documents, Object Linking and Embedding (OLE) objects, and multiple layers of obfuscated scripts to execute a fileless variant of the Remcos Remote Access Trojan (RAT) on the victim's system. We will explore each stage of the attack chain and provide actionable insights for cybersecurity professionals.

READ MORE

Uncover more via Cyber Security News.

Speaking with SiliconANGLE & theCUBE analysts John Furrier and Savannah Peterson, our Advanced Research Center’s Head of Threat Intelligence John Fokker recaps key insights from his time at mWISE Conference and discusses how Trellix strategically embraces GenAI.

Watch the full interview.

Register for our upcoming Virtual Summit!

Join our GenAI Powered Responsible Security Virtual Summit to discover how to foster trust, stability, and resiliency, with intelligence.

You’ll learn how to:

• Implement a resilient-by-design architecture to enhance stability and avoid outages
• Scale your SOC with high efficacy, low noise detection and automated response
• Investigate 100% of your alerts with purpose-built GenAI to relieve alert fatigue and prioritize threats

Register for our upcoming Virtual Workshop!

Many major cyber incidents have started as low level alerts — the kind that often don’t get investigated because your SOC can’t get to everything. But recent advances in threat detection and response have put 100% investigation in reach. Join our experts to learn proven strategies to level up your SOC to investigate every alert that comes in.

Space is limited! Register now and don’t miss the opportunity to:

• Learn how to get started on the journey to 100% alert investigation
• Learn how Trellix uses ML, AI, GenAI and threat intelligence
• Walk through real-world examples of GenAI auto-investigations

Gain valuable knowledge you can bring back to your organization while earning 2 CPE Credits for attending.