Trellix Advanced Research Center: Digest #6
Detecting and Visualizing Lateral Movement Attacks with Trellix XDR - Part 2 by Chintan Shah and Maulik Maheta
Lateral Movement techniques discussed in our previous blog have been used by multiple threat actors in the past as mentioned in the MITRE Technique page. We have also been observing multiple alerts for these methods in the customer environments indicating that they are still being used actively in the enterprise network. Below highlights the NTDS.dit file exfiltration attempt alerts from the multiple environments and industry sectors as reported by Trellix telemetry data.
Tale of Greatness: Journey Through Dark Roads by Daksh Kapur , Vihar Shah and Pooja Khyadgi
Cybercriminals have a new weapon in their arsenal: Greatness, a PaaS tool specifically designed to steal your Microsoft 365 login credentials. First detected in mid-2022, it allows attackers to bypass security measures and has been active for over a year. We delve into its evolving evasion tactics that bypass detection.
领英推荐
A Catalog of Hazardous AV Sites - A Tale of Malware Hosting by Gurumoorthi Ramanathan
In mid-April 2024, Trellix Advanced Research Center team members observed multiple fake AV sites hosting highly sophisticated malicious files such as APK, EXE and Inno setup installer that includes Spy and Stealer capabilities. Hosting malicious software through sites which look legitimate is predatory to general consumers, especially those who look to protect their devices from cyber-attacks. The hosted websites made to look legitimate are listed below.
Pouring Acid Rain by Max Kersten
In two recent major geopolitical conflicts, in Ukraine and in Israel, wipers - malware used to destroy access to files and commonly used to halt telecom operations - were used to destroy digital infrastructure. Their ongoing shows that wipers have their place in a nation’s cyber arsenal, are here to stay and not a one-off tactic. Reports on the latest wipers have been making the rounds from SentinelOne regarding AcidRain and AcidPour, as well as Ruben Santamarta’s confirmation of the impact of AcidRain on Viasat KA-SAT devices.
Have you heard? Action against ransomware criminals took place on May 1st. The REvil affiliate that attacked Kayesa and many other organizations was sentenced to 13 years in prison and repayment of $16 million USD.