Unit 42 Threat Intel Bulletin - June
Palo Alto Networks Unit 42
Unit 42 Threat Intelligence & Incident Response. Intelligence Driven. Response Ready.
Cybersecurity Trends
Read the Unit 42 Cloud Threat Report, Volume 7 to learn from real cloud breaches that happened in 2022.
Register for our virtual Code to Cloud Cybersecurity Summit.
Unit 42 Threat Intel Blogs
Attack Surface Risks, Challenges and Changes (Attack Surface Management)
While digitization has simplified many organizational tasks, it has simultaneously made other facets of business more complex, including an ever-growing attack surface. As the number of connected devices and online services continues to grow, identifying all of these assets and potential vulnerabilities is a challenge. Implementing effective security measures becomes more difficult, especially if you are relying on manual inventory processes.
Unit 42 Unveils Most ‘Expansive’ Cloud Threat Research Yet: Cloud Threat Report Volume 7 Examines the Expanding Attack Surface (Cloud, Reports)
The cloud attack surface is as dynamic as the cloud itself. As organizations around the globe increasingly share, store and manage data in the cloud, this expands organizations’ attack surface exponentially. This expansion often happens in ways that are unknown, overlooked or improperly secured. For threat actors, each workload in the cloud presents an opportunity, and without proper management, organizations are exposed to risk in countless ways.
Network Security Trend: November 2022- January 2023 (Malware)
Recent observations of exploits used in the wild November 2022-January 2023 reveal that attackers have been using newly published remote code execution vulnerabilities in the following three products:
Teasing the Secrets from Threat Actors: Malware Configuration Parsing at Scale (Malware)
Configuration data that changes across each instance of deployed malware can be a gold mine of information about what the bad guys are up to. The problem is that configuration data in malware is usually difficult to parse statically from the file, by design. Malware authors know the intelligence value as they provide directives for how the malware should behave.
Threat Assessment: Royal Ransomware (Ransomware, Threat Briefs)
Royal ransomware has been involved in high-profile attacks against critical infrastructure, especially healthcare, since it was first observed in September 2022. Bucking the popular trend of hiring affiliates to promote their threat as a service, Royal ransomware operates as a private group made up of former members of Conti.
领英推荐
Chinese Alloy Taurus Updates PingPull Malware (Malware)
Unit 42 researchers recently identified a new variant of PingPull malware used by Alloy Taurus actors designed to target Linux systems. While following the infrastructure leveraged by the actor for this PingPull variant, we also identified their use of another backdoor we track as Sword2033.
Recent Trends in Internet Threats: Common Industries Impersonated in Phishing Attacks, Web Skimmer Analysis and More (Malware)
From July-December 2022, Unit 42 researchers have observed and analyzed over 67 million unique malicious URLs, domains and IPs, which we use to block associated malicious network traffic. We will cover the trends we have observed during the second half of 2022 based on our detections of malicious URLs, domains and IPs.
Threat Actors Rapidly Adopt Web3 IPFS Technology (Malware)
During 2022, analysts from Unit 42 observed the rampant adoption of the InterPlanetary File System (aka IPFS) being used as a vehicle for malicious intent. IPFS is a Web3 technology that decentralizes and distributes the storage of files and other data into a peer-to-peer network.
Chat GPT-Themed Scam Attacks Are on the Rise (Malware)
Unit 42 researchers are monitoring the trending topics, newly registered domains and squatting domains related to ChatGPT, as it is one of the fastest-growing consumer applications in history. The dark side of this popularity is that ChatGPT is also attracting the attention of scammers seeking to benefit from using wording and domain names that appear related to the site.
Vice Society: A Tale of Victim Data Exfiltration via PowerShell, aka Stealing off the Land (Ransomware)
During a recent incident response (IR) engagement, the Unit 42 team identified that the Vice Society ransomware gang exfiltrated data from a victim network using a custom built Microsoft PowerShell (PS) script. We’ll break down the script used, explaining how each function works in order to shed light on this method of data exfiltration.
Threat Roll-up
More Information
Under Attack?
If you think you may have been compromised or have an urgent matter, get in touch with the Unit 42 Incident Response team by filling out this form or calling: North America Toll-Free: 1.866.486.4842 (866.4.UNIT42), UK: +44.20.3743.3660, EMEA: +31.20.299.3130, APAC: +65.6983.8730, and Japan: +81.50.1790.0200.
If you have cyber insurance or legal counsel, you can request for Unit 42 to serve as your incident response team. Unit 42 is on over 70 cyber insurance panels as a preferred vendor.
Sales Associate at American Airlines
1 年Great opportunity