One Article Review
| Source |  AlienVault Lab Blog |
|---|---|
| Identifiant | 8442915 |
| Date de publication | 2024-01-25 11:00:00 (vue: 2024-01-25 11:08:04) |
| Titre | Le côté obscur de la cybersécurité 2023: évolution des logiciels malveillants et cyber-menaces The dark side of 2023 Cybersecurity: Malware evolution and Cyber threats |
| Texte | In the ever-evolving cybersecurity landscape, 2023 witnessed a dramatic surge in the sophistication of cyber threats and malware. AT&T Cybersecurity Alien Labs reviewed the big events of 2023 and how malware morphed this year to try new ways to breach and wreak havoc. This year\'s events kept cybersecurity experts on their toes, from expanding malware variants to introducing new threat actors and attack techniques. Here are some of the most compelling developments, highlighting malware\'s evolving capabilities and the challenges defenders face. Highlights of the year: Emerging trends and notable incidents As the year unfolded, several trends and incidents left an indelible mark on the cybersecurity landscape: Exploiting OneNote for malicious payloads Cybercriminals leveraged Microsoft OneNote to deliver many malicious payloads to victims, including Redline, AgentTesla, Quasar RAT, and others. This previously underutilized Office program became a favored tool due to its low suspicion and widespread usage. SEO poisoning and Google Ads Malicious actors resorted to SEO poisoning tactics, deploying phishing links through Google Ads to deceive unsuspecting victims. These links led to cloned, benign web pages, avoiding Google\'s detection and remaining active for extended periods. Prominent malware families, including Raccoon Stealer and IcedID, capitalized on this strategy. Exploiting geopolitical events Cybercriminals exploited the geopolitical climate, particularly the Middle East conflict, as a lure for their attacks. This trend mirrored the previous year\'s Ukraine-related phishing campaigns and crypto scams. APTs: State-sponsored espionage continues to present challenges Advanced Persistent Threats (APTs) continued to pose a significant threat in 2023: Snake: CISA reported on the Snake APT, an advanced cyber-espionage tool associated with the Russian Federal Security Service (FSB). This malware had been in use for nearly two decades. Volt Typhoon: A campaign targeting critical infrastructure organizations in the United States was attributed to Volt Typhoon, a state-sponsored actor based in China. Their focus lay on espionage and information gathering. Storm-0558: This highly sophisticated intrusion campaign, orchestrated by the Storm-0558 APT from China, infiltrated the email accounts of approximately 25 organizations, including government agencies. Ransomware\'s relentless rise Ransomware remained a prevalent and lucrative threat throughout the year: Cuba and Snatch: Ransomware groups like Cuba and Snatch targeted critical infrastructure in the United States, causing concern for national security. ALPHV/BlackCat: Beyond SEO poisoning, this group compromised the computer systems of Caesar and MGM casinos. They also resorted to filing complaints with the US Securities and Exchange Commission (SEC) against their victims, applying additional pressure to pay ransoms. Exploiting new vulnerabilities: Cybercriminals wasted no time exploiting newly discovered vulnerabilities, such as CVE-2023-22518 in Atlassian\'s Confluence, CVE-2023-4966 (Citrix bleed), and others. These vulnerabilities became gateways for ransomware attacks. Evolving ransom |
| Envoyé | Oui |
| Condensat | 0558 0558: 2023 2023: 22518 4966 ability about access accounts achieved actionable active activities actor actors adapted added additional additionally adload adload: ads advanced after against agencies agenttesla aimed alien alphv/blackcat: already also amplifying announced anonymity anonymous ante anti application applying approximately apt apts apts: are armed ascent associated asyncrat asyncrat: at&t atlassian attack attackers attacks attributed availability avoiding background based became been behind benefits benign beyond big blackguard blackguard: bleed blog blogs botnets branch breach browsers but buyers caesar campaign campaigns capabilities capitalized casinos causing challenges channels chats china cisa citrix client climate clipboard cloned commission communications community companies compelling complaints compromised computer concern conducting conflict confluence consulting continued continues continuous copied could critical crypto cryptocurrencies cryptocurrency cuba cve cyber cybercriminals cybersecurity cybersecurity: dark data date decades deceive defenders deliver deploying detection developments devices devious discovered downfall download dramatic due east elevating elusive email emails emerged emergence emerging enabling enhancement enhancing enjoying enthusiasts enticed entities espionage esxi evade even events ever evolution evolving exchange execute existing expanding experts exploited exploiting extended face fall families families: fate favored federal file filing first focus following formidable forums framework from fsb fuel full further games gateways gathering geographical geopolitical google government granting group groups had havoc heavily help here high highlighting highlights highly how however hundreds icedid identified illicit impact implemented improved inadvertently incidents including includingredline incorporated indelible infected infiltrated influx information infrastructure ingeniously insidious installed instance intelligence introducing intrusion investors involving its javascript kept kill known labs landscape landscape: lay led left legitimate leveraged like links linux loader low lucrative lure maas mac making malicious malware managed many mark mask measures meteoric mgm microsoft middle mirrored modifications modified modus months more moreover morphed most national nearly nefarious network new newly notable notoriety now obfuscated observations observed offered office one onenote open operandi orchestrated organizations original others otx pages panda particularly parties pay payloads pcs periods persistent phishing pilfer poisoning pool portraying pose posed potential powered present pressure prevalent previous previously private program prominent propagate provide proxies proxy public publication published purposes quasar quick raccoon ransoms ransomware rapid rare rat reach related relentless remained remaining remote removable rendering reported research residential resorted reversing reviewed rise rotation russian samples sandboxing scams sec securities security sensitive seo seroxen seroxen: servers service services several severe shared shortly shutdown side significant significantly similar snake snake: snatch snatch: sold some sophisticated sophistication source spam sponsored standout state states stealer stories storm strategy subsequently such surge surreptitiously suspicion switch systems tactics tailored tamper target targeted targeting team techniques telegram themselves then these third threat threats through throughout time toes tool tor transformed trash trend trends trojan try turned twist two typhoon typhoon: ukraine uncovered underground underutilized underwent unfolded unit united unsuspecting upgrade upped usage use useless users using variant variants version victims volt vulnerabilities vulnerabilities: wallets wasted watch ways web website where wide widespread windows within witnessed work wreak year year: |
| Tags | Ransomware Spam Malware Tool Vulnerability Threat Prediction |
| Stories | Guam |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.