What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-12-17 11:08:16 | Glupteba malware is back in action after Google disruption (lien direct) | The Glupteba malware botnet has sprung back into action, infecting devices worldwide after its operation was disrupted by Google almost a year ago. [...] | Malware | ★★★ | |
 |
2022-12-16 16:00:03 | Chinese APT Group MirrorFace Interferes in Japanese Elections (lien direct) | The MirrorFace group has deployed popular malware LodeInfo for spying and data theft against certain members of the Japanese House of Representatives. | Malware | ★★★ | |
|
2022-12-16 14:00:00 | Live From London: Next-Gen Cybersecurity Takes Stage at Black Hat Europe (lien direct) | Check out our slideshow detailing the emerging cybersecurity trends in cloud, creating a defensible Internet, malware evolution, and more that lit up audiences in London. | Malware | ★★ | |
 |
2022-12-16 11:46:06 | (Déjà vu) MoneyMonger : un nouveau malware dissimulé dans des applications mobiles de prêt d\'argent (lien direct) | Après avoir prêté de l'argent, les criminels à l'origine de ce malware extorquent les victimes en utilisant des informations personnelles volées sur leurs appareils.... | Malware | ★★ | |
|
2022-12-16 10:23:17 | Microsoft warns of new Minecraft DDoS malware infecting Windows, Linux (lien direct) | A new cross-platform malware botnet named 'MCCrash' is infecting Windows, Linux, and IoT devices to conduct distributed denial of service attacks on Minecraft servers. [...] | Malware | ★★ | |
 |
2022-12-15 20:51:24 | Expanding the App Defense Alliance (lien direct) | Posted by Brooke Davis, Android Security and Privacy Team The App Defense Alliance launched in 2019 with a mission to protect Android users from bad apps through shared intelligence and coordinated detection between alliance partners. Earlier this year, the App Defense Alliance expanded to include new initiatives outside of malware detection and is now the home for several industry-led collaborations including Malware Mitigation, MASA (Mobile App Security Assessment) & CASA (Cloud App Security Assessment). With a new dedicated landing page at appdefensealliance.dev, the ADA has an expanded mission to protect Android users by removing threats while improving app quality across the ecosystem. Let's walk through some of the latest program updates from the past year, including the addition of new ADA members. Malware MitigationTogether, with the founding ADA members - Google, ESET, Lookout, and Zimperium, the alliance has been able to reduce the risk of app-based malware and better protect Android users. These partners have access to mobile apps as they are being submitted to the Google Play Store and scan thousands of apps daily, acting as another, vital set of eyes prior to an app going live on Play. Knowledge sharing and industry collaboration are important aspects in securing the world from attacks and that's why we're continuing to invest in the program. New ADA MembersWe're excited to see the ADA expand with the additions of McAfee and Trend Micro. Both McAfee and Trend Micro are leaders in the antivirus space and we look forward to their contributions to the program. Mobile App Security Assessment (MASA)With consumers spending four to five hours per day in mobile apps, ensuring the safety of these services is more important than ever. According to Data.ai, the pandemic accelerated existing mobile habits - with app categories like finance growing 25% YoY and users spending over 100 billion hours in shopping apps. That's why the ADA introduced MASA (Mobile App Security Assessment), which allows developers to have their apps independently validated against the Mobile Application Security Verification Standard (MASVS standard) under the OWASP Mobile Application Security project. The project's mission is to “Define the industry standard for mobile application security,” and has been used by both public and private sector organizations as a form of industry best practices when it comes to mobile application security. Developers can work directly with an ADA Authorized Lab to have their apps evaluated against a set of MASVS L1 requirements. Once successful, the app's validation is listed in the recently launched App Validation Directory, which provides users a single place to view all app validations. The Directory also allows users to access more assessment details including validation date, test lab, and a report showing all test steps and requirements. The Directory will be updated over time with new features and search functionality to make it more user friendly. The Google Play Store is the first commercial app store to recognize and display a badge for any app that has completed an independent security review through ADA MASA. The badge is displayed within an app's respective | Malware Guideline Prediction | Uber | ★★ |
 |
2022-12-15 17:15:19 | WatchGuard Threat Lab Report Finds Top Threat Arriving Exclusively Over Encrypted Connections (lien direct) | WatchGuard Threat Lab Report Finds Top Threat Arriving Exclusively Over Encrypted Connections New research also analyzes the commoditization of adversary-in-the-middle attacks, JavaScript obfuscation in exploit kits, and a malware family with Gothic Panda ties - Malware Update | Malware Threat | APT 3 | ★★ |
|
2022-12-15 16:20:20 | Blackmailing MoneyMonger Malware Hides in Flutter Mobile Apps (lien direct) | Money-lending apps built using the Flutter software development kit hide a predatory spyware threat and highlight a growing trend of using personal data for blackmail. | Malware Threat Prediction | ★★★ | |
 |
2022-12-15 16:00:00 | Loan Scam Campaign \'MoneyMonger\' Exploits Flutter to Hide Malware (lien direct) | Zimperium said the code was part of an existing campaign previously discovered by K7 Security Labs | Malware | ★★ | |
 |
2022-12-15 15:54:00 | Android Malware Campaign Leverages Money-Lending Apps to Blackmail Victims (lien direct) | A previously undocumented Android malware campaign has been observed leveraging money-lending apps to blackmail victims into paying up with personal information stolen from their devices. Mobile security company Zimperium dubbed the activity MoneyMonger, pointing out the use of the cross-platform Flutter framework to develop the apps. MoneyMonger "takes advantage of Flutter's framework to | Malware | ★★★ | |
 |
2022-12-15 15:00:00 | Les installateurs du système d'exploitation Trojanisé Windows 10 ciblaient le gouvernement ukrainien ciblé Trojanized Windows 10 Operating System Installers Targeted Ukrainian Government (lien direct) |
Résumé exécutif
mandiant a identifié une opération axée sur le gouvernement ukrainien via des installateurs de système d'exploitation Trojanisé Windows 10.Ceux-ci ont été distribués via des sites torrent dans une attaque de chaîne d'approvisionnement.
Activité de menace suivie comme UNC4166 Trojanisé et distribué des installateurs de système d'exploitation malveillants qui réduisent la reconnaissance et les déploiementsCapacité supplémentaire sur certaines victimes à effectuer un vol de données.
Les fichiers trojanisés utilisent le pack de langues ukrainien et sont conçus pour cibler les utilisateurs ukrainiens.Suivre les cibles de compromis sélectionnées pour suivre
Executive Summary Mandiant identified an operation focused on the Ukrainian government via trojanized Windows 10 Operating System installers. These were distributed via torrent sites in a supply chain attack. Threat activity tracked as UNC4166 likely trojanized and distributed malicious Windows Operating system installers which drop malware that conducts reconnaissance and deploys additional capability on some victims to conduct data theft. The trojanized files use the Ukrainian language pack and are designed to target Ukrainian users. Following compromise targets selected for follow |
Malware | ★★★ | |
|
2022-12-15 13:33:39 | Zimperium Discovers Novel Predatory Loan Malware Hiding in Mobile Apps Developed With Flutter (lien direct) | Zimperium Discovers Novel Predatory Loan Malware Hiding in Mobile Apps Developed With Flutter After Loaning Money, Criminals Behind MoneyMonger Blackmail Victims with Personal Information Stolen from their Device - Malware Update | Malware | ★★ | |
|
2022-12-15 11:32:00 | Hacking Using SVG Files to Smuggle QBot Malware onto Windows Systems (lien direct) | Phishing campaigns involving the Qakbot malware are using Scalable Vector Graphics (SVG) images embedded in HTML email attachments. The new distribution method was spotted by Cisco Talos, which said it identified fraudulent email messages featuring HTML attachments with encoded SVG images that incorporate HTML script tags. HTML smuggling is a technique that relies on using legitimate features of | Malware | ★★★ | |
|
2022-12-15 10:23:49 | Zimperium découvre un nouveau malware dissimulé dans des applications mobiles de prêt d\'argent développées sur Flutter (lien direct) | Zimperium découvre un nouveau malware dissimulé dans des applications mobiles de prêt d'argent développées sur Flutter Après avoir prêté de l'argent, les criminels à l'origine de ce malware extorquent les victimes en utilisant des informations personnelles volées sur leurs appareils. - Malwares | Malware | ★★ | |
 |
2022-12-15 06:44:06 | Tracking Malicious Glupteba Activity Through the Blockchain (lien direct) | >Glupteba is a trojan horse typically deployed via malicious installers and software cracks. It is a modular malware operators can use to perform a wide range of tasks. Surprisingly, Glupteba leverages the Bitcoin blockchain to distribute its C&C domains. | Malware | ★★ | |
 |
2022-12-15 06:10:39 | (Déjà vu) ASEC Weekly Malware Statistics (December 5th, 2022 – December 11th, 2022) (lien direct) | The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from December 5th, 2022 (Monday) to December 11th, 2022 (Sunday). For the main category, downloader ranked top with 44.3%, followed by Infostealer with 28.2%, backdoor with 18.3%, ransomware with 8.5%, and CoinMiner with 0.7%. Top 1 – Amadey This week, Amadey Bot ranked first place with 15.9%. Amadey is a downloader that can receive commands... | Ransomware Malware | ★★ | |
|
2022-12-15 06:02:24 | STOP Ransomware Being Distributed in Korea (lien direct) | The ASEC analysis team discovered that the STOP ransomware is being distributed in Korea. This ransomware is being distributed at a very high volume that it is ranked among the Top 3 in the ASEC Weekly Malware Statistics (November 28th, 2022 – December 4th, 2022). The files that are currently being distributed are in the form of MalPe just like SmokeLoader and Vidar, and the filenames include a random 4-byte string as shown below. When the ransomware is executed, it first... | Ransomware Malware | ★ | |
 |
2022-12-15 05:12:00 | Anomali November Quarterly Product Update (lien direct) | We’re excited to announce our quarterly platform update for November. This update introduces new capabilities that automate defense actions and allow enterprise organizations to understand their relevant threat landscape and visualize what’s happening inside and outside their network. Key highlights for this quarter include: Attack Surface Management Visualizations of Attack Flow Patterns Anomali Intelligence Channels Cloud XDR Data Usage and Notification Feeds Health Status Attack Surface Management: Understanding your threat landscape is essential in knowing which assets you need to protect. With this release, we’re proud to offer a unique Attack Surface Management solution that provides cyber security teams with a comprehensive, accurate view of their environment through the eyes of the attacker. “Recent ESG Research showed that security operations have become more difficult at most organizations over the past few years, partly due to a growing attack surface,” said Jon Oltsik, Senior Principal Analyst and Fellow, Enterprise Strategy Group. Anomali’s Attack Surface Management provides visibility into ALL external facing assets to identify exposures, enabling organizations to understand impact based on asset criticality, vulnerability, and attack severity. This allows analysts to prioritize investigation activities and perform remediation of misconfigured assets and security controls. The real power is using it in combination with other Anomali solutions. For example, with Anomali Match, organizations can prioritize asset remediation based on real, detected threats to exposed assets. With this, they can assess the potential impact of the threat actors targeting organizations, their motivations for attacking, and their tactics and techniques as they carry out an active campaign. Anomali’s proprietary data provides a point in time and a historical view with insights that others can’t. Reach out or download our datasheet to learn more. Visualizations of Attack Flow Patterns: Understanding an attacker and their tools, techniques, and procedures TTPs is paramount to becoming a proactive security organization. “Attack flows help defenders understand, share, and make threat-informed decisions based on the sequence of actions in a cyber-attack,” as per MITRE Enginuity’s Center for Threat Informed Defense. Based upon our work with the MITRE Engenuity Center for Threat-Informed Defense, we’ve added a new Attack Flow Library that helps visualize the sequence of attack techniques in ThreatStream Cloud. An initial group of 15 Attack Flows is available in ThreatStream, curated by the Anomali Threat Research Team. This library enables analysts to understand attack pattern sequences for infiltrating an environment. It also provides SOC teams with a foundation for future automated Attack Pattern detection capabilities that could help prevent, stop, or remediate an attack. Keep an eye out for more innovations around this initiative. And download our ebook, The Need to Focus on the Adversary, to learn why understanding the attacker is important. Intelligence Channels: Security teams are under pressure to do more with less. Unfortunately, most organizations need help effectively implementing threat intelligence, not benefiting from the value their threat intelligence team, processes, and tools provide. We’ve made it easier for Security teams to implement out-of-the-box tailored intelligence with Intelligence Channels. Intelligence Channels are for organizations that need help implementing threat intelligence. Curated by The Anomali | Malware Threat | ★ | |
|
2022-12-15 02:36:18 | Hackers target Japanese politicians with new MirrorStealer malware (lien direct) | A hacking group tracked as MirrorFace has been targeting Japanese politicians for weeks before the House of Councilors election in July 2022, using a previously undocumented credentials stealer named 'MirrorStealer.' [...] | Malware | ★ | |
 |
2022-12-14 19:02:41 | Interest in Infostealer Malware Within Cyberattacks Spikes as MFA Fatigue Attacks Increase (lien direct) |
|
Malware | ★★ | |
|
2022-12-14 18:38:00 | Ransomware Attackers Use Microsoft-Signed Drivers to Gain Access to Systems (lien direct) | Microsoft on Tuesday disclosed it took steps to suspend accounts that were used to publish malicious drivers that were certified by its Windows Hardware Developer Program were used to sign malware. The tech giant said its investigation revealed the activity was restricted to a number of developer program accounts and that no further compromise was detected. Cryptographically signing malware is | Ransomware Malware | ★ | |
|
2022-12-14 17:00:00 | AgentTesla Remains Most Prolific Malware in November, Emotet and Qbot Grow (lien direct) | These are some of the key findings from the latest Check Point Research Most Wanted report | Malware | ★★ | |
|
2022-12-14 14:13:11 | Attackers use SVG files to smuggle QBot malware onto Windows systems (lien direct) | QBot malware phishing campaigns have adopted a new distribution method using SVG files to perform HTML smuggling that locally creates a malicious installer for Windows. [...] | Malware | ★★ | |
|
2022-12-14 13:24:00 | Microsoft patches Windows zero-day used to drop ransomware (lien direct) | Microsoft has fixed a security vulnerability used by threat actors to circumvent the Windows SmartScreen security feature and deliver Magniber ransomware and Qbot malware payloads. [...] | Ransomware Malware Vulnerability Threat | ★★ | |
|
2022-12-14 12:27:13 | Zscaler State of Encrypted Attacks Report: Mehr als 85 Prozent der Angriffe erfolgen über verschlüsselte Kanäle (lien direct) | Jährlicher Bericht zeigt, dass das Volumen der Sicherheitsbedrohungen im Vergleich zum Vorjahr um 20 Prozent zunahm, was die Bedeutung von Zero Trust unterstreicht. Mehr als 85 Prozent aller Angriffe nutzen inzwischen verschlüsselte Kanäle in verschiedenen Phasen der Angriffskette, was einem Anstieg um 20 Prozent gegenüber dem Vorjahr entspricht. Nahezu 90 Prozent aller Cyberbedrohungen gehen auf Malware zurück, die über einen via E-Mail oder infizierte Webseiten verbreiteten Link die schädliche Payload nachlädt. Die USA und Indien sind Hauptziele für verschlüsselte Angriffe. Südafrika, das Vereinigte Königreich und Australien vervollständigen die Top Five. In Deutschland nahmen die Angriffe im Vergleich zu 2021 um 352 Prozent zu. - Sonderberichte | Malware | ★ | |
 |
2022-12-14 10:35:16 | Attention, des applications Android " zombies " se propagent sur les smartphones (lien direct) |  Des applications dites " zombies " se propagent sur les smartphones Android. D'après ThreatFabric, les pirates utilisent un programme malveillant pour cacher un malware dans le code d'applications populaires. Celui-ci s'empare ensuite de données sensibles… |
Malware | ★★ | |
 |
2022-12-14 09:17:48 | Emerging Threats: Emotet-ually Unstable – The resurgence of a nuisance (lien direct) | >By Anish Bogati, Logpoint Global Services and Security ResearchContentsTL;DRWhat is Emotet?Fast FactsBackgroundEmotet operations, tactics and techniquesTL;DREmotet, aka Geodo or Heodo, is a modular malware variant that was initially used as banking malware.At present Emotet is used as a dropper, which means it downloads other malware like IcedID, QakBOT, and TrickBot.Emotet was first detected in June [...] | Malware | ★★ | |
 |
2022-12-14 01:13:40 | Patch Tuesday: 0-days, RCE bugs, and a curious tale of signed malware (lien direct) | Tales of derring-do in the cyberunderground! (And some zero-days.) | Malware | ★★ | |
 |
2022-12-14 00:00:00 | Probing Weaponized Chat Applications Abused in Supply-Chain Attacks (lien direct) | This report examines the infection chain and the pieces of malware used by malicious actors in supply-chain attacks that leveraged trojanized installers of chat-based customer engagement platforms. | Malware | ★★ | |
 |
2022-12-13 22:16:36 | Cloud Threats Memo: Understanding the Dead Drop Resolver Technique (lien direct) | >If I asked you what the common ways to exploit a cloud app for malicious purposes are, I bet your answer would probably be either to use it to distribute malicious content (such as malware or phishing pages), or to host the command and control (C2) infrastructure. In reality another frequent technique is the dead […] | Malware | ★★★★ | |
 |
2022-12-13 21:28:57 | Cuba Ransomware Gang Abused Microsoft Certificates to Sign Malware (lien direct) | The company has taken measures to mitigate the risks, but security researchers warn of a broader threat. | Ransomware Malware | ★★★ | |
 |
2022-12-13 21:17:27 | Microsoft digital certificates have once again been abused to sign malware (lien direct) | Code-signing is supposed to make people safer. In this case, it made them less so. | Malware | ★★★ | |
|
2022-12-13 18:00:00 | Je jure solennellement que mon chauffeur ne soit pas bon: chasser pour une attestation signée malveillante I Solemnly Swear My Driver Is Up to No Good: Hunting for Attestation Signed Malware (lien direct) |
Lors d'une récente enquête sur la réponse aux incidents, Mandiant a découvert un pilote malveillant utilisé pour terminer certains processus sur les systèmes Windows.Dans ce cas, le pilote a été utilisé pour tenter de mettre fin à l'agent de détection et de réponse (EDR) du point de terminaison sur le point de terminaison.Mandiant suit le conducteur malveillant et son chargeur comme pauvreté et stonestop respectivement.Peu de temps après la découverte initiale, Mandiant a observé un échantillon de pilote pauvre signé avec une signature de compatibilité matérielle Microsoft Windows.Une analyse minutieuse des métadonnées authenticodes du conducteur \\ a conduit à une enquête plus grande
During a recent Incident Response investigation, Mandiant discovered a malicious driver used to terminate select processes on Windows systems. In this case, the driver was used in an attempt to terminate the Endpoint Detection and Response (EDR) agent on the endpoint. Mandiant tracks the malicious driver and its loader as POORTRY and STONESTOP respectively. Soon after the initial discovery, Mandiant observed a POORTRY driver sample signed with a Microsoft Windows Hardware Compatibility Authenticode signature. Careful analysis of the driver\'s Authenticode metadata led to a larger investigation |
Malware | ★★★ | |
|
2022-12-13 16:00:00 | Anomali Cyber Watch: MuddyWater Hides Behind Legitimate Remote Administration Tools, Vice Society Tops Ransomware Threats to Education, Abandoned JavaScript Library Domain Pushes Web-Skimmers (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Compromised websites, Education, Healthcare, Iran, Phishing, Ransomware, and Supply chain. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
New MuddyWater Threat: Old Kitten; New Tricks
(published: December 8, 2022)
In 2020-2022, Iran-sponsored MuddyWater (Static Kitten, Mercury) group went through abusing several legitimate remote administration tools: RemoteUtilities, followed by ScreenConnect and then Atera Agent. Since September 2022, a new campaign attributed to MuddyWater uses spearphishing to deliver links to archived MSI files with yet another remote administration tool: Syncro. Deep Instinct researchers observed the targeting of Armenia, Azerbaijan, Egypt, Iraq, Israel, Jordan, Oman, Qatar, Tajikistan, and United Arab Emirates.
Analyst Comment: Network defenders are advised to establish a baseline for typical running processes and monitor for remote desktop solutions that are not common in the organization.
MITRE ATT&CK: [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] Remote Access Tools - T1219
Tags: mitre-group:MuddyWater, actor:Static Kitten, actor:Mercury, Iran, source-country:IR, APT, Cyberespionage, Ministry of Intelligence and Security, detection:Syncro, malware-type:RAT, file-type:MSI, file-type:ZIP, OneHub, Windows
Babuk Ransomware Variant in Major New Attack
(published: December 7, 2022)
In November 2022, Morphisec researchers identified a new ransomware variant based on the Babuk source code that was leaked in 2021. One modification is lowering detection by abusing the legitimate Microsoft signed process: DLL side-loading into NTSD.exe — a Symbolic Debugger tool for Windows. The mechanism to remove the available Shadow Copies was changed to using Component Object Model objects that execute Windows Management Instrumentation queries. This sample was detected in a large, unnamed manufacturing company where attackers had network access and were gathering information for two weeks. They have compromised the company’s domain controller and used it to distribute ransomware to all devices within the organization through Group Policy Object. The delivered BAT script bypasses User Account Control and executes a malicious MSI file that contains files for DLL side-loading and an open-source-based reflective loader (OCS files).
Analyst Comment: The attackers strive to improve their evasion techniques, their malware on certain steps hides behind Microsoft-signed processes and exists primarily in device memory. It increases the need for the defense-in-depth approach and robust monitoring of your organization domain.
MITRE ATT&CK: [MITRE ATT&CK] Data Encrypted for Impact - T1486 | [MITRE ATT&CK] Abuse Elevation Control Mechanism - T1548 | [MITRE ATT&CK] Hijack Execution Flow - T1574 | |
Ransomware Malware Tool Threat Medical | APT 38 | ★★★ |
|
2022-12-13 14:38:00 | Cybersecurity Experts Uncover Inner Workings of Destructive Azov Ransomware (lien direct) | Cybersecurity researchers have published the inner workings of a new wiper called Azov Ransomware that's deliberately designed to corrupt data and "inflict impeccable damage" to compromised systems. Distributed through another malware loader known as SmokeLoader, the malware has been described as an "effective, fast, and unfortunately unrecoverable data wiper," by Israeli cybersecurity company | Ransomware Malware | ★★★ | |
|
2022-12-13 12:30:00 | Malware Strains Targeting Python and JavaScript Developers Through Official Repositories (lien direct) | An active malware campaign is targeting the Python Package Index (PyPI) and npm repositories for Python and JavaScript with typosquatted and fake modules that deploy a ransomware strain, marking the latest security issue to affect software supply chains. The typosquatted Python packages all impersonate the popular requests library: dequests, fequests, gequests, rdquests, reauests, reduests, | Ransomware Malware | ★★★ | |
|
2022-12-13 12:27:43 | New GoTrim botnet brute forces WordPress site admin accounts (lien direct) | A new Go-based botnet malware named 'GoTrim' is scanning the web for self-hosted WordPress websites and attempting to brute force the administrator's password and take control of the site. [...] | Malware | ★★ | |
 |
2022-12-13 11:00:56 | November 2022\'s Most Wanted Malware: A Month of Comebacks for Trojans as Emotet and Qbot Make an Impact (lien direct) | >Check Point Research reports that Emotet has returned after a quiet summer, now the second most prevalent malware globally. Qbot has also made it back into the index for the first time since 2021, while the Education sector remains under attack Our latest Global Threat Index for November saw the return of Emotet, an ambitious… | Malware Threat | ★★ | |
 |
2022-12-13 11:00:00 | 2023 Cybersecurity predictions (lien direct) | Cybersecurity is a relatively new discipline in the realm of computing. Once computing became more democratized with PCs connected via local area networks (LAN) and client/server environments, adversaries quickly saw opportunities. The more democratized computing – the more risk and the potential for cyber adversaries.
Dealing with cyber risk and adversaries is now part of a normal business plan. Gone are the days of instilling fear, uncertainty, and doubt (FUD) about the potential of a bad actor. The days of nefarious hackers in hoodies lurking in the shadows are gone.
Businesses of all types and sizes now know that cybersecurity is part of a solid business plan. Security is no longer relegated to a team of really smart experts; security is a business enabler and builder of digital trust.
As we move to 2023, we will continue to see computing more democratized. With the advent of more edge computing (according to the 2022 AT&T Cybersecurity Insights Report, 75% of organizations are on a journey to the edge, the way we interact with technology is rapidly shifting. We are moving from input/output types of functions to more seamless interactions that deliver outcomes.
With more of a focus on outcomes, security becomes the center of focus in the new democratized era of computing. We are just getting started with ideas for edge computing. And, by association, we are just getting started with what security means.
Here are my predictions for some of the trends and highlights we will see in cybersecurity landscape in the year ahead.
Move to the edge
A new paradigm of computing is upon us. This new era is underpinned by 5G and edge.
Edge is a word we have heard for quite some time, but in general conversation lacks a consistent definition. Vendors and business users alike tend to define edge in accordance with the technology stack being sold or used.
When thinking about edge, consider these three characteristics as a starting point:
A distributed model of management, intelligence, and networks
Applications, workloads, and hosting closer to users and assets that are generating or consuming the data – may be on-premise or in the cloud
Software defined
Edge use cases are largely driven by the world of the internet of things (IoT) that collect and transmit data to make logical and rational decisions to derive an outcome.
In 2023, we should expect to see an accelerated full-scale rollout of edge use cases in areas such as:
Real-time fraud detection for financial services
Automated warehousing with near real-time inventory management
Near real-time visual inspections for uses as varied as manufacturing assembly lines, passport control at border crossing, and available parking spaces
These use cases require connected systems from the network layer through to application monitoring/management, and require each component to be secure in order to derive the desired outcome.
With more democratized computing, security is no longer isolated, it is central to delivering strong business outcomes.
In 2023, expect to see more edge use cases and applications. For successful implementation and with security at the core, expect to see the erosion of decades-old siloes such as networking, IT, app development, and security begin to fade away and enable more cross-functional work and roles.
Read more about the edge ecosystem in the upcoming 2023 AT&T Cybersecurity Insights Report due out January 24, 2023. Check out our previous reports available here for: 2022 and |
Malware Hack Threat Medical | ★★★ | |
|
2022-12-13 10:45:00 | Experts Warn ChatGPT Could Democratize Cybercrime (lien direct) | Researchers claim AI bot can write malware and craft phishing emails | Malware | ChatGPT | ★★★ |
 |
2022-12-13 08:32:10 | Researchers smell a cryptomining Chaos RAT targeting Linux systems (lien direct) | Smells like Russian miscreants A type of cryptomining malware targeting Linux-based systems has added capabilities by incorporating an open source remote access trojan called Chaos RAT with several advanced functions that bad guys can use to control remote operating systems.… | Malware | ★★★ | |
 |
2022-12-12 23:44:44 | Effective, fast, and unrecoverable: Wiper malware is popping up everywhere (lien direct) | Wiper malware from no fewer than 9 families has appeared this year. Now there are 2 more. | Malware | ★★ | |
|
2022-12-12 19:21:00 | Cryptocurrency Mining Campaign Hits Linux Users with Go-based CHAOS Malware (lien direct) | A cryptocurrency mining attack targeting the Linux operating system also involved the use of an open source remote access trojan (RAT) dubbed CHAOS. The threat, which was spotted by Trend Micro in November 2022, remains virtually unchanged in all other aspects, including when it comes to terminating competing malware, security software, and deploying the Monero (XMR) cryptocurrency miner. "The | Malware | ★★ | |
 |
2022-12-12 16:50:35 | TrueBot malware delivery evolves, now infects businesses in the US and elsewhere (lien direct) | >New research from Cisco Talos reveals that the infamous TrueBot malware has updated its modus operandi and now hits the U.S. with additional payloads such as the infamous Clop ransomware. | Malware | ★★ | |
|
2022-12-12 16:26:33 | New Python malware backdoors VMware ESXi servers for remote access (lien direct) | A previously undocumented Python backdoor targeting VMware ESXi servers has been spotted, enabling hackers to execute commands remotely on a compromised system. [...] | Malware | ★★★ | |
|
2022-12-12 10:55:50 | From disruption to destruction- Azov Ransomware presents a new shift towards destructive wipers (lien direct) | >Highlights: Check Point Research (CPR) provides under-the-hood details of its analysis of the infamous Azov Ransomware Using advanced wipers, Azov is designed to inflict immense damage to the infected machine it runs on Check Point Research flags a worrying shift towards sophisticated malware designed to destroy the compromised system, and advises organizations to take appropriate… | Ransomware Malware | ★★★ | |
 |
2022-12-12 06:49:00 | GoTrim: Go-based Botnet Actively Brute Forces WordPress Websites (lien direct) | FortiGuard Labs encountered an unreported CMS scanner and brute forcer written in the Go programming language. Read our analysis of the malware and how this active botnet scans and compromises websites. | Malware | ★★ | |
|
2022-12-11 11:22:33 | (Déjà vu) Clop ransomware uses TrueBot malware for access to networks (lien direct) | Security researchers have noticed a spike in devices infected with the TrueBot malware downloader created by a Russian-speaking hacking group known as Silence. [...] | Ransomware Malware | ★★ | |
|
2022-12-11 11:22:33 | Clop ransomware partners with TrueBot malware for access to networks (lien direct) | Security researchers have noticed a spike in devices infected with the TrueBot malware downloader created by a Russian-speaking hacking group known as Silence. [...] | Ransomware Malware | ★ | |
|
2022-12-10 17:16:00 | Hack-for-Hire Group Targets Travel and Financial Entities with New Janicab Malware Variant (lien direct) | Travel agencies have emerged as the target of a hack-for-hire group dubbed Evilnum as part of a broader campaign aimed at legal and financial investment institutions in the Middle East and Europe. The attacks targeting law firms throughout 2020 and 2021 involved a revamped variant of a malware called Janicab that leverages a number of public services like YouTube as dead drop resolvers, | Malware | ★★★ |
To see everything:
Our RSS (filtrered)
