Skip to content
  • Why Deepwatch?
    • Squad Delivery Model
    • Deepwatch Platform
    • Deepwatch Secure Score
    • Deepwatch Labs
  • Solutions
    • Managed Detection and Response (MDR)
      • MDR Enterprise
      • MDR Essentials
    • Managed Extended Detection Response (MXDR)
    • Endpoint Detection and Response (EDR)
    • Vulnerability Management (VM)
    • Firewall Management Solution
  • Company
    • About
    • Leadership
    • Careers
    • Contact
  • Partners
    • Channel Partners
    • Technology Alliance Partners
  • Resources
    • Resource Library
    • Blog
    • Case Studies
    • eBooks
    • Whitepapers
    • Datasheets
    • Video
    • Newsroom
    • Events
  • Search
  • Ready to Talk?
×

New Research Report: Security Leaders' Top Challenges & Priorities for 2023

Read Now
08.12.22

Cyber Intel Brief: Aug 4 – 10, 2022

By Eric Ford, 

Data Breach

Cisco Talos Shares Insights Related to Recent Cyber Attack on Cisco

Impacted Industries: Information

What You Need To Know:

Cisco Talos details their investigation into a breach they learned about on May 24, 2022. No evidence suggesting the threat actor, assessed to be an initial access broker, gained access to vital internal systems, including those involved in product development, code signing, etc.


Malware

Threat Actors Pivot to Abusing Explorer and Other LOLBins via Windows Shortcuts

Impacted Industries: All

What You Need To Know:

explorer.exe is the most popular living-off-the-land binary threat actors utilize to launch malware delivered by Windows shortcut files (.lnk), according to SentinelOne. This trend could be why SentinelOne has observed an upsurge in advertising and demand for the most recent iterations of two malicious LNK file-building tools.


Malware

CISA’s 2021 Top Malware Strains

Impacted Industries: All

What You Need To Know:

CISA and the Australian Cyber Security Centre have co-authored a joint Cybersecurity Advisory on the top malware variants seen in 2021. The most prevalent malware variants in 2021 included ransomware, banking Trojans, information thieves, and remote access Trojans (RATs).


Malware

X-FILES Stealer Evolution – An Analysis and Comparison Study

Impacted Industries:  All

What You Need To Know:

Zscaler’s ThreatLabz threat research team discovered a new variation of an infostealer with improved functionality to exfiltrate sensitive information. Additionally, threat actors have established and deployed several phishing websites to deliver the stealer and used the Follina vulnerability to distribute the stealer.


Tools

Attackers Leveraging Dark Utilities “C2aaS” Platform in Malware Campaigns

Impacted Industries: All

What You Need To Know:

Cisco Talos has observed a variety of malware samples for both Windows and Linux, using a new C2-as-a-Service platform that allows remote access, command execution, conduct DDoS attacks, and cryptocurrency mining operations on infected systems.


Threat Actors

Andariel Deploys DTrack and Maui Ransomware

Impacted Industries: Healthcare and Public Health Sector; potentially All

What You Need To Know:

Kaspersky links a recent Maui ransomware in April 2021 to Andariel via DTrack and 3proxy–publicly available–malware. According to their investigation, the adversary deployed the DTrack malware 10 hours before encrypting the victim with Maui ransomware.


Phishing

AiTM Phishing Attack Targeting Enterprise Users of Gmail

Impacted Industries: Enterprises Employing G Suite

What You Need To Know:

In a recent blog post, ThreatLabz details adversary-in-the-middle (AiTM) phishing attempts directed at business Gmail users.


Exploited Vulnerability

CISA Adds 3 Vulnerabilities to its Known Exploited Vulnerabilities Catalog

Impacted Industries: All

What You Need To Know:

CISA has added the three vulnerabilities to its Known Exploited Vulnerabilities Catalog. Some of the software affected include Microsoft Windows, RARLAB UnRAR, and Zimbra Collaboration.


What We Mean When We Say

Estimates of Likelihood

We use probabilistic language to reflect the Intel Team’s estimates of the likelihood of developments or events because analytical judgments are not certain. Terms like “probably,” “likely,” “very likely,” and “almost certainly” denote a higher than even chance. The terms unlikely and remote imply that an event has a lower than even chance of occurring; they do not imply that it will not. Terms like might and might reflect situations where we are unable to assess the likelihood, usually due to a lack of relevant information, which is sketchy or fragmented. Terms like “we can’t dismiss,” “we can’t rule out,” and “we can’t discount” refer to an unlikely, improbable, or distant event with significant consequences.

Confidence in Assessments

Our assessments and projections are based on data that varies in scope, quality, and source. As a result, we assign our assessments high, moderate, or low levels of confidence, as follows:

  • High confidence indicates that our decisions are based on reliable information and/or that the nature of the problem allows us to make a sound decision. However, a “high confidence” judgment is not a fact or a guarantee, and it still carries the risk of being incorrect.
  • Moderate confidence denotes that the information is credible and plausible, but not of high enough quality or sufficiently corroborated to warrant a higher level of assurance.
  • Low confidence indicates that the information’s credibility and/or plausibility are in doubt, that the information is too fragmented or poorly corroborated to make solid analytic inferences, or that we have serious concerns or problems with the sources.

Subscribe to the Deepwatch Insights Blog

Post navigation

Previous post

Customer Advisory | Microsoft’s Support Diagnostic Tool Vulnerability, AKA DogWalk, Actively Exploited

Next post

Customer Advisory | Exploit Code Released for Critical Vulnerability, CVE-2022-27255, Affecting Thousands of Routers

Deepwatch

DENVER
OFFICE & SOC

7800 East Union Avenue
Suite 900
Denver, CO 80237 USA
855.303.3033

TAMPA
OFFICE & SOC

4030 W Boy Scout Blvd.
Suite 550
Tampa, FL 33607 USA
855.303.3033

[email protected]

Why Deepwatch

  • Squad Delivery Model
  • Deepwatch Platform
  • Deepwatch Secure Score
  • Deepwatch Labs

Solutions

  • Managed Detection and Response (MDR)
  • MDR Essentials
  • MDR Enterprise
  • Managed Extended Detection Response (MXDR)
  • Endpoint Detection and Response (EDR)
  • Vulnerability Management (VM)
  • Firewall Management Solution

Company

  • About Us
  • Leadership
  • Careers
  • Contact

Resources

  • Resource Library
  • Insights Blog
  • News
  • Events

Partners

  • Channel Partners
  • Technology Alliance Partners

Contact

  • Let's Talk
  • Customer Login
  • Partner Login
GDPR Badge PCI Badge SOC2 Badge TRUSTe
LinkedIn Twitter YouTube YouTube

© Copyright 2023 Deepwatch incorporated

Trust | Sitemap | Privacy Policy