#BehaviorBasedDetection

AU10TIX Q3 2024 Global Identity Fraud Report Detects Skyrocketing Social Media Attacks

by

November 1, 2024 at 05:45PM AU10TIX released its Q3 2024 Global Identity Fraud Report at Money 20/20, highlighting a surge in automated bot attacks targeting social media, particularly before the US presidential election. The report notes advancements in AI-driven fraud techniques, including synthetic selfies, emphasizing the need for behavior-based detection and enhanced verification systems. **Meeting … Read more

CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth

by

July 11, 2024 at 10:36AM The Cybersecurity and Infrastructure Security Agency (CISA) conducted a SILENTSHIELD red team assessment against a Federal Civilian Executive Branch organization in early 2023. The red team mimicked the techniques, tradecraft, and behaviors of sophisticated threat actors to assess the organization’s security posture. The assessment revealed findings related to initial access, … Read more

(Cyber) Risk = Probability of Occurrence x Damage

by

May 15, 2024 at 08:12AM The new Common Vulnerability Scoring System (CVSS) v4.0 aims to enhance vulnerability assessment by introducing additional metrics and emphasizing the consideration of environmental and threat factors. It is used to evaluate the risk associated with vulnerabilities, especially in network products, and is considered an internationally recognized standard. Integration with security … Read more

Ducktail Infostealer, DarkGate RAT Linked to Same Threat Actors

by

October 20, 2023 at 02:18PM DarkGate, a remote access trojan (RAT), has been linked to the Vietnamese financial cybercrime operation behind the Ducktail infostealer. Researchers have found similarities in the lure documents and targeting used by both malware. DarkGate is a multifunctional malware that can steal information, distribute malware, and mine cryptocurrency. Understanding connections between … Read more

ShellBot Cracks Linux SSH Servers, Debuts New Evasion Tactic

by

October 13, 2023 at 01:47PM Cyberattackers are using the ShellBot malware to target Linux SSH servers. They are now using hexadecimal IP addresses to evade detection. This new method allows them to hide their activity from behavior-based detection systems. ShellBot is a well-known botnet that compromises servers with weak SSH credentials and can be used … Read more