Palo Alto Networks Unit 42

Join host David Moulton on this week’s Threat Vector, as he dives deep into the rapidly evolving XDR landscape with Allie Mellen, Principal Analyst at Forrester. With expertise in security operations, nation-state threats, and the application of AI in security, Allie offers an inside look at how XDR is reshaping threat detection and response. Listen in. https://bit.ly/4fSs8zu

High-profile events are prime targets for cyber scams, with our data exposing significant spikes in domain registrations containing keywords related to these events. The 2024 Summer Olympics saw a surge in domains used for fake ticket sales and fraudulent services. We showcase specific examples, including scam data giveaways and fraudulent apps. https://bit.ly/4f5sOAw

We've observed a surge in #TechSupportScam activity, with the usual web.core[.]windows[.]net URLs & some new domains registered for these #scam sites. We saw an average of 30 daily hits in Aug 2024 rise to an average of 300 daily by November. More info at https://bit.ly/3VmYvOO

Our most recent threat assessment analyzes the attack lifecycles for Akira ransomware. Since 2023, Akira's leak site has posted victims in North America, Europe, and Australia in sectors like manufacturing, construction and professional services. This group's recent focus on virtualization hosts to affect more endpoints and circumvent security measures means organizations should take the threat seriously and prepare against it. Read our assessment now: https://bit.ly/3OzfEkP

Right now we’re thinking about feasts, gifts, and family… Cybercriminals are focused on new threats. As we approach a new year, the cyberthreat landscape is evolving faster than ever. Sam Rubin, SVP of Unit 42 Consulting and Threat Intelligence, has identified the top five threats we’ll face in 2025—are you ready to defend against them? 🔍 Increased targeting of critical infrastructure 🤖 AI-driven attacks that adapt in real time ☁️ Sophisticated breaches in multi-cloud environments 📱 Mobile malware designed to evade detection 🎯 Supply chain attacks that exploit trust in third-party vendors Discover the full breakdown from Sam and how to prepare in our blog: https://bit.ly/3ALf5B8

We unravel the technical details of a campaign from the cybercrime gang behind Silent Skimmer, in which they breached web servers to extract payment information. Included in their tactics was the exploitation of vulnerabilities in the Telerik UI framework, coupled with distinctive Python scripts — demonstrating an evolution in their operations. https://bit.ly/48IomWX

We discovered 1,000+ Christmas-themed #scam sites offering fake internet data giveaways. These pages bait victims into sharing with WhatsApp friends and lead to fake surveys, shopping sites or app store pages for potentially unwanted programs. More info at https://bit.ly/3OKJhQh

Real-world scenarios underscore the necessity of robust security measures to safeguard macOS environments from malicious lateral movement maneuvers. We walk analysts through multiple examples, including SSH key theft, where attackers can gain unauthorized access by misusing stolen or exfiltrated SSH keys. Delve into the rest now: https://bit.ly/4fZ3HR6

Ignoble Scorpius, the cybercrime actors behind BlackSuit ransomware, conduct complex supply chain attacks and have compromised at least 93 organizations — without a public-facing RaaS program. Our threat assessment offers a strategic framework for cybersecurity professionals, employing MITRE ATT&CK principles for effective action. https://bit.ly/40UROaf

Update 11/22: The threat brief now has additional details on the diversity of post-compromise payloads. Our threat brief on Operation Lunar Peek activity related to CVE-2024-0012 and CVE-2024-9474 is updated with new indicators and additions to the Current Scope of the Attack section: https://bit.ly/4fYK9MF A complete list of indicators is now available on GitHub. See comments for the link.