A new android malware strain was uncovered in May, boasting the ability to steal data from 337 applications, including passwords and credit card information. Among these apps are some of the most highly-used applications on any android phone, such as Netflix, Gmail, Amazon, Uber, and more.

The Japanese manufacturing giant revealed that it had been hit with ransomware on Monday June 8, 2020, forcing it to shut down a number of manufacturing facilities and disrupting its global operations. Honda was left with no choice but to halt operations in Japan, North America, the U.K., Turkey and Italy. Furthermore, the ransomware attack caused disruptions to the company’s customer service and financial services.

One of the key problems in threat intelligence is curating whitelists of infrastructure and domains that should never be blocked. Just recently, a government CERT distributed lists of IoCs that included private IP addresses that just are not useful for analysts and hunt teams. At best, it creates wasted time and effort. At worst, key infrastructure is blocked and there is business impact and/or loss of revenue.

Botnets are a unique type of threat. The colossal power that networks of millions of compromised computers can reach allows botnets to do a lot of damage, from generating and stealing large sums of money to deploying dangerous attacks. Last year saw a 71.5% increase in botnets as opposed to 2018, further showing that botnets are a worthwhile business for attackers, and a prevalent threat to watch out for.

These malicious networks have been around since the very end of the 90’s, rapidly evolving and becoming more advanced, year by year. Our new infographic examines the most prevalent, well-known botnets from the beginning of the century up until today, shedding light on the diverse landscape and evolution of this fascinating threat.

When people imagine threat actors tricking victims into installing malware, the first thing that comes to mind is probably email phishing or typosquatted domains. These days, digital attack vectors are so easy to deploy that physical vectors may even get a chance to fly under the radar.

In a recent campaign uncovered by Trustwave, the criminal threat group FIN7 mailed USB drives serving an unknown malware strain disguised as a free Best Buy gift card offering. The letter mailed with the USB drive states that the retail giant is sending out gift cards to its loyal customers, and the gifted credit can be used to buy products from a specific list that is found on the enclosed USB stick.

In the coming days, CrowdStrike will formally end-of-life their DNS service that many customers are using. This service takes Crowdstrike intelligence and puts it into a CrowdStrike-managed DNS resolver to protect against advanced threats that they are tracking. When this service is retired, you will no longer have protection at that layer. As an important note, there are many classes of devices that endpoint protection do not work on (medical devices, IoT, etc) but by using DNS, you can still provide a strong layer of protection.

Photo Cred: Forbes

Many companies have gone completely remote, and had to do it quickly in light of current events, but that doesn’t mean the need to secure company data has diminished. As more workers are accessing secure files and applications from home, there is an increased need for organizations to be thinking about how to secure those devices that are accessing that information. We have already seen evidence that criminals are trying to take advantage of this situation to launch attacks against companies, and employees working from home without the security protections of the company network are targets for opportunistic attacks.

With the Coronavirus death toll constantly on the rise, people are becoming more and more panicked. It seems that almost everyone these days is thirsty for any information they can get on how to avoid the deadly virus, creating a tremendous opportunity for cyber attackers to exploit these fears and steal personal information and credentials.

Most malware is often delivered from otherwise legitimate sites. Sometimes this occurs via compromising existing websites, but more often than not, it is by using existing advertising networks as a means to ultimately deliver malware. Quite simply, the attacker buys impressions via existing channels and uses a variety of malvertising tricks to either directly compromise the web browser, or at the least trick the user to installing the malware. This specialized form of malware delivery requires a specialized collection methodology to detect such attacks.

Malicious emails are one of the cyber realm’s most widespread epidemics. Over 215 billion business and consumer emails are received daily, and with such an overwhelming flow of emails arises a very attractive opportunity for threat actors to easily penetrate victims’ online activity and lure them in to giving up credentials, downloading malware and more. According to the Symantec Internet Threat Security Report, one out of 412 emails contains a malware attack.

Although it seems as though cyber awareness is somewhat increasing due to the attempt to keep up with rapid advances in attack techniques, preying on human error continues to be extremely rewarding for threat actors. In retrospect, many email attack victims are dumbfounded when they realize that the email they so willingly acted upon is quite obviously suspicious upon second look. On top of that are highly thought out, sometimes tailored malicious emails, which do not even alert relatively cyber-aware people.