Anvilogic Forge Threat Research Reports

Here you can find an accumulation of trending threats published weekly by the Anvilogic team.

All Threat Reports

Levels

All
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
This is some text inside of a div block.
03
-
13
-
2024
Level:
Tactical
|
Source:

Increasing Docker Exploitation for Cryptomining

Cado Security researchers have disclosed a campaign exploiting misconfigured servers, including Docker and Apache Hadoop YARN, for cryptomining. The operation involves Docker container escapes and Linux host intrusions, using Golang payloads and bash scripts for automated vulnerability exploitation. The report highlights parallels with previous cloud-targeting campaigns and outlines anti-forensics measures and attack techniques used to maintain stealth and persistence.

Global
This is some text inside of a div block.
03
-
13
-
2024
Level:
Tactical
|
Source:

Recommendations for Countering Against Phobos Ransomware

The Cybersecurity and Infrastructure Security Agency (CISA), FBI, and MS-ISAC have released recommendations to combat Phobos ransomware, targeting critical sectors since May 2019. Phobos, a ransomware-as-a-service (RaaS) operation, exploits vulnerabilities in Remote Desktop Protocol (RDP) services and conducts sophisticated phishing campaigns. It employs tools like Smokeloader, Cobalt Strike, and Bloodhound for attacks. Recommendations include monitoring for initial access attempts, especially via phishing and vulnerable RDP ports, and detecting known executables associated with Phobos to mitigate threats.

Critical Infrastructure
Education
Emergency Response
Healthcare
Government
This is some text inside of a div block.
03
-
13
-
2024
Level:
Tactical
|
Source:

Trend Micro’s Investigation Reveals Earth Kapre’s Evasive Cyber Espionage Techniques

Trend Micro's investigation into Earth Kapre, also known as RedCurl and Red Wolf, uncovers a cyber espionage campaign targeting various countries. Utilizing phishing emails with malicious .iso and .img attachments, the group leverages native Windows tools and complex obfuscation techniques for data theft and maintaining presence within compromised systems. Notable tactics include PowerShell for initiating attacks, the use of "curl.exe" for malicious downloads, and exploiting the Program Compatibility Assistant for indirect command execution. Detection engineers are advised to monitor for specific indicators of Earth Kapre's activity, such as unusual PowerShell and "rundll32" usage, to mitigate these sophisticated threats.

Global
This is some text inside of a div block.
03
-
13
-
2024
Level:
Strategic
|
Source:

FBI Reports $12.5 Billion Lost to Fraud in 2023 as Cybercrime Reaches New Heights

The FBI's 2023 Internet Crime Report highlights a sharp increase in cybercrime, with $12.5 billion in losses reported by Americans, marking a 22% increase from the previous year. Investment fraud, especially in cryptocurrency, and phishing were the most prominent, with investment fraud losses soaring to $4.57 billion. The demographic most affected spans from individuals aged 30 to 49. Phishing complaints dominated cybercrime categories, significantly surpassing other types like personal data breaches and extortion. Business Email Compromise (BEC) scams and ransomware attacks were notably costly, with BEC scams alone causing $2.9 billion in losses.

Global
This is some text inside of a div block.
03
-
07
-
2024
Level:
Tactical
|
Source:

Government Agencies Warn of ALPHV's Aggression Against Healthcare Organizations

The FBI, CISA, and HHS have issued a joint cybersecurity advisory warning of increased ALPHV/Blackcat ransomware attacks on the healthcare sector. Despite actions against the gang in December 2023, their activity persists with enhanced tactics. The advisory highlights the use of sophisticated tools and techniques, emphasizing the healthcare industry's need for heightened security measures and vigilance.

Healthcare
This is some text inside of a div block.
03
-
07
-
2024
Level:
Tactical
|
Source:

More Ransomware Gangs Pounce on ScreenConnect Vulnerabilities

Trend Micro reports escalating ransomware attacks by Black Basta and Bl00dy gangs exploiting ScreenConnect vulnerabilities, CVE-2024-1708 and CVE-2024-1709, in versions 23.9.7 and earlier. The vulnerabilities, leading to ransomware deployment and data theft, are a critical security risk requiring immediate action. Attackers utilize sophisticated techniques, including path traversal and authentication bypass, to conduct reconnaissance, escalate privileges, and deploy malicious payloads such as Cobalt Strike beacons. These findings underscore the importance of updating and securing network environments against these emerging threats.

Global

We curate threat intelligence to provide situational awareness and actionable insights

Threat Identifier Detections

Atomic detections that serve as the foundation of our detection framework.

Threat Scenario Detections

Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.

Reports Hot Off the Forge

Threat News Reports
Trending Threat Reports
ResearchArticles

Intelligence Levels for Threat Reports

Tactical

Detectable threat behaviors for response with threat scenarios or threat identifiers.

Strategic

General information security news, for awareness.

The World's Best SOC Teams Use Anvilogic

Paypal Logo
Rubrik Logo
Deloitte Logo
Ebay Logo
Regeneron Logo
SurveyMonkey Logo
TradeWeb Logo
Alteryx Logo
First Citizens Bank Logo
Sigma Logo
Crypto.com Logo
CSC Logo
Rakuten Mobile Logo
St. George's University Logo
Paypal Logo
Rubrik Logo
Deloitte Logo
Ebay Logo
Regeneron Logo
SurveyMonkey Logo
TradeWeb Logo
Alteryx Logo
First Citizens Bank Logo
TJX Logo
Sigma Logo
Crypto.com Logo
CSC Logo
Rakuten Mobile Logo
St. George's University Logo
Paypal Logo
Rubrik Logo
Deloitte Logo
Ebay Logo
Regeneron Logo
SurveyMonkey Logo
TradeWeb Logo
Alteryx Logo
First Citizens Bank Logo
TJX Logo
Sigma Logo
Crypto.com Logo
CSC Logo
Rakuten Mobile Logo
St. George's University Logo

Break Free from SIEM Lock-in

Break Free from SIEM Lock-in