Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Cybercriminals Misuse Cloudflare Tunnels for RAT Distribution
Threat actors are leveraging Cloudflare's free tunneling service to distribute remote access trojans (RATs) like AsyncRAT, Xworm, and others. Since February 2024, campaigns have escalated, targeting sectors like finance, technology, and manufacturing. Organizations must enhance monitoring and restrict unverified scripts to counter this sophisticated malware delivery method.
BlackSuit Ransomware Continues Rampage, Linked to Royal's Legacy
BlackSuit ransomware, an evolved form of the infamous Royal ransomware, is wreaking havoc globally. With ransom demands reaching $60 million, it utilizes advanced attack strategies, including phishing and RDP exploits. Organizations must bolster defenses against this threat by securing access points, patching vulnerabilities, and maintaining secure backups.
U.S. Election Authorities Brace for Cyber Attacks Amid Voting Season
FBI and CISA alert about potential DDoS attacks on U.S. election infrastructure. These attacks aim to disrupt access to voter information but do not impact voting integrity. Authorities emphasize using official sources and have measures to mitigate disruptions, ensuring a secure voting process.
UNC4393 Fuels Black Basta's Ransomware Operations
UNC4393 significantly impacts Black Basta ransomware operations, using Qakbot and Darkgate malware for initial access. Known for rapid execution and extensive reach, they deploy multiple malware tools and partner with other threat clusters. Mandiant emphasizes enhanced security measures to mitigate these sophisticated attacks.
Storm-0506 and Other Threat Actors Leverage ESXi Flaw for Ransomware Deployment
Storm-0506 and other threat actors exploit a VMware ESXi vulnerability, gaining full administrative access and deploying ransomware like Black Basta. Microsoft and CISA highlight the critical nature of this flaw and recommend applying security updates and enforcing strong authentication measures to mitigate risks.
Unsecured Selenium Grid Services Become Hotspots for Cryptomining
"SeleniumGreed," a cryptomining campaign, exploits vulnerable Selenium Grid services lacking built-in security. Threat actors use the Selenium WebDriver API to execute reverse shell commands and install cryptomining software. Wiz Research highlights the need for securing exposed instances and implementing robust network security controls.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
-min.png)
The World's Best SOC Teams Use Anvilogic
.svg)
