You can read more about part 1 of the report here. This may be part of the new paradigm of malwareless attacks exploiting natural processes to bypass security detection tools. These Findings Only Scratch the SurfaceĮven though thousands of exploits are cataloged every year, thousands more go unreported or unnoticed. If an exploit can get past their security processes it can spread like wildfire and threaten servers and programs around the world. This is in part because of Microsoft is omnipresent in the computing world. The Most Popular Exploits Utilize Microsoft Programs Another has been in use since at least 2010 and had a brief surge in popularity in 2015. Exploits Have a Long Shelf LifeĮven while detection and response efforts have seen a steady uptick in recent years, hackers can abuse the same exploits for years after their discovery and subsequent “patch.” One of the most popular exploits, cataloged as CVE-2012-0158, has been the means of cyberattack for the past decade. Criminal organization from across the world have also participated in exploit abuse.Īccording to the results, malicious activity from actors in China have decreased whereas hacks from North Korea and Russia have increased. The most popular exploit in the world-CVE-2017-0199-has appeared in attacks originating from places as diverse as North Korea, China, Iran, and Russia. Hacking is a global threat, and AlienVault’s findings show that global truly means global. Here are some of the key findings from Part 1: Exploit Proliferation is Increasing The second part will zero in on malware of concern and trends, and the third will delve into bad third-party actors. URL.io – URL and website scanner – urlscan.Today, AlienVault releases the first part of their 2017 findings, focused on systems exploits.Joe Sandbox – Deep Malware Analysis – Joe Sandbox Cloud.Inspired by Matt Eagan’s Sentinel Ingestion article. Hybrid Analysis – Free Automated Malware Analysis Service – powered by Falcon Sandbox I am excited to announce an updated AlienVault OTX playbook for Azure Sentinel.Triage – Sandbox for High-Volume Automated Malware Analysis Add the AlienVault-OTX connector as a step in FortiSOAR playbooks and perform automated operations, such as retrieving details for an indicator, creating and retrieving details for a pulse, and running queries on the AlienVault-OTX server.Any.run – Interactive Online Malware Analysis Sandbox – ANY.RUN AlienVault OSSIM leverages the power of the AlienVault® Open Threat Exchange® (OTX) by allowing users to both contribute and receive real-time information about malicious hosts.Abuse – abuse.ch – Figthing malware and botnets (project that tracks cyber threats and botnets).URLhaus – URLhaus – Malware URL exchange (site to check URLs and see what malware is associated with them).Malbeacon – MalBeacon (site where you can check if an IP or URL is associated with C2 servers).Maltiverse – Maltiverse (can search for IPs and URLs and will indicate if it is malicious or not).Cybercrime Tracker – CyberCrime (can search for a particular URL to see if it is connected with malicious activity).ThreatCrowd – Threat Crowd | Open Source Threat Intelligence (a search engine for threats, can look up domains, IPs, Emails or Organizations).VirusTotal – VirusTotal (a site to check the reputation of URLs and IPs as well as upload files to and see if they are detected by the Anti-Virus programs remember this is a public site so any files that are uploaded can be seen by anyone). ![]() AbuseIPDB – AbuseIPDB – IP address abuse reports – Making the Internet safer, one IP at a time (gives a confidence report on if a particular IP is malicious or not and what the public has seen that IP doing such as SSH brute force).Sites to Check Indicators of Compromise (IOC) AlienVault OTX – AlienVault – Open Threat Exchange.Recorded Future – Use Recorded Future for Free | Recorded Future (this link is not a platform but is a daily free threat intelligence email).Mandiant Advantage – Threat Intelligence Platform | Threat Intelligence Tools | Mandiant.RiskIQ – RiskIQ | Digital Risk | Cyber Threat Intelligence | Incident Response. ![]() All of these platforms you will have to register for, but are worth it. They are still great to be able to look up IOCs (indicators of compromise) on threat actors. All threat of these platforms are free, but not all of the functions are available for the free versions.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |