Red Canary's 2025 Threat Detection Report is live! A ton of work went into this report and it's awesome to be able to share it with y'all. If you're curious about our top 10 threats for the year, trends we've seen, or what our color + bird threats are, answers are here!

https://redcanary.com/threat-detection-report/

I haven't shared our monthly insight here in awhile, so here it is! Red Canary's intel insight for July.

https://redcanary.com/blog/intelligence-insights-july-2023/

We saw #YellowCockatoo (aka #SolarMarker ) reappear in a big way. We also had an interesting wave of #Stealc activity, plus a phishing campaign delivering #3losh that then dropped #AsyncRAT

All y'all know phishing season is year round, and financial/business themed phishes are always popular. Tax season makes them even more popular (if that's possible) and more likely to be effective.

Here at RC we've seen #GuLoader dropping #Remcos using tax-themed phishing emails, so we put out a mid-month insight on it & included some spiffy guidance on how to protect against malicious script execution for any threat, not just GuLoader

https://redcanary.com/blog/tax-season-phishing/

Proofpoint had a nice birdsite thread on this last week as well, here's a link to their observations

https://twitter.com/threatinsight/status/1629150189310058497?s=20

Our monthly Intelligence Insight for February is out!

Last month we saw a pretty notable increase in #SocGholish activity, #IcedID hit the top 10 for the first time in awhile, and of course all the OneNote shenanigans started in January too.

https://redcanary.com/blog/intelligence-insights-february-2023/

Our monthly Intelligence Insight for January is out!

https://redcanary.com/blog/intelligence-insights-january-2023/

We saw a ton of testing at the end of the year which we think boosted Mimikatz & BloodHound pretty high on our trending threats list.

We observed increased #ProxyNotShell exploitation of Exchange servers at the end of the year & have shared some thoughts on that as well!

Really great article from the Sekoia.io team just dropped, looking at the infostealer activity that's been crazy-busy lately.

https://blog.sekoia.io/unveiling-of-a-large-resilient-infrastructure-distributing-information-stealers/

The Red Canary intel team just saw some of this activity earlier in the week. Our sample was Themida-packed #Raccoon V2, but Sekoia also reports #Vidar distributed this way which surprises me none.

Anyway, really good and very timely article, well worth your time. There were a couple hundred of these samples uploaded to VT over the holidays, and those were just the ones I ran across without looking super hard. There's a ton of this out there right now.

Our monthly Intelligence Insight for December is out!

Highlighted topics this month are #YellowCockatoo (aka #Solarmarker aka #JupyterInfostealer), and recent changes to #Gootloader TTPs.

https://redcanary.com/blog/intelligence-insights-december-2022/

I wanted to share this with y'all because it's *such* a fun example of how you can leverage data from a wealth of different sources to learn an incredible amount about people & their behavior.

Also, the analysts & their creative team took something incredibly numbers-heavy & made it bright, interesting and accessible.

Today I share with you Duolingo's 2022 Language Report!

https://blog.duolingo.com/2022-duolingo-language-report/

My friends, it's my favorite time of the year. This holiday season I'm giving away a golden ticket that grants free entry into ALL my training courses along with many other fabulous prizes.

All the prize and entry details are here: https://ruraltechfund.org/goldenticket/

Good luck and thanks for the support!

#DFIR #Training

Our monthly Intelligence Insight for November just came out yesterday! #Qbot (aka #Qakbot ) & stealers are the hot topics this month.

https://redcanary.com/blog/intelligence-insights-november-2022/

Working on shifting here from birdsite like so many of us are. I’ll start posting more here soon!