High confidence threat activity related to initial access detected targeting the USA 🇺🇸. Details on specific sectors or victims remain unknown. #ThreatIntel #CyberSecurity #InitialAccess

High-confidence initial access activity detected targeting a business and computer science college in India 🇮🇳. This highlights ongoing threats to education institutions in the region. #CyberThreats #EducationSecurity #InitialAccess

High confidence detection indicates a recent #InitialAccess attempt targeting Turkey 🇹🇷. Sector and victim details remain unknown. Stay vigilant. #ThreatIntel #CyberSecurity #Turkey

A user of DarkForums is selling an initial access to a Finnish video gaming company.

Access Type: SMB
OS: Windows
Revenue: 27.5 Million $
Price: 1,1k (XMR)

#Finland #InitialAccess #InitialAccessBroker #DarkForums

A defender’s guide to initial access techniques: https://redcanary.com/blog/threat-detection/initial-access-techniques/

#initialaccess #threatdetection

Angreifer greifen immer häufiger zum Hörer statt zur Tastatur. In unserem Webinar zeigen wir, warum Vishing (Voice-Phishing) in der Initial-Access-Phase so erfolgreich ist und wie wir diesen Trend in unseren Red-Team-Exercises nutzen.

Mit dabei:
✅ Live-Einblicke in reale Angriffsszenarien
✅ Technische Infrastruktur hinter den Kulissen
✅ Psychologische Tricks für maximale Wirkung
✅ Effektive Schutzmaßnahmen (technisch & organisatorisch)

Melde dich jetzt an und lerne, wie du dich und dein Unternehmen vor dieser wachsenden Bedrohung schützen kannst!

🎤 Sprecher: Hagen Molzer, Leitender Berater bei cirosec und Projektleiter unseres Red-Team-Assessments.

👉 https://cirosec.de/news/vishing_phishing-initial-access/

#Vishing #RedTeam #SocialEngineering #CyberSecurity #Webinar #Phishing #InitialAccess #cirosec #Awareness

#China’s ‘#SaltTyphoon’ Hackers Exploit #CiscoRouters for #InitialAccess in Telecom #Espionage—Researchers warn the group is targeting global #TelecomNetworks to spy on data and communications.

🔗 https://www.wired.com/story/chinas-salt-typhoon-spies-are-still-hacking-telecoms-now-by-exploiting-cisco-routers

Ransomware Groups Abuse Microsoft Services for Initial Access
https://www.securityweek.com/ransomware-groups-abuse-microsoft-services-for-initial-access/

#Infosec #Security #Cybersecurity #CeptBiro #RansomwareGroups #MicrosoftServices #InitialAccess

Initial access for Microsoft Teams

https://pushsecurity.com/blog/phishing-microsoft-teams-for-initial-access/

#redteaming #InitialAccess #cybersecurity #teams

Threat Hunting: Foothold - I have just completed this room @RealTryHackMe! Check it out:

💙Understanding the attacker's mindset in achieving initial access.
💙Correlating succeeding actions executed by an attacker after obtaining a foothold.
💙Differentiating suspicious host and network events from benign ones.
💙Getting acquainted with the MITRE Tactics involved once an attacker gets inside the target organisation.

https://tryhackme.com/room/threathuntingfoothold #tryhackme #threathunting #elk #initialaccess

Red Team Recon - I just finished this room, played around with #reconng and learned a bit about #maltego

#tryhackme #redteaming #initialaccess

https://tryhackme.com/room/redteamrecon

Spear-phishing. Drive-By Compromise. External Remote Services. These are all techniques commonly leveraged by cybercriminals that appear as routine processes and harmless files or weblinks to the untrained eye. In a new blog, @corelight shares how network evidence—derived from Zeek® data and integrated with @crowdstrike Falcon LogScale—can help security teams detect these techniques, as well as others within the “Initial Access” pillar of the @mitreattack framework. https://corelight.com/blog/confronting-initial-access-techniques

This blog is the first in a new series where we’ll share tips on how Falcon LogScale users can detect some of the most common adversary techniques described in the MITRE framework using Corelight network evidence. For a full rundown on our complete list, download Corelight’s new Threat Hunting Guide for CrowdStrike Falcon LogScale users at: https://go.corelight.com/threat-hunting-guide-for-crowdstrike-falcon-logscale

#ThreatHunting #InitialAccess #MITRE #CrowdStrike #NDR

The Lay of the Land - I have just completed this room! Check it out: https://tryhackme.com/room/thelayoftheland
#tryhackme #ActiveDirectory #InitialAccess #Network-basedSecuritySolutions #Host-basedSecuritySolutions #thelayoftheland via @RealTryHackMe

R to @enisa_eu: Once the needed resources are ready, #exploitation of #EntryPoints begins to gain a first foothold within the target.

Third phase of #SocialEngineering: #InitialAccess. Learn how to face it!🛑

🔗https://europa.eu/!rKMC9w #FuelForCyber #CyberSecMonth

🐦🔗: https://nitter.cz/enisa_eu/status/1714568171489771693#m

[2023-10-18 09:04 UTC]

Weaponization - I have just completed this room! Check it out: https://tryhackme.com/room/weaponization
#tryhackme #RedTeam #Scripting #WSH #HTA #VBA #PS #C2 #InitialAccess #PayloadDeliveryTechniques #powercat #PowerShell #weaponization via @RealTryHackMe

#SIMswapping is still a very real thing. Now, it's being used to bypass defense and detection methods within #Azure to gain full #administrative access for #Windows #VirtualMachines. This is pretty advanced, but it's still a big danger. #UNC3944 https://www.scmagazine.com/news/cloud-security/threat-actor-bypasses-detection-protections-in-microsoft-azure-serial-console?external_id=HBwZ-n4B490LDY0Z-dKj&external_id_source=mrkto&mkt_tok=MTg4LVVOWi02NjAAAAGLzUgAlV_uPRm28W067Sf5RayoZQN17Xrk53YEG17z3Gl_7qKsu2bjdUUW2CRUpserJQgXmMB46ieb_G5KrSlLHQGWs_K0TtXaXsrlmIPgkg

#Hacking #ThreatIntelligence #InitialAccess #LateralMovement #Persistence #Cloud #CloudAttackSurface

Introducing the newest major @tidalcyber TTP intelligence content roundup, the Initial Access & Malware Delivery Landscape matrix, now live in our free Community Edition platform: https://app.tidalcyber.com/share/43836024-a194-4ac7-9659-b51e88632e7f

The matrix covers 25 major & emerging #malware typically used to gain early footholds in victim environments, often leading to ingress of more impactful threats, especially #ransomware, #infostealers, cryptominers, & more. It includes many recognizable names (#QakBot, #IcedID, #Emotet, #Bumblebee, #Gootloader) plus several newer and less-discussed threats

The matrix includes 13 custom Technique Sets for threats not currently tracked in the #mitreattack knowledge base. All technique references derive from a large volume of recent, public #threat reporting (click the labels in the ribbon at the top of the matrix to view relevant source URLs for each threat)

An interactive link analysis visualization of connections among these threats, also derived from public reports, is also available here: https://onodo.org/visualizations/235067/

Community Edition matrices support easy identification of shared (and outlier) techniques among multiple threats, and quick & easy overlay or pivoting to defensive & offensive security capabilities relevant to your own #security stack. We’ll have a blog out soon reviewing our analysis of top & trending techniques common among these initial access threats

Tidal’s #Adversary Intelligence team remains focused on providing up-to-date #TTPintelligence, especially around traditionally under-represented yet widely relevant threats like crimeware. Other popular matrices in this theme include our Ransomware & Data Extortion Landscape matrix (https://app.tidalcyber.com/share/9a0fd4e6-1daf-4f98-a91d-b73003eb2d6a) and Major & Emerging Infostealers matrix (https://app.tidalcyber.com/share/ec62f5e0-bd40-476b-a560-7ad2779ea9e3), which each cover 20+ threats

Financially motivated adversaries often display a rapid pace of #TTP evolution, and this is especially apparent for #initialaccess threats. Register for our webinar on May 31 dedicated to TTP evolution, its drivers, and discussion around what defenders can do to address it and its implications: https://hubs.la/Q01NC23k0

#SharedWithTidal #threatinformeddefense #malware #infostealer #cryptominer #IAB #blueteam #detectionengineering #purpleteam #cyber

The latest Technique Set added to Tidal’s free Community Edition summarizes the TTPs observed in recent #SocGholish campaigns according to public threat reporting https://app.tidalcyber.com/share/4b901fc2-d021-4eff-bd53-0c9fa0259ecf

SocGholish is a highly active, JavaScript-based loader #malware used to deliver a wide variety of impactful threats (summarized in the original visual attached here). Many #ransomware families, the #CobaltStrike post-exploit framework, other remote access trojans (#RAT) and loaders, and tools for #ActiveDirectory enumeration, #detection evasion, and #credential theft have been linked to recent SocGholish campaigns

SocGholish appears on multiple security and #CTI vendors' top priority threat lists. Active since 2017, SentinelLabs researchers observed a 330%+ increase in SocGholish malware-staging servers between the first and second halves of 2022, and Sucuri researchers detected more than 25,000 websites newly compromised by the malware's operators through July 2022 alone. Initial infections predominantly come via file downloads from sites hosting fake web browser updates, although operators use some non-traditional email delivery techniques to drive compromised content towards potential victims. Like many of today's top #initialaccess threats, SocGholish victimology involves a wide range of industries

Consider layering the new set with other recent Community Edition content from @tidalcyber's Adversary Intelligence team, including our recent #Gootloader set (https://app.tidalcyber.com/share/796cacb6-3bb1-474b-9747-abcce2c47de2) or the set of techniques most recently associated with the ever-evolving #QakBot #trojan (https://app.tidalcyber.com/share/aef0f0c6-5212-4abf-9a24-3c81f518c59f), into one view to compare & contrast initial access techniques (https://app.tidalcyber.com/share/adb9581e-3318-4bc7-8d23-145891bf1ca4). Then take it a step further by layering mappings from your own defensive stack with the list of capabilities available in the Product Registry (https://app.tidalcyber.com/vendors). And stay tuned for our soon-to-be published overview matrix on the broad initial access/malware delivery ecosystem in today’s threat landscape, featuring more threats like the ones seen here

#threatinformeddefense #SharedWithTidal

#Gootloader is a highly active banking Trojan-turned-loader #malware that has recently appeared on multiple vendors’ priority threat lists, attacking organizations in a wide range of verticals & countries. If your leadership or other stakeholders asked for a list of this threat's most common TTPs, would you be able to provide it quickly?

Now you can, with the Gootloader #TTP matrix available in Tidal’s free Community Edition: https://app.tidalcyber.com/share/796cacb6-3bb1-474b-9747-abcce2c47de2

Gootloader, also referred to by its related payload, #Gootkit, first emerged in 2014 but has been especially active since 2020. Despite this, technical reporting around its TTPs has been relatively light until even more recently. In the past two years alone, verticals including finance, #healthcare, defense, pharmaceutical, energy, & automotive have faced Gootloader campaigns, with victims across North America, Western Europe, & South Korea, and the malware is regularly used to deliver high-impact payloads, including Cobalt Strike, #IcedID (a common #ransomware precursor), & more. Industry-based #threat profiling can be a powerful tool, but even if your industry (or your corner of it) hasn’t yet directly observed Gootloader activity, we believe broad-based threats like this should be on most teams’ radars

Our matrix summarizes Gootloader TTPs detailed across several great recent technical reports. Reports from SentinelLabs, Cybereason, & The DFIR Report were helpfully pre-mapped to #mitreattack, and we mapped a couple other detailed analyses. Procedural details are even available for nearly all the included technique mappings – be sure to click the Technique Set’s label in the ribbon at the top of the screen to pivot into the Details page with this information & relevant source links throughout

Red Canary & The DFIR Report helpfully provided tool-agnostic suggested #detection logic for key behaviors observed during recent Gootloader campaigns here https://redcanary.com/blog/gootloader/ and here https://thedfirreport.com/2022/05/09/seo-poisoning-a-gootloader-story/. Take a wider view by layering entire segments of your defensive stack over the #CTI back in the Community Edition, by toggling on any of the mappings available in @tidalcyber's Product Registry https://app.tidalcyber.com/vendors

#SharedWithTidal #threatinformeddefense #CobaltStrike #initialaccess #blueteam

How attackers evade endpoint defenses and install and execute "rigged" remote management software without having admin privileges

https://www.helpnetsecurity.com/2023/01/26/attackers-remote-management-software/

#Cybersecurity #InitialAccess #Cybercrime