May 30 Webinar | SOC Talk: Automating Threat Response
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
May 30, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
“New year, clean slate” may be the resolution for many people eager to leave 2023 behind. But it’s not so simple for cybersecurity defenders as we enter 2024; last year left a lingering impact from several disruptive cyber-threat events. Optimism isn’t a bad approach, but renewed vigilance is a better one.
Let’s review the leftovers we’ll continue to observe in 2024 (they’re not all bad!): novel ransomware extortion techniques, the use of artificial intelligence (AI) to automate attacks, and disruptions of major cybercriminal marketplaces and malware networks. What can we do better to address these in the context of a new year?
From a law-enforcement perspective, 2023 was a bountiful year. In the first half, law-enforcement agencies took down several established and well-known English-language cybercriminal platforms, including Genesis Market and BreachForums. The operations drove many English-speaking users to Russian-language forums, such as XSS.
New forums—Exposed, KKKSec, PwnedForums—quickly mushroomed to fill the gap. But instead, many cybercriminals came to see these platforms as either operationally negligent or honeypots (sites set up to entrap users who intend to engage in illicit behavior). Even Exposed—purportedly a new BreachForums, launched in June 2023—prompted one user of a Russian-language forum to say they were “highly confident” that the site was an FBI honeypot.
Authorities also dismantled the “Hive” and “ALPHV” (aka BlackCat) ransomware groups, seizing control of their servers and websites, and issuing a decryption tool for 500-plus organizations compromised by ALPHV to recover their systems and files. The Hive operation seemingly spelled the group’s demise: They haven’t been seen since. But ALPHV has shown resilience, naming several newly compromised entities on a new data leak site.
To round it off, the FBI also led a multinational operation that successfully disabled the “QakBot” (aka QBot) malware loader. Prior to the takedown, ReliaQuest had identified QakBot as the most used malware loader, accounting for more than one third of all such activity.
In the murky world of the dark web, trust has proven the hardest commodity to acquire. The takedowns of 2023 were highly effective in disrupting cybercriminal transactions and dialogue, and the deep reluctance to adopt new platforms will probably stick.
On the flip side, new threat actors will flock to established forums, such as XSS and Exploit. This will potentially create an even more concentrated pool of discussions about malicious cyber activity, and could foster closer collaborations.
Ransomware attacks continued to wreak the most financial and reputational damage throughout 2023; but it was the “Clop” ransomware group’s MOVEit campaign that caught the public eye, for its scale and extortion method. By exploiting a zero-day vulnerability (CVE-2023-34362) in the MOVEit managed file transfer software, more than 2,600 organizations were reportedly affected. ReliaQuest provided real-time updates on the campaign while it unfolded.
Likely because such a large number of organizations were breached, Clop told affected entities they would need to confirm their compromise and initiate negotiations for ransom—while they sat back and awaited the rewards. This move garnered significant publicity, bolstered Clop’s notoriety, and probably put them in a better place to collect payments in future activity.
ALPHV also took extortion to the “nth” degree by having the audacity to file a US Securities and Exchange Commission (SEC) complaint against one of the organizations named on its data-leak site (i.e., an entity it had compromised). ALPHV pointed out to the SEC that the breached company hadn’t complied with new cyber-attack disclosure regulations This hallmark event marked the first public confirmation of a ransomware group reporting an organization to the SEC to pressure them into making payment.
These and other bold tactics (see our deep dive covering 2023 ransomware and extortion trends) showcase the continuing innovation at play in the ransomware scene. There’s only one aim: squeezing payments out of compromised organizations. And, as companies become more vocal in their refusals to pay ransoms (in some countries, they’re legally forbidden to do so), ransomware groups will resort to even more extreme and unusual ways to extort money. In 2024, we’ll undoubtedly see other inventive methods.
In 2023, the chatter about using AI to speed up cyber attacks grew much louder. Threat actors increasingly referred to the generative AI bot ChatGPT on dark-web forums, expressing interest in bypassing its security controls.
Where there’s demand, there’s supply. Perpetrators started offering proofs of concept (PoC) to bypass ChatGPT’s filters: “WormGPT” and “FraudGPT,” which are allegedly both ChatGPT black-hat (malicious tools used to gain unauthorized access to computer networks and systems) equivalents Their prices are relatively affordable—around $1,000 a year gets you a subscription. They promise highly enticing possibilities: develop malware, create hacking tools, produce grammatically impeccable emails to conduct business email compromise (BEC), and more.
Security researchers are going head-to-head with cybercriminals, trying to stay ahead of the game by anticipating how AI can progress the nature of cyber attacks. In March 2023, researchers released a PoC, named Black Mamba, which demonstrated how AI can be used to generate polymorphic malware. That’s a type of malware that can repeatedly cause mutation of its appearance or signature files, via new decryption routines.
Black Mamba exploits a large language model to synthesize polymorphic keylogging functions. It dynamically alters code at runtime, without connecting to a command-and-control server to deliver or verify the keylogger. Although it’s still in early development stages, Black Mamba demonstrates how LLMs can be abused to combine common malicious actions in unusual ways. The desired end result for threat actors would be better evasion from detection from security systems trained to recognize certain behavioral patterns.
Whether or not these tools can deliver all they promise remains uncertain. What’s undisputable is that AI will increasingly grease the wheels for highly efficient and targeted cyber attacks in 2024. We’ll see more instances of AI powering flawless phishing campaigns (see our insights on detecting phishing and BEC here). Also, look for it to act as a coding assistant to malware developers, scan for vulnerabilities at speed, and devise crafty defense-evasion techniques based on lessons learned in previous intrusions.
Just as threat actors are looking to capitalize on lessons from past attacks, we’re ingesting new data all the time and refining our insights to ensure security teams are always pointed in the right direction. As 2024 unfolds, are you looking to accelerate proactive security operations? Achieving this in months, instead of years, is possible with ReliaQuest GreyMatter. Request a demo.
Get a live demo of our security operations platform, GreyMatter, and learn how you can improve visibility, reduce complexity, and manage risk in your organization.