Blog - Cyber Security Informer

Mitigating Lateral Movement with Zero Trust Access

Cisco Security

MARCH 5, 2024

To understand how SSE solutions protect organizations and their… Read more on Cisco Blogs Stop lateral movement in its track with zero trust access. Security service edge (SSE) technology was created to protect remote and branch users with a unified, cloud-delivered security stack.

Technology

Technology Cyber Attacks VPN

What Is Lateral Movement? Lateral Movement Explained

Heimadal Security

OCTOBER 6, 2021

Network Lateral Movement or lateral movement in cybersecurity refers to a technique used by hackers to progressively move from a compromised entry point to the rest of the network as they search for sensitive data or other high-value assets to exfiltrate. The post What Is Lateral Movement?

Malware

Malware Cybersecurity

Black Basta ransomware operators leverage QBot for lateral movements

Security Affairs

JUNE 7, 2022

NCC Group researchers discovered the new partnership while investigating a recent incident, unlike past collaborations Black Basta gang is using QBot to spread laterally throughout the target network. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”) To nominate, please visit:?

Ransomware

Ransomware Backups Malware Firewall

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Exploiting Kerberos for Lateral Movement and Privilege Escalation

NopSec

MAY 17, 2022

Due to the ubiquitous nature of NTLM across Windows domains, it is a common target for lateral movement. This blog post is going to analyze methods through which Kerberos can be exploited in a capacity similar to NTLM to minimize the risk of detection and augment existing methods of lateral movement.

Authentication

Authentication Passwords Accountability Encryption

McAfee Defender’s Blog: Operation Harvest

McAfee

SEPTEMBER 14, 2021

In the blog, they detail the MITRE Tactics and Techniques the actors used in the attack. In this blog, our Pre-Sales network defenders describe how you can defend against a campaign like Operation Harvest with McAfee Enterprise’s MVISION Security Platform and security architecture best practices.

Architecture

Architecture DNS Cyber Attacks Phishing

Top 5 Evaluation Criteria For Choosing The Right ITDR Tool

Security Boulevard

MAY 29, 2024

The need to overcome malicious TTPs, such as credential access, privilege escalation and lateral movement, has never been more urgent. Identity is now a top priority for security decision makers.

Ransomware

Ransomware Threat Detection

GUEST ESSAY: Here’s why castle-wall defenses utterly fail at stopping deceptive adversaries

The Last Watchdog

OCTOBER 25, 2021

Traditional network security solutions, such as firewalls, are not effective at detecting and stopping lateral attack movement – and that’s where the real damage is done. As you can see, when it comes to ransomware and other sophisticated threats, stopping lateral movement is the name of the game.

Energy and Utilities

Energy and Utilities Cyber Attacks Mobile CISO

Password Spraying: Definition, How It Works, and How to Stop It

Heimadal Security

DECEMBER 23, 2022

Once an account is compromised, the cybercriminal can exfiltrate sensitive data from your company, engage in lateral movement or even blackmail you. The post Password Spraying: Definition, How It Works, and How to Stop It appeared first on Heimdal Security Blog. And the consequences of such an incident can range from […].

Passwords

Passwords Accountability

Microsoft: BlackCat Ransomware Group Targets Vulnerable Microsoft Exchange Servers

Heimadal Security

JUNE 17, 2022

After gaining access, the threat actors quickly began collecting data about the infected systems, followed by credential theft and lateral movement activities, intellectual property gathering, and delivering the ransomware payload. As stated by the Microsoft […].

Ransomware

Ransomware Cybersecurity

Microsoft Exchange Zero-Day Vulnerabilities Discovered

Heimadal Security

OCTOBER 1, 2022

Security experts warn that the flaws are exploited by threat actors to perform remote code execution on affected systems and could be used to gain an entry into the victim’s systems, dropping webshells and executing lateral movements across the network. Details about the […].

Cybersecurity

The Identity Underground Report: Deep insight into the most critical identity security gaps

Security Boulevard

MARCH 26, 2024

This data, gathered and analyzed from hundreds of production environments, discloses the key security gaps – or Identity Threat Exposures (ITEs) – that adversaries exploit to launch identity threats such as credential access, privilege escalation and lateral movement.

China-linked Moshen Dragon abuses security software to sideload malware

Security Affairs

MAY 3, 2022

. “The way the payloads were deployed, as well as other actions within target networks, suggest the threat actor uses IMPACKET for lateral movement. SentinelOne detailed lateral movements, credential harvesting, and data exfiltration. ” concludes the report.”Once ” concludes the report.”Once

Software

Software Malware Telecommunications Antivirus

How Cisco Duo Helps Mitigate Common MITRE ATT&CK® Techniques

Duo's Security Blog

JULY 27, 2023

In this blog, we’ll shed light on exactly how Cisco Duo helps counter and defend against common attack techniques chronicled in MITRE ATT&CK. Lateral Movement Techniques Duo can limit the effectiveness of lateral movement techniques like pass-the-hash and pass-the-ticket. What is MITRE ATT&CK?

Authentication

Authentication Passwords Accountability Firewall

Announcing Duo’s Vision to Streamline Authentication & Enhance User Experience

Duo's Security Blog

JUNE 8, 2023

They often share goals of expanding the MFA coverage in their environment and improving their policies to further prevent initial access and lateral movement. See the video at the blog post. They’ve seen it drive down incidents and help desk tickets, reduce their risks, and make compliance programs a lot easier.

Authentication

Authentication VPN System Administration Engineering

Ransomware Distribution: How One Infection Can Go Network-Wide

Heimadal Security

JUNE 16, 2022

In this article, we are going to take a closer look at what it’s called” lateral movement”, which […]. The post Ransomware Distribution: How One Infection Can Go Network-Wide appeared first on Heimdal Security Blog.

Ransomware

Ransomware Malware

Colonial Pipeline, Darkside and Models

Adam Shostack

MAY 15, 2021

Blog posts from Sophos and Mandiant seem really useful! Move Laterally. Lateral Movement. For move laterally, Mandiant lists: Beacon, RDP, plink, F-Secure C3, while Sophos lists PSExec, RDP, SSH. The Colonial Pipeline shutdown story is interesting in all sorts of ways, and I can’t delve into all of it.

Phishing

Phishing Engineering Passwords

Microsoft aims at stopping cybercriminals from using cracked copies of Cobalt Strike

Security Affairs

APRIL 7, 2023

The Beacon includes a wealth of functionality for the attacker, including, but not limited to command execution, key logging, file transfer, SOCKS proxying, privilege escalation, mimikatz, port scanning and lateral movement.

Penetration Testing

Penetration Testing Ransomware Malware Hacking

Iran-linked Mint Sandstorm APT targeted US critical infrastructure

Security Affairs

APRIL 19, 2023

In case the victim meet the targeting requirements the group adopted two possible attack chains: Attack chain 1: The group uses Impacket for lateral movement and relies extensively on PowerShell scripts (rather than custom implants) to enumerate admin accounts and enable RDP connections.

Energy and Utilities

Energy and Utilities Accountability Education Media

A “By-Design” flaw in Microsoft Azure can allow storage accounts takeover

Security Affairs

APRIL 11, 2023

A flaw in Microsoft Azure could be exploited by attackers to gain access to storage accounts, perform lateral movements, and even execute remote code. ” reads the advisory published by the security firm. Azure storage accounts can host different data objects, such as blobs and file shares. .”

Accountability

Accountability Education Media Authentication

Raindrop, a fourth malware employed in SolarWinds attacks

Security Affairs

JANUARY 19, 2021

The threat actors behind the SolarWinds attack used malware dubbed Raindrop for lateral movement and deploying additional payloads. Security experts from Symantec revealed that threat actors behind the SolarWinds supply chain attack leveraged a malware named Raindrop for lateral movement and deploying additional payloads.

Malware

Malware Engineering Encryption Hacking

Crooks use PaperCut exploits to deliver Cl0p and LockBit ransomware

Security Affairs

APRIL 27, 2023

Then Lace Tempest dropped a Cobalt Strike Beacon implant, gathered additional information on the target environment, and used WMI for lateral movement. The group used the file-sharing app MegaSync for data exfiltration.

Ransomware

Ransomware Education Media Malware

Multiple malware used in attacks exploiting Ivanti VPN flaws

Security Affairs

FEBRUARY 1, 2024

The tools were used to perform internal network reconnaissance, lateral movement, and data exfiltration within a restricted number of victim environments. As noted in our previous blog post, UNC5221 has largely leveraged TTPs associated with zero-day exploitation of edge infrastructure by suspected PRC nexus actors.”

VPN

VPN Malware Authentication Hacking

Performance, Diagnostics, and WMI

Security Boulevard

JULY 11, 2023

Microsoft recommends going forward to leverage V2, but there are still V1 collectors around that will be useful for us in regards to lateral movement. We’ll dive a little bit into this information later in the blog, but for now, I’ll just summarize and state that this information can be gathered either locally or remotely.

DNS

DNS Data collection Software

New peer-to-peer botnet Panchan hijacks Linux servers

CSO Magazine

JUNE 15, 2022

This might be due to poor password hygiene, or it could be related to the malware’s unique lateral movement capability with stolen SSH keys," the Akamai team said in a blog post. The most impacted vertical seems to be education.

Cryptocurrency

Cryptocurrency Education Authentication Passwords

North Korea-linked Lazarus APT targets Microsoft IIS servers to deploy malware

Security Affairs

MAY 25, 2023

Once obtained the system credentials, the threat actor performed internal reconnaissance and used remote access (port 3389) to perform lateral movement into the internal network. ” concludes the report that also provides Indicators of Compromise (IoCs).

Malware

Malware Hacking Government Cybersecurity

Threat actors target the infoSec community with fake PoC exploits

Security Affairs

MAY 22, 2022

Then the threat actors could use the beacon to download additional payloads and perform lateral movements. The malware executes a PowerShell command using cmd.exe to deliver the actual payload which is a Cobalt-Strike Beacon. “Usually, people working in information security or TAs use exploits to check for vulnerabilities.

InfoSec

InfoSec Malware Cybercrime Information Security

Enhancing Security and Reducing Costs with Advanced Zero Trust Implementation

Centraleyes

APRIL 15, 2024

What’s worse than a breach is if it has spread laterally, i.e., you have already eaten the worm. What is Lateral Movement? Lateral movement is a professional way of explaining how an attacker would move around once they’ve penetrated an endpoint and are inside the network perimeter. Why do they do this?

Architecture

Architecture Authentication Risk Insurance

IoT Unravelled Part 5: Practical Use Case Videos

Troy Hunt

NOVEMBER 26, 2020

This is the fifth and final part of the IoT unravelled blog series. Managing My Office Lights Based on Movement and Stream Deck Buttons My office lighting was one of the first things I did with home automation as it's continuously changing. embedded video will appear here as soon as we kick off].

IoT

IoT Firmware Technology

Detecting Credential Stealing Attacks Through Active In-Network Defense

McAfee

SEPTEMBER 22, 2021

Post initial compromise, to be able to execute meaningful attacks, attackers would need to steal credentials to move laterally inside the network, access critical network assets and eventually exfiltrate data. Lateral Movement – Introduction.

Authentication

Authentication Accountability Encryption Passwords

BlackCat Ransomware affiliates target unpatched Microsoft Exchange servers

Security Affairs

JUNE 16, 2022

The compromise of Exchange servers allows threat actors to access the target networks, perform internal reconnaissance and lateral movement activities, and steal sensitive documents before encrypting them. ” reads the post published by Microsoft 365 Defender Threat Intelligence Team. Pierluigi Paganini.

Ransomware

Ransomware Cybercrime Malware Advertising

China-linked Winnti APT steals intellectual property from companies worldwide

Security Affairs

MAY 4, 2022

The attacks leverage a multi-step infection chain that starts with attacks on internet-facing servers in the attempt to deploy a web shell used for reconnaissance, lateral movement, and data exfiltration purposes. Winnti (aka APT41 , Axiom, Barium , Blackfly) is a cyberespionage group that has been active since at least 2007.

Manufacturing

Manufacturing Passwords Malware Hacking

Security Affairs newsletter Round 369 by Pierluigi Paganini

Security Affairs

JUNE 12, 2022

sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”). Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. To nominate, please visit:?. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Ransomware

Ransomware DNS Cybercrime Hacking

Introducing SharpConflux

LRQA Nettitude Labs

MARCH 27, 2024

Within these spaces, users can publish and edit web pages and blog posts through a web-based editor , and attach any relevant files to them. Additionally, users can add comments to pages and blog posts. These may facilitate privilege escalation and lateral movement activities.

Authentication

Authentication Passwords VPN Accountability

GUEST ESSAY: 5 steps all SMBs should take to minimize IAM exposures in the current enviroment

The Last Watchdog

FEBRUARY 14, 2022

Password-less or Multi-Factor Authentication and strong authorization prevents attackers from gaining access to corporate resources and moving laterally within a network. A common denominator in many attacks is lateral movement within the network. Adopt a defensive mindset. Nothing could be further from the truth.

CISO

CISO Social Engineering Authentication Risk

Lemon_Duck cryptomining botnet targets Docker servers

Security Affairs

APRIL 22, 2022

Later operators added to the Lemon_Duck miner a port scanning module that searches for Internet-connected Linux systems listening on the 22 TCP port used for SSH Remote Login, then launches SSH brute force attacks. The LemonDuck also performs lateral movements by searching for SSH keys on the filesystem. Pierluigi Paganini.

Cryptocurrency

Cryptocurrency Malware Internet Internet

Royal Ransomware adds support for encrypting Linux, VMware ESXi systems

Security Affairs

FEBRUARY 6, 2023

Once compromised a victim’s network, the threat actors deploy the post-exploitation tool Cobalt Strike to maintain persistence and perform lateral movements. Originally, the ransomware operation used BlackCat’s encryptor, but later it started using Zeon. Starting from September 2022, the note was changed to Royal.

Encryption

Encryption Ransomware Malware Healthcare

US HHS warns healthcare orgs of Royal Ransomware attacks

Security Affairs

DECEMBER 10, 2022

Once compromised a victim’s network, the threat actors deploy the post-exploitation tool Cobalt Strike to maintain persistence and perform lateral movements. Originally, the ransomware operation used BlackCat’s encryptor, but later it started using Zeon. Starting from September 2022, the note was changed to Royal.

Healthcare

Healthcare Ransomware Encryption Malware

New Mac malware masquerades as iTerm2, Remote Desktop and other apps

Malwarebytes

SEPTEMBER 21, 2021

The malware was discovered earlier the same day by security researcher Zhi ( @CodeColorist on Twitter), and detailed on a Chinese-language blog. script seems to be to harvest credentials and other data that would be of use for lateral movement within an organization. Thus, the primary goal of the g.py Additional trojanized apps.

Malware

Malware Passwords Engineering

Microsoft Partch Tuesday for April 2022 fixed 10 critical vulnerabilities

Security Affairs

APRIL 12, 2022

“Still, this bug could be used for lateral movement by an attacker. Since no user interaction is required, these factors combine to make this wormable, at least between machine where RPC can be reached. However, the static port used here (TCP port 135) is typically blocked at the network perimeter.” ” reported ZDI.

DNS

DNS Hacking Cybersecurity Information Security

Evil Corp gang starts using LockBit Ransomware to evade sanctions

Security Affairs

JUNE 7, 2022

Once gained initial access to the target network, the attackers conducted a series of actions such as privilege escalation, internal reconnaissance, lateral movement, and maintaining persistence, aimed at deploying the final ransomware. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g.

Ransomware

Ransomware Cybercrime Malware Hacking

Russian cybercrime group likely behind ongoing exploitation of PaperCut flaws

Security Affairs

APRIL 24, 2023

and later, it highly recommends upgrading to one of these versions containing the fix “We have evidence to suggest that unpatched servers are being exploited in the wild.” Trend Micro announced they will disclose further information (TBD) about the vulnerability on 10th May 2023. ” reads the advisory published by PaperCut.

Cybercrime

Cybercrime Software Education Ransomware

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

Segment networks to limit or block lateral movement [ D3-NI ]. Upon responding to a confirmed incident within any portion of a network, response teams should scrutinize network infrastructure accesses, evaluate potential lateral movement to network infrastructure and implement corrective actions commensurate with their findings.

Telecommunications

Telecommunications Authentication Passwords Accountability

Six years on from NotPetya: an analysis from Tom Gol, CTO for research at Armis

IT Security Guru

JUNE 27, 2023

Six years later, the impact of the NotPetya attack is still being felt, and the lessons learned from this incident continue to shape the way we approach cybersecurity. By dividing networks into isolated segments, organizations can limit the lateral movement of malware and prevent the widespread damage associated with attacks like NotPetya.

Cyber Attacks

Cyber Attacks Malware Ransomware Risk

Uncovering new techniques and phishing attack trends from the cloud

Security Boulevard

APRIL 20, 2022

The Zscaler Zero Trust Exchange is built on a holistic zero trust architecture to minimize the attack surface, prevent compromise, eliminate lateral movement, and stop data loss. Eliminates lateral movement: Connect users directly to apps, not the network, to limit the blast radius of a potential incident.

Phishing

Phishing Retail Risk Architecture

Mitigating Lateral Movement with Zero Trust Access

What Is Lateral Movement? Lateral Movement Explained

Webinars

Trending Sources

Black Basta ransomware operators leverage QBot for lateral movements

Webinars

Exploiting Kerberos for Lateral Movement and Privilege Escalation

McAfee Defender’s Blog: Operation Harvest

Top 5 Evaluation Criteria For Choosing The Right ITDR Tool

GUEST ESSAY: Here’s why castle-wall defenses utterly fail at stopping deceptive adversaries

Password Spraying: Definition, How It Works, and How to Stop It

Microsoft: BlackCat Ransomware Group Targets Vulnerable Microsoft Exchange Servers

Microsoft Exchange Zero-Day Vulnerabilities Discovered

The Identity Underground Report: Deep insight into the most critical identity security gaps

China-linked Moshen Dragon abuses security software to sideload malware

How Cisco Duo Helps Mitigate Common MITRE ATT&CK® Techniques

Announcing Duo’s Vision to Streamline Authentication & Enhance User Experience

Ransomware Distribution: How One Infection Can Go Network-Wide

Colonial Pipeline, Darkside and Models

Microsoft aims at stopping cybercriminals from using cracked copies of Cobalt Strike

Iran-linked Mint Sandstorm APT targeted US critical infrastructure

A “By-Design” flaw in Microsoft Azure can allow storage accounts takeover

Raindrop, a fourth malware employed in SolarWinds attacks

Crooks use PaperCut exploits to deliver Cl0p and LockBit ransomware

Multiple malware used in attacks exploiting Ivanti VPN flaws

Performance, Diagnostics, and WMI

New peer-to-peer botnet Panchan hijacks Linux servers

North Korea-linked Lazarus APT targets Microsoft IIS servers to deploy malware

Threat actors target the infoSec community with fake PoC exploits

Enhancing Security and Reducing Costs with Advanced Zero Trust Implementation

IoT Unravelled Part 5: Practical Use Case Videos

Detecting Credential Stealing Attacks Through Active In-Network Defense

BlackCat Ransomware affiliates target unpatched Microsoft Exchange servers

China-linked Winnti APT steals intellectual property from companies worldwide

Security Affairs newsletter Round 369 by Pierluigi Paganini

Introducing SharpConflux

GUEST ESSAY: 5 steps all SMBs should take to minimize IAM exposures in the current enviroment

Lemon_Duck cryptomining botnet targets Docker servers

Royal Ransomware adds support for encrypting Linux, VMware ESXi systems

US HHS warns healthcare orgs of Royal Ransomware attacks

New Mac malware masquerades as iTerm2, Remote Desktop and other apps

Microsoft Partch Tuesday for April 2022 fixed 10 critical vulnerabilities

Evil Corp gang starts using LockBit Ransomware to evade sanctions

Russian cybercrime group likely behind ongoing exploitation of PaperCut flaws

China-linked threat actors have breached telcos and network service providers

Six years on from NotPetya: an analysis from Tom Gol, CTO for research at Armis

Uncovering new techniques and phishing attack trends from the cloud

Stay Connected