Unpacking BellaCiao: A Closer Look at Iran’s Latest Malware
by Business Insights , on 26.04.2023
With recent reports that Charming Kitten group (aka Mint Sandstorm) is actively targeting critical infrastructure in the US and other countries, we would like to share the most recent insights from Bitdefender Labs about modernization of Charming Kitten’s tactics, techniques, and procedures, including a new, previously unseen malware. This malware is tailored to suit individual targets and exhibits a higher level of complexity, evidenced by a unique communication approach with its command-and-control (C2) infrastructure. read more
Bitdefender Threat Debrief | April 2023
by Business Insights , on 26.04.2023
MDR Insights The recent survey conducted by Bitdefender highlights some concerning trends in the state of cybersecurity. The fact that more than half of organizations have suffered a data breach in the past 12 months is alarming, and the majority of those affected have been asked to keep the data leak under wraps, which can make it difficult to take appropriate action to protect against future breaches. The recent trend of threat actors identifying vulnerabilities with PoC (Proof-of-Concept) targeting popular software (a few examples are Log4j, Microsoft Exchange, VMware ESXi or the most recent vulnerability in MSMQ) and quickly weaponizing them could explain why vulnerability and zero-day exploits are seen as the biggest risk by a majority of respondents in the Bitdefender survey. This approach allows attackers to exploit vulnerabilities in software before patches are released, putting organizations at risk of a data breach. Once a vulnerability has been weaponized, it can be rapidly disseminated to other attackers, making it difficult for organizations to defend against. As a result, it is critical for organizations to have effective patch management processes in place to ensure that vulnerabilities are identified and patched as quickly as possible. Additionally, having robust detection and response capabilities can help to identify and mitigate attacks that bypass traditional security measures. It is worth noting that upcoming legislation such as the NIS2 Directive from the European Union and the US National Cybersecurity Strategy 2023 are attempting to shift the responsibility for cybersecurity to software vendors. This has the potential to change the security landscape significantly. If software vendors are held accountable for security vulnerabilities in their products, it could lead to a stronger focus on security during the development process. This could result in better-quality software with fewer vulnerabilities and a more secure overall environment for users. Ransomware Report Spear phishing attacks are often used as an initial attack vector and ransomware infection is often the final stage of the kill chain. For this report, we analyzed malware detections collected in March 2023 from our static anti-malware engines. Note: we only count total cases, not how monetarily significant the impact of infection is. Opportunistic adversaries and some Ransomware-as-a-Service (RaaS) groups represent a higher percentage compared to groups that are more selective about their targets, since they prefer volume over higher value. read more
Introducing Live Search: A Real-Time Search Enhancement for Threat Hunting and Incident Response
by Business Insights , on 25.04.2023
On April 25, 2023, Bitdefender added a new Live Search capability to GravityZone which improves visibility into the organization and enables IT security professionals and security operation center (SOC) teams to quickly and easily search for specific files or applications while benefiting from the collective knowledge of the cybersecurity community. This new feature enhances threat hunting and active incident response capabilities, enables admins to identify misconfigurations and software vulnerabilities, and check system compliance with regulations and standards, enabling organizations to remain vigilant in detecting and responding to emerging threats. read more
What the Cybersecurity Assessment Report Tells Us About the State of Cybersecurity
by Business Insights , on 20.04.2023
Cybersecurity teams face increasing pressure as phishing and ransomware attacks grow more sophisticated, with over half of companies experiencing cyber threats and data breaches in the past year. The global average cost per data breach has risen to $4.35 million, and the strain on cybersecurity teams is evident, with many having to work on weekends and even being asked to stay quiet about data breaches confidential. read more
Technical Advisory: Why LockBit Ransomware on macOS Is Not a Significant Threat (Yet)
by Business Insights , on 20.04.2023
On April 15, 2023, MalwareHunterTeamshared the first proof that one of largest profit-sharing groups,LockBit, is developing a ransomware payload that is targeting macOS users. This was later confirmed by the group representative to BleepingComputer, who said that macOS encryptor is “actively being developed”. In this technical advisory, we evaluated the development stage of the ransomware to determine the level of threat it poses and whether it is fully prepared for actual deployment. read more
Overlooked Endpoints: Why Multifunction Printer (MFP) Security is Essential
by Business Insights , on 17.04.2023
With cybersecurity threats increasing, hackers are always searching for weak links and vulnerabilities that can serve as their entry point into an organization’s network. As a result, businesses of all sizes need layers of security to defend against cyberattacks and help them become more cyber resilient. However, as businesses focus on securing endpoints such as employee laptops, desktops, and mobile devices, one area they may overlook are their multifunction printers (MFPs). read more
Technical Advisory: Unauthorized RCE Vulnerability in MSMQ Service CVE-2023-21554 aka QueueJumper
by Business Insights , on 12.04.2023
On April 11, 2023, Microsoft released a patch for a vulnerability in Microsoft Message Queuing (MSMQ) service. CVE-2023-21554 (dubbed QueueJumper) is a critical unauthorized remote code execution (RCE) vulnerability with a CVSS score of 9.8. Attack complexity is low, and it doesn’t require any privileges or user interaction. To exploit this vulnerability, threat actors would send a malicious MSMQ packet to a listening MSMQ service. read more
Why XDR Capabilities Need to Be a Top Priority for MSPs
by Business Insights , on 11.04.2023
Managed Service Providers (MSPs) have a critical responsibility to address the needs of their clients but it can be a challenge when it comes to cybersecurity. The state of cybersecurity today is complex and difficult to navigate. A cybersecurity talent shortage that doesn’t seem to go away has strained many company’s security departments, an increasingly complicated vendor environment often leads to inefficiencies, and attackers continue to elevate their methods and techniques, making the need for a resilience cybersecurity department even more important. read more
Stronger Together: Join Bitdefender at RSA Conference 2023
by Business Insights , on 06.04.2023
The RSA Conference is a premier global cybersecurity event which brings together experts from around the world for four days in San Francisco to discuss the latest advancements and trends in security research. This event serves as a platform for industry leaders to share their insights on a variety of topics, ranging from cryptography to network security. Each year a theme is given for the RSA Conference and for 2023 that theme is “Stronger Together”. In a world of constantly evolving threats, come experience this unique event. read more
