Brandon Hoffman ist Chief Strategy Officer der Security-Firma Intel 471. Im Interview spricht er über Veränderungen in der Cyberabwehr, die Wichtigkeit von Threat Hunting und die Bedrohungslage in der Schweiz.
In this Help Net Security video, Lee Archinal, Senior Threat Hunter at Intel 471, walks through practical strategies for detecting malicious activity involving Living Off The Land binaries (LOLBins).
Over the course of the past six months, the SVG image format has become a favorite method of hiding and delivering malicious code for email phishing campaigns. Intel 471 looks at the structure of the DanaBot botnet, which was dismantled by authorities last week.
The DanaBot group, which US officials say is based in Russia, is accused of using DanaBot to steal data, commit fraud, and help spread ransomware around the world.
US authorities have issued charges against a number of individuals suspected of involvement in developing and deploying the QakBot and DanaBot malware, respectively. The US highlighted the role of Amazon, Crowdstrike, ESET, Flashpoint, Google, Intel 471, Lumen, PayPal, Proofpoint, Spycloud, Team CYMRU and ZScaler in the DanaBot investigation.
In a major international operation coordinated by Europol and Eurojust, law enforcement agencies and private sector partners have successfully dismantled the DanaBot malware network.
Law enforcement in the United States and Europe this week disrupted the infrastructure of the long-running DanaBot malware-as-a-service (MaaS) operation that authorities said infected more than 300,000 systems and caused more than $50 million in damages.
The U.S. Department of Justice (DoJ) on Thursday announced the disruption of the online infrastructure associated with DanaBot (aka DanaTools) and unsealed charges against 16 individuals for their alleged involvement in the development and deployment of the malware, which it said was controlled by a Russia-based cybercrime organization.
The successful break-up of DanaBot marks the second high-profile law enforcement disruption of a widespread malware operation in as many days.
A statement from the DOJ says that as part of today’s operation, agents with the Defense Criminal Investigative Service (DCIS) seized the DanaBot control servers, including dozens of virtual servers hosted in the United States.
The Japanese government passed a new law last week that allows local agencies to carry out preemptive offensive cyber operations to prevent or suppress future attacks on the country's IT infrastructure. Intel 471 has published a profile on Russian hacker Andrei Vladimirovich Tarasov, also known as Aels.
Mike Mitchell, VP of threat intelligence at Intel 471, has experienced the evolution of threat hunting first-hand as he's been in the industry for decades. We spoke to him to learn more.
Stay informed with our weekly executive update, sending you the latest news and timely data on the threats, risks, and regulations affecting your organization.