Anomali Blog
Mind the Threat Intelligence Gap With a Strong Cybersecurity Strategy
85% say Threat Intelligence is important for a strong security posture but 41% say they have not made progress in the effectiveness of Threat Intelligence data. This comes from a recent 2019 study carried out by the Ponemon institute with over 1000 IT Security Practitioners in North America and the U.K.The difference...
Read More
Weekly Threat Briefing: Hackers Could Read Your Hotmail, MSN, and Outlook Emails by Abusing Microsoft Support
The intelligence in this week’s iteration discuss the following threats: APT, APT platform, Banking trojan, Botnet, Malspam, Phishing, Spear phishing, Targeted attacks, Vulnerabilities, and Zero day. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your...
Read More
Level Up Your SOC - Focus On People, Process, and Technology
IntroductionA Security Operations Center (SOC) is an organized and highly skilled team whose mission is to continuously monitor and improve an organization’s cybersecurity posture while preventing, detecting, analysing and responding to security incidents with the aid of technology and well-defined processes and procedures. The success of your...
Read More
Weekly Threat Briefing: Cybercriminals Spoof Major Accounting and Payroll Firms in Tax Season Malware Campaigns
The intelligence in this week’s iteration discuss the following threats: Backdoor, FIN6, LockerGoga, MageCart, Malicious applications, Malspam, Phishing, Ransomware, Ryuk, Trickbot, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for...
Read More
Unlock Your Threat Data with the Enrichment SDK
A few months back, Anomali released a set of SDKs that greatly expanded our ability to deliver content within the platform, and with integrated systems. One of those SDKs – focusing on enrichments – was introduced to provide a straightforward means for adding contextual information.In the threat intel world,...
Read More
Weekly Threat Briefing: Planet Hollywood Owner Suffers Major POS Data Breach
The intelligence in this weekís iteration discuss the following threats: Cryptocurrency, Data breach, Elfin, Emotet, Gustuff, Lazarus, Magento, Malware, Misconfigured databases, Ransomware, Trojans, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check...
Read More
Weekly Threat Briefing: Russian State Hackers Phish Euro Governments Ahead of Elections
The intelligence in this weekís iteration discuss the following threats: APT28, APT32, Cryptominer, FIN7, IoT, MageCart, Phishing, Ransomware, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential...
Read More
Anomali Joins No More Ransom Partnership Ecosystem
On the 25th of March, Anomali is proud to announce a supporting partnership with No More Ransom (NMR). Anomali innovates intelligence-driven solutions that address cyber security challenges to achieve a more secure world. NMR is a non-commercial public-private initiative launched in July 2016 which created a common portal containing relevant information...
Read More
“Bad Tidings” Phishing Campaign Impersonates Saudi Government Agencies and a Saudi Financial Institution
Executive SummaryIn January 2019, researchers from Anomali Labs and Saudi Telecom Company (STC) observed a spike in phishing websites impersonating the Saudi Arabian Ministry of Interior’s e-Service portal known as “Absher”. Further analysis uncovered a broader phishing campaign targeting four different Kingdom of Saudi Arabia government...
Read More
Weekly Threat Briefing: Spam Campaign Uses Recent Boeing 737 Max Crashes to Push Malware
The intelligence in this week’s iteration discuss the following threats: APT, Data breach, Malspam, Malware, Phishing, Point-of-Sale, Ransomware, RAT, Supply chain, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for...
Read More
Rocke Evolves Its Arsenal With a New Malware Family Written in Golang
SummaryThe “Rocke group”, a Chinese threat actor group who specializes in cryptojacking, has shifted gears on how they’re stealing your cycles. Rocke is actively updating and pushing a new dropper using Pastebin for Command and Control (C2). Recent updates to the C2 as of March 1...
Read More
Threat Actor - A Love Story
The BreachIt’s 5am on a Saturday morning, you’re soundly sleeping after a hectic week as CISO of a large organization. Suddenly, the phone rings and wakes you up. The voice on the phone says one of the most dreaded phrases, “You need to get...
Read More
Weekly Threat Briefing: Email Verification Service Takes Itself Offline After 800 Million Records Get Publicly Exposed
This section listed below contains summaries on various threat intelligence stories that occurred during the past week. The intelligence in this week’s iteration discuss the following threats: APT40, Backdoor, Chafer, Data breach, IRIDIUM, Phishing, Malware, RATs, Ransomware, Vulnerabilities and Whitefly. The IOCs related to these stories are attached...
Read More
Anomali at RSA Conference 2019 - Better than Ever
This year's theme for RSA Conference 2019 was Better - better connections, better solutions, and a better digital world. After a full week of RSA activities and festivities, we're feeling better than ever about the incredible advances in the industry and the community's shared goal to make...
Read More
Weekly Threat Briefing: North Korean Hackers Go On Phishing Expedition Before Trump-Kim Summit
This section listed below contains summaries on various threat intelligence stories that occurred during the past week. The intelligence in this week’s iteration discuss the following threats: APT, Attack vector, Botnet, Credential-stealer, Phishing, Spear phishing, Targeted attacks, Threat group, Trojan, and Vulnerabilities. The IOCs related to these stories...
Read More
Weekly Threat Briefing: The Facebook Login Phishing Campaign Can Even Trick Savvy Users
The intelligence in this weekís iteration discuss the following threats: APT28, APT-C-36, Cryptominer, Data breach, Fbot, KEYMARBLE backdoor, Malware, Mimikatz, Phishing, RADMIN, Ransomware, Rietspoof, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for...
Read More
Online Bidding-Themed Phishing Campaigns Aims to Trick U.S. Federal Government Contractors
In late February 2019, Anomali Labs researchers discovered a malicious server hosting two separate phishing campaigns targeting government contractors desiring to do business with two U.S. federal government agencies. In both instances, the phisher created faux landing pages mimicking the Department of Transportation eProcurement login portal and the Department of...
Read More
Weekly Threat Briefing: Chinese Facial Recognition Database Exposes 2.5m People
The intelligence in this week’s iteration discuss the following threats: APT, Data-theft, Malspam, Malware, Phishing, targeted attacks, Trojan, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity....
Read More
Phishing Campaign Spoofs United Nations and Multiple Other Organizations
Anomali Labs researchers recently discovered a phishing site masquerading as a login page for the United Nations (UN) Unite Unity, a single sign-on (SSO) application used by UN staff. When visitors attempt to login into the fraudulent page, their browser is redirected to an invitation for a film viewing at...
Read More
Phishers Target Texas Department of Transportation Contractors with Online Bidding Scheme
On February 15th, 2019, Anomali Labs researchers found an active phishing page masquerading as a legitimate Texas Department of Transportation (TxDOT) online bidding website. The illegitimate portal <hxxps://www[.]txdot[.]gov[.]us.e-bid.sync.auth.moovindancestudio[.]com/secure/user-login/login[.]php> is being hosted on a suspected compromised server...
Read More
