The Executive Summary for The State of Cloud Native Security 2022 research report offers key insights gleaned from security and DevOps leaders at the forefront of the cloud native ecosystem.
The Palo Alto Networks Unit 42 threat research team has observed more than a 73% increase in the use of Red Team tools such as Cobalt Strike by threat actors (Source: Network Threat Trends report, pg. 18).
Credential-Based Attacks: Exposing the Ecosystem and Motives Behind Credential Phishing, Theft and Abuse
In this white paper, Unit 42 details the ecosystem behind how adversaries steal and leverage legitimate credentials to break in and move laterally within the organization, often bypassing security controls. Learn the key attack methods currently in use, how this technique fits into attacker playbooks, and real-world guidance on preventing successful attacks.
Unit 42 tracks Nigerian Threat Actors and finds they've evolved into capable and formidable adversaries successfully attacking major companies and governments.
Exploit kits, which first became popular in 2006, are used to automate the exploitation of vulnerabilities on victims’ machines, most commonly while users are browsing the web. Over the past decade they have become an extremely popular means for criminal groups to distribute mass malware or remote access tools (RAT), because they lower the barrier to entry for attackers and can enable opportunistic attacks at scale. To understand this phenomenon, we must understand the ecosystem that surrounds exploit kits, including the actors, campaigns and terminology involved.
The Palo Alto Networks threat research team, Unit 42, has spent the last seven months investigating a series of attacks, determining that they are the result of a long-standing cyber espionage campaign. The campaign, which we refer to as “Scarlet Mimic,” has activity dating back over four years. The result of our analysis has allowed us to connect a series of disparate attacks into a coherent picture of the Scarlet Mimic operation, which has targeted human rights activists, as well as organizations with knowledge about these groups, including government entities.
The AUTR provides visibility into the real-world threat and application landscape, helping security teams to understand how adversaries are attempting to attack organizations around the world and build proactive, actionable controls. Built by the Unit 42 threat research team, the report correlates data from more than 7,000 enterprise organizations, providing broad visibility into critical trends.
CoolReaper: The Coolpad Backdoor
New research from Unit 42 confirms security risk in Coolpad devices
Palo Alto Networks researchers have uncovered CoolReaper, a backdoor contained in millions of Android devices sold by manufacturer Coolpad. CoolReaper exposes users to potential malicious activity and appears to have been installed and maintained by Coolpad despite objections from customers.
Due to the unique way Coolpad modifies the Android OS, it is difficult for Android antivirus programs to identify and remove this backdoor.
Read the report about WireLurker and its potential impact, and get recommendations for preventing and mitigating WireLurker and other iOS and OS X malware threats.
In the past three months Palo Alto Networks has identified a series of attacks emanating from Nigerian actors against our customers in Taiwan and South Korea. Our team is tracking this activity under the code name Silver Spaniel. These attacks have deployed commodity tools that can be purchased for small fees on underground forums and deployed by any individual with a laptop and an e-mail address. Read the report by Palo Alto Networks Unit 42.
In the face of government regulation such as the Health Insurance Portability and Accountability Act (HIPAA), personal health information (PHI) continues to leak into the public domain at an alarming rate, resulting in fraudulent insurance claims, identity theft and other costs to the health care industry. Research indicates PHI can easily be found on peer-to-peer (P2P) filesharing networks. But why?