GoSecure Blog
Threat Hunt of the Month: Remote Access Software Exploited for Corporate Network Infiltration
In December 2024, GoSecure Threat Hunters have identified a concerning use of remote access software by cybercriminals to gain initial access within corporate environments. The attackers start by flooding a victim’s email with spam and then pose as IT support via Microsoft Teams. This social engineering tactic lures victims into installing remote access software, which is then exploited to deploy a custom implant that exfiltrates sensitive information and sets the stage for ransomware attacks.
Security Advisory: Enhancing Cybersecurity Vigilance During Natural Disasters
Following a recent advisory from the Cybersecurity and Infrastructure Security Agency (CISA) regarding the increased cyber threats during Hurricane Helene, it’s crucial for organizations to reassess their disaster preparedness from a cybersecurity perspective. Effective disaster preparedness is about anticipating potential challenges and equipping your organization with the tools and plans to manage them effectively. Natural disasters not only disrupt physical infrastructures but also create ripe conditions for cybercriminals to exploit heightened vulnerabilities.
Threat Hunt of the Month: Quad7 Botnet and Password Spraying Tactics Threaten Microsoft 365 Accounts
In November 2024, GoSecure Threat Hunters have identified an alarming rise in the activity of the Quad7 botnet, a sophisticated network of compromised nodes employed by cybercriminals to perform password spraying attacks on Microsoft 365 accounts. This method strategically avoids common detection methods such as account lockouts by using widely used passwords against a long list of valid users over an extended period.
Large-Scale Spear-Phishing Campaign with Malicious RDP Attachments
In response to a recent report from the Cybersecurity and Infrastructure Security Agency (CISA) on a large-scale spear-phishing campaign, GoSecure is alerting organizations to emerging threats involving malicious Remote Desktop Protocol (RDP) files. The campaign, reportedly orchestrated by a foreign threat actor targeting critical sectors like government and IT, seeks to exploit unsuspecting users through RDP attachments in emails that mimic trusted entities.
From Mainstream to Malicious: How Popular Smartphone Brands Are Used in Cyber Attacks on RDP
As Xiaomi smartphones show an increase in popularity, a surprising pattern emerges: cybercriminals are following the same trends as everyday users. Our research uncovers a striking overlap between popular consumer devices and those favored in illicit online activities. Are attackers simply adopting what’s widely available, or does brand loyalty extend into the cyber underworld?
