Threat Hunt of the Month: Quad7 Botnet and Password Spraying Tactics Threaten Microsoft 365 Accounts
In November 2024, GoSecure Threat Hunters have identified an alarming rise in the activity of the Quad7 botnet, a sophisticated network of compromised nodes employed by cybercriminals to perform password spraying attacks on Microsoft 365 accounts. This method strategically avoids common detection methods such as account lockouts by using widely used passwords against a long list of valid users over an extended period.
Large-Scale Spear-Phishing Campaign with Malicious RDP Attachments
In response to a recent report from the Cybersecurity and Infrastructure Security Agency (CISA) on a large-scale spear-phishing campaign, GoSecure is alerting organizations to emerging threats involving malicious Remote Desktop Protocol (RDP) files. The campaign, reportedly orchestrated by a foreign threat actor targeting critical sectors like government and IT, seeks to exploit unsuspecting users through RDP attachments in emails that mimic trusted entities.
Threat Hunt of the Month: Sophisticated Phishing Campaigns Leveraging Web Session Cookie Theft
In October 2024, GoSecure Threat Hunters have uncovered a sophisticated phishing campaign that utilizes tactics like Attacker-in-the-Middle (AitM) and phishing to compromise user accounts through web session cookie theft. This specific method targets cloud-based file hosting applications such as Dropbox and OneDrive, compromising users by manipulating shared files and redirecting them to malicious sites where both credentials and multi-factor authentication details are stolen.
Threat Hunt of the Month: CVE-2024-37085 Vulnerability in VMware ESXi Hypervisors – Privilege Escalation and Ransomware Risks
In September 2024, GoSecure Threat Hunters selected a critical vulnerability, CVE-2024-37085, affecting VMware ESXi hypervisors. This vulnerability, which allows for privilege escalation, could give attackers administrative access to ESXi hosts. Such access could lead to ransomware deployment, data theft, and control over key assets within virtual environments.
Understanding the Microsoft Outage BSOD Incident: Navigating Security Challenges with GoSecure
Today, reports detailing a Blue Screen of Death (BSOD) issue impacting Microsoft systems with CrowdStrike’s Falcon sensor installed has had worldwide implications and outages. The BSOD issue arose following an update to the CrowdStrike Falcon sensor. This malfunction caused affected systems to crash, presenting a blue screen error, a situation that can disrupt business operations and compromise security by leaving systems unprotected.
