Adversaries are not breaking in; they are logging in. The CrowdStrike 2024 Global Threat Report highlights an alarming trend: In 75% of cyberattacks detected in 2023, adversaries gained initial access through malware-free methods. This means they acquired valid credentials via techniques such as password spraying or phishing — or they simply purchased them off the dark web.

The software supply chain is increasingly complex, giving threat actors more opportunities to find ways into your system, either via custom code or third-party code. In this blog we’ll briefly go over five supply chain threats and where to find them. For a deeper look to finding these threats, with more specifics and tool suggestions, check out our threat hunting guide.

Today, organizations are confronted with a multitude of cybersecurity risks, both from external and internal threats. The global cost of cybercrime is projected to exceed $10 trillion by 2025. In 2023, a staggering 72% of all organizations worldwide fell victim to ransomware attacks, which is just one type of threat. The reality is that cyber threats are pervasive, and the adversaries behind them are becoming increasingly sophisticated with each passing year.

Welcome back. This is part two of our blog series covering the Impacket example tools. Impacket is a collection of Python classes focused on providing tools to understand and manipulate low-level network protocols. This capability enables you to craft or decode packets of a wide variety of protocols such as IP, TCP, UDP, ICMP, and even higher-level protocols like SMB, MSRPC, NetBIOS, and others.

At this point, it is clear: cyber attacks from nation-state adversaries persistently threaten local, state, and federal governments, as well as educational institutions. It is not a matter of if bad actors can penetrate existing security controls, as they are already doing so and will continue to do so. Whether it is due to one unpatched machine or one user clicking on a link in an email, we believe cyberattacks are inevitable.

Establishing a proactive security posture involves a data-driven approach to threat detection, investigation, and response. In the past, this was challenging because there wasn’t a centralized way to collect and analyze security data across sources, but with Amazon Security Lake it is much simpler.

Threat hunting is a massive commitment of time, resources, team members, and technology. Any investment that impactful would normally be one that was carefully measured to ensure it was driving sufficient value for the team. The thing is, there’s no established benchmark of “success” in threat hunting.

Malware often hides communications with its command and control (C2) server over HTTPS. The encryption in HTTPS usually conceals the compromise long enough for the malware to accomplish its goal. This makes detecting malware that uses HTTPS challenging, but once in a while, you will catch a break, as in the case here with AsyncRAT, a Windows remote access tool that has been deployed over the past year to target organizations that manage critical infrastructure in the United States.