Executive Summary Introduction 2024 marks a pivotal moment in global politics as an unusual number of elections have and will take place across various nations, encompassing approximately 54% of the world’s population. Elections serve as keystone events in democratic societies,…
Tag: Sekoia.io Blog
Unplugging PlugX: Sinkholing the PlugX USB worm botnet
Key Takeaways In September 2023, we successfully sinkholed a command and control server linked to the PlugX worms. For just $7, we acquired the unique IP address tied to a variant of this worm, which had been previously documented by…
Securing cloud perimeters
The global shift towards cloud computing is undeniable. According to Statista, the worldwide public cloud computing market continues to grow and is expected to reach an estimated 679 billion U.S. dollars in 2024. AWS, Azure and Google Cloud services dominate…
AWS Detection Engineering
A broad introduction to AWS logs sources and relevant events for detection engineering La publication suivante AWS Detection Engineering est un article de Sekoia.io Blog. This article has been indexed from Sekoia.io Blog Read the original article: AWS Detection Engineering
From EDR to XDR: Detailed Walkthrough
In 2024, the lines between EDR and XDR are becoming blurred. More and more vendors offer platforms that combine endpoint, network, cloud, and email security. All these tools are designed to block threats, though they differ in terms of scope…
Sekoia.io and GLIMPS: a new example of interoperability within the Open XDR platform
This blogpost was written by Glimps and Sekoia.io teams The Open XDR Platform is an alliance of specialized, complementary cybersecurity solution providers, that provide a rapid, coordinated response to the ever-increasing number and sophistication of cyberattacks. This modular, customizable approach provides analysts and security…
Tycoon 2FA: an in-depth analysis of the latest version of the AiTM phishing kit
Tycoon 2FA has become one of the most widespread AiTM phishing kits over the last few months. La publication suivante Tycoon 2FA: an in-depth analysis of the latest version of the AiTM phishing kit est un article de Sekoia.io Blog.…
Unveiling the depths of Residential Proxies providers
Written by World Watch team from CERT Orange Cyberdefense (Marine PICHON, Vincent HINDERER, Maël SARP and Ziad MASLAH) and Sekoia TDR team (Livia TIBIRNA, Amaury G. and Grégoire CLERMONT) TL;DR Introduction On 25 January 2024 Microsoft released public guidance on…
Enhancing security with IOC detection
Indicators of Compromise (IOCs) serve as signals, hinting at potential security breaches or ongoing cyberattacks. These indicators consolidated in a single database range from IP addresses to file hashes and act as early warning signs, enabling organizations to detect and…
Guidelines for selecting and disseminating Sekoia.io IOCs from CTI sources
In the ever-evolving landscape of cybersecurity, the battle against threats demands a multi-faceted approach. Organizations, now more than ever, need to leverage comprehensive Threat Intelligence to stay ahead of adversaries. At the forefront of this defense is Sekoia.io, a leading…
The Architects of Evasion: a Crypters Threat Landscape
In this report, we introduce key concepts and analyse the different crypter-related activities and the lucrative ecosystem of threat groups leveraging them in malicious campaigns. La publication suivante The Architects of Evasion: a Crypters Threat Landscape est un article de…
NoName057(16)’s DDoSia project: 2024 updates and behavioural shifts
Context Since the onset of the War in Ukraine, various groups identified as “nationalist hacktivists” have emerged, particularly on the Russian side, to contribute to the confrontation between Kyiv and Moscow. Among these entities, the pro-Russian group NoName057(16) has garnered…
The Predator spyware ecosystem is not dead
Context In September and October 2023, several open source publications, part of the Predator Files project coordinated by the European Investigative Collaborations, exposed the use of the Predator spyware by customers of Intellexa surveillance solutions. The intrusion set related to…
Playbooks on-prem
Automation plays a pivotal role in streamlining operations, enhancing security posture, and minimizing risks. However, executing automation tasks can still be challenging for organizations with on-premises infrastructure due to technical complexities and constraints. To address this challenge, Sekoia.io has recently…
Scattered Spider laying new eggs
This report provides an overview of the Scattered Spider evolution, its modus operandi and the toolset leveraged over the past years. Additionally, it delves into the Scattered Spider TTPs, as well as the latest ongoing campaigns, including their current targets.…
How Sekoia Endpoint Agent works
According to Global Cybersecurity Outlook 2024 by WEF, 29% of organizations reported that they had been materially affected by a cyber incident in the past 12 months. Due to increasing risks and expanded attack surface, companies seek to establish reliable…
Adversary infrastructures tracked in 2023
Context Throughout 2023, Sekoia.io’s Threat Detection & Research (TDR) team actively tracked and monitored adversary C2 infrastructures set up and used by lucrative and state-sponsored intrusion sets to carry out malicious cyber activities. Our analysts identified more than 85,000 IP…
Unveiling the intricacies of DiceLoader
This report aims to detail the functioning of a malware used by FIN7 since 2021, named DiceLoader (also known Icebot), and to provide a comprehensive approach of the threat by detailing the related Techniques and Procedures. La publication suivante Unveiling…
SentinelOne and Sekoia.io Integration
Expanding tech stack and increasing number of tools urge security operations teams to seek a one-stop solution for centralizing events and alerts. Under these conditions of growing risks, the Sekoia SOC platform becomes a silver-bullet solution for backing up SOC…
Detecting Berylian attacks: Sekoia SOC Platform used in NATO CCDOE Crossed Swords 2023
Last month, Sekoia.io took part to NATO Cooperative Cyber Defence Centre of Excellence (CCDOE) Crossed Swords cyber exercise (aka XS23) organized in Tallinn, Estonia. Involving high-level expert teams from dozen of NATO member countries, Crossed Swords is a three-day unique…
Integrating Zscaler ZIA with Sekoia.io
In September 2023, the Sekoia.io team embarked on a new intake development to integrate Zscaler ZIA logs into our SOC platform. After implementing Zscaler integration with a wide range of supported logs, events, and related built-in rules, our team shifted…
Being PCI DSS certified
Being PCI certified is a long journey. We started two years ago when we were discussing an extension of our coverage with a customer. This customer was processing card data and consequently had to be partnering with PCI-compliant security solutions…
How Sekoia.io empowers cybersecurity with 170+ integrations
Sekoia.io recognizes the significant investment and effort that organizations have put into their existing security infrastructures. We also realize the flexibility needed to choose the best new tools for safeguarding critical assets and data. To enable this flexibility and streamline…
Securing Gold: Assessing Cyber Threats on Paris 2024
Based on these observations and given the constantly evolving cyber threat landscape, we analysed cyber threats affecting previous editions of the Olympics, as well as the current geopolitical context to understand potential motivations of malicious actors to target this event,…
IAM & Detection Engineering
Introduction In the ever-changing cybersecurity landscape, Identity and Access Management (IAM) stands as the cornerstone of an organisation’s digital asset protection. IAM solutions play an essential role in managing user identities, controlling access to resources and ensuring compliance. As the…
CALISTO doxxing: Sekoia.io findings concurs to Reuters’ investigation on FSB-related Andrey Korinets
Investigation context On 7 December 2023, a joint advisory from the UK, USA, Canada, Australia and New Zealand attributed the previously known intrusion set Star Blizzard (aka CALISTO for Sekoia.io) to Russian Federal Security Bureau (FSB). The USA and UK…
ActiveMQ CVE-2023-46604 Exploited by Kinsing: Threat Analysis
This report was originally published for our customers on 27 November 2023. As part of our critical vulnerabilities monitoring routine, Sekoia’s Threat & Detection Research (TDR) team deploys and supervises honeypots in different locations around the world to identify potential…
When a Botnet Cries: Detecting Botnet Infection Chains
Infection chains used by commodity malware are constantly evolving and use various tricks to bypass security measures and/or user awareness. BumbleBee, QNAPWorm, IcedID and Qakbot are all often used as first-stage malicious code, allowing other more specific payloads to be…
Sekoia.io achieves PCI-DSS compliance
Sekoia.io is proud to announce that it has achieved the Payment Card Industry Data Security Standard (PCI-DSS) compliance at Level 1. PCI-DSS compliance is a rigorous set of security standards designed to safeguard credit card information and audited by an…
Revolutionize your security strategy: Introducing automatic asset discovery
Introduction In the rapidly evolving cybersecurity landscape, staying ahead of potential threats requires a robust and comprehensive approach to managing IT assets. We are pleased to announce the beta release of our newest feature, Asset Discovery, which is designed to…
Unmasking the latest trends of the Financial Cyber Threat Landscape
This report aims at depicting recent trends in cyber threats impacting the financial sector worldwide. It focuses on principal tactics, techniques and procedures used by lucrative and state-sponsored intrusion sets by providing an analysis of evolutions observed in campaigns against…
DarkGate Internals
Introduction & Objectives DarkGate is sold as Malware-as-a-Service (MaaS) on various cybercrime forums by RastaFarEye persona, in the past months it has been used by multiple threat actors such as TA577 and Ducktail. DarkGate is a loader with RAT capabilities…
Unveiling the power of the new Query Builder in Sekoia SOC Platform
Introduction The Query Builder is designed to simplify data exploration and enhance threat detection capabilities. This feature empowers Security Operations Center (SOC) teams to explore their data through an intuitive interface, enabling structured queries and insightful data aggregation for threat…
Game Over: gaming community at risk with information stealers
This report was originally published for our customers on 26 October 2023. The world of online gaming, a thriving global community of millions, has become an enticing target for malicious actors seeking to exploit related vulnerabilities. In their engagement with…
AridViper, an intrusion set allegedly associated with Hamas
Given the recent events involving the Palestinian politico-military organisation Hamas which conducted on 7 October 2023 a military and terrorist operation in Israel, Sekoia.io took a deeper look into AridViper, an intrusion set suspected to be associated with Hamas. La…