Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Deception at scale: How attackers abuse governmental infrastructure
#1
Information 
Quote:
[Image: Logo_VT_Horizontal.png]

Continuing our initiative of sharing VirusTotal’s visibility to help researchers, security practitioners and the general public better understand the nature of malicious attacks, we are proud to announce our “Deception at scale: How attackers abuse governmental infrastructure” report. Here are some of the main ideas presented there:
  • Governmental domains are among the top categories used by attackers in 2022 to distribute malicious content. 
  • We found dozens of government-related domains hosting many kinds of malware, including trojans, ransomware, phishing, coin miners, banking malware, and lateral movement tools.
  • Although some affected domains seem to be victims of opportunistic attacks, there are indicators that some of them were targeted by sophisticated attackers who abused their infrastructure to deploy their toolsets.
  • Using legitimate government domains for malware hosting can enable an attacker to improve the efficiency of social engineering attacks and avoid defenses and alerts based on deny/allow lists.
  • We also found traces of various webshells hosted in dozens of governmental domains. 
  • More generally, we observed an increase of phishing levels in 2022 along with a large distribution of suspicious PDFs. Recently created XLSX files seem to replace DOCX as the preferred mechanism to distribute malware.
For full details, you can download the report here

In this blog post we will focus on technical hunting and monitoring ideas you can use to prevent such cyberattacks. We also provide additional technical details for some of the most interesting cases we provide in the report.
...
Continue Reading
[-] The following 1 user says Thank You to harlan4096 for this post:
  • ismail
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
Opera 109.0.5097.35
Opera 109.0.5097.3...harlan4096 — 09:58
LibreOffice 24.2.2
LibreOffice 24.2.2...harlan4096 — 09:58
AdGuard Browser Extension 4.3.35
AdGuard Browser Ex...harlan4096 — 09:56
AVLab.pl - Product Of The Year 2024 – Re...
Just in time for t...harlan4096 — 09:54
AWZ Screen Recorder
AWZ Screen Recorder ...zevish — 11:05

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
harlan4096's profile harlan4096
Administrator

>