AdvisoriesCISAAA18-284AOctober 11, 2018
October 11, 2018
This collaborative report by cybersecurity authorities from five nations (Australia, Canada, New Zealand, the United Kingdom, and the United States) focuses on the use of publicly-available tools that have been used for malicious purposes in recent cyber incidents worldwide. The report highlights five specific tools: PowerShell Empire, China Chopper, JBiFrost, HUC Packet Transmitter and Mimikatz that have been utilized to compromise information across critical sectors like health, finance, government, and defense. The report emphasizes that cyber threat actors, regardless of their sophistication, rely on established tools and techniques, often gaining initial access through common security weaknesses.
October 11, 2018
Malware comes in two varieties: popular and advanced. Popular malware can generally be detected using static protective measures, such as antivirus. Advanced malware requires dynamic analysis (meaning the malware must run) in order to block it. In recent years, dynamic protection has outpaced static - so much that the latter has been deemed “legacy.” This is because advanced malware can work around static signatures fairly easily through a variety of in-memory-based techniques. However, the majority of malware (including those covered in this advisory) falls under the popular category, meaning static signatures exist to detect and prevent it. Do not disable or remove antivirus capabilities, as some recommend, but instead use it as your front line of defense.
Be immediately notified of new advisories and associated security tests
AdvisoryCISAAA24-207AJuly 25, 2024
