TropChaud · @IntelScott
184 followers · 33 posts · Server infosec.exchange

Proud to share our second analysis piece, which just went live! BLUF: All the pieces are in place for a serious, near-term uptick in infostealer threats involving higher-value targets, including businesses of all sizes, paralleling the shift among top ransomware groups toward “big-game” targets in years past. Part 1 details our evidence that intent, opportunity, & capability (the components of a “threat”) are all rising, and Part 2 will share our process for using this threat intelligence to drive development of new detections around the TTPs most commonly shared across today’s top stealers.

Despite a little more attention over the past year or so, I’ve sensed for some time that infostealers remain an “underrated” concern relative to the level of threat they pose to organizations, and there has yet to be a broad threat assessment or analysis of common techniques at quite this scale. Entirely based on (a large body of) public reporting, I think we’re able to draw unique insights in this series, and @tidalcyber's Community Edition made it a lot easier to get there.

Despite (what we see as) a rising threat, it’s not all doom and gloom – there are some extremely practical steps defenders can take to really lower the risk profile. Throw a few straightforward detections that we’ve compiled (they’ll come with Part 2, still cleaning up some rules sorry) in place, which cover many flavors of technique implementations associated with a wide range of these threats. Once you’ve set (and ideally validated) this coverage, consider tackling the likely more complex task of reviewing and tuning relevant people- and technology-related mitigations, including around identity & access (where today’s stealers pose some tricky challenges) and policies for responsible device use (to counter trending initial access vectors covered here in Part 1).

tidalcyber.com/blog/big-game-s

#infostealer #redline #raccoon #stealernostealing #threatinformeddefense #sharedwithtidal #malware #risk

Last updated 2 years ago