Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
An Analysis of BlackCat Ransomware Attacks & Operations
Microsoft's tracking of Blackcat/ALPHV ransomware details varied tactics, including Exchange server exploits and stolen credentials. Case studies reveal sophisticated methods like RClone, MEGASync, and PsExec for data exfiltration and ransomware deployment.
Cloudflare Stops Record DDoS Attack with 26 million rps
Cloudflare has identified and mitigated a record distributed denial-of-service (DDoS) attack, amassing 26 million requests per second (rps). The attack targeted a customer website on Cloudflare’s Free plan. Similar to a previous 15M rps attack, this one also primarily originated from cloud service providers, indicating the use of hijacked virtual machines and powerful servers rather than weaker Internet of Things (IoT) devices. The botnet responsible for the attack comprised 5,067 devices, capable of generating over 212 million HTTPS requests within 30 seconds, and spanned 1,500 networks across 121 countries. The top source by country was Indonesia, accounting for over 15% of the traffic, followed by the United States, Brazil, and Russia. The use of HTTPS in the attack added complexity due to the computational demands of establishing TLS encrypted connections.
Vice Society Ransomware Responsible for Cyberattack on Palermo Italy
Vice Society ransomware group attacked Palermo, Italy on June 3rd, 2022, causing the city's IT infrastructure to shut down. The outage impacted 1.3 million residents and tourists. Vice Society has threatened to publish stolen data by June 12th if their ransom demands are not met. Palermo officials have not disclosed technical details.
Watching Black Basta Ransomware & Qakbot
Since its emergence in April 2022, Black Basta ransomware, linked to Conti, uses Qakbot malware for lateral movement. NCC Group reports tactics like RDP enabling, firewall modification, and Cobalt Strike beacons. Attackers use PowerShell and WMI to spread ransomware across networks during final stages.
QakBot Exploiting Windows MSDT CVE-2022-30190
ProofPoint reports that QakBot affiliate TA570 is exploiting CVE-2022-30190 via hijacked email threads. Malicious IMG files containing a Word document, LNK file, and QBot DLL are used to load Qbot. The Word document exploits the vulnerability, executing PowerShell code to download further payloads. TA570 continues to adapt its phishing tactics.
Ransomware Cancels Final Exams in Tenafly, New Jersey
A ransomware attack on Tenafly Public Schools in New Jersey on June 2nd, 2022, forced the cancellation of final exams. The attack disrupted access to system files, grading systems, and class notes. Cybersecurity experts and the FBI were engaged, and full system restoration is still in progress. The attackers remain unidentified.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
Whitepapers
The World's Best SOC Teams Use Anvilogic
.png)
.svg)
.svg)
.svg)
.svg)
.svg)
