Picus Labs Threat Newsletter

Welcome to Picus Labs Monthly newsletter, your trusted destination for a comprehensive blend of the most recent threat intelligence, cutting-edge security research, and thorough analysis, all in one convenient location.

In today's digital landscape, understanding Active Directory (AD) security is more important than ever. As the identity infrastructure for 90% of Fortune 1000 companies, AD plays a critical role in managing access to resources and ensuring smooth operations. However, its widespread adoption and inherent architectural limitations make it a prime target for adversaries aiming to launch devastating attacks.

To help you address this challenge, Picus Security has recently released a comprehensive e-book tailored to your needs.

The AD attacks that are covered in the e-book are:

• Pass-the-Hash & Pass-the-Ticket Attack
• Kerberoasting
• Golden Ticket Attack
• DCShadow Attack
• AS-REP Roasting
• LDAP Injection Attack
• PetitPotam - NTLM Relay Attack on AD CS

Get your Copy

Featured Blogs

The financial services industry has become a prime target for cybercriminals, who tirelessly work to breach the defenses of banks and financial institutions. This results in millions of dollars in damages and the erosion of customer trust. In our latest report, we deep dive into the critical challenges facing the industry and offer actionable insights to address them.

Click here to learn the key threats and mitigation strategies for financial services to strengthen your cybersecurity with Picus Security's expert insights.

CrowdStrike disclosed that 3CXDesktopApp, a popular softphone application from 3CX, was compromised as a part of a supply chain attack. Adversaries were able to trojanize a legitimate and signed binary 3CXDesktopApp for their malicious activities. The attack, dubbed "SmoothOperator", was attributed to a North Korean APT group Labyrinth Chollima, a subset of the notorious Lazarus group. 

Visit our blog for a detailed analysis of the 'SmoothOperator' attack, which offers essential insights on how to stay protected against similar threats.

As the threat landscape continually evolves, cybersecurity professionals must remain vigilant to proactively identify and mitigate potential security breaches. Hence, companies need to ensure that their security controls are always effective and up to date. According to 451 Research, organizations should consider continuous security validation as an essential complement to their existing cybersecurity strategy.

Explore our blog to delve into the significance of Continuous Security Validation and its crucial role for organizations.

Product Announcements and Updates

As Picus Security, we are excited to announce that our new CTEM capabilities, Cyber Asset Attack Surface Management (CAASM) and Cloud Security Posture Management (CSPM), have received recognition from top cybersecurity news outlets. These enhancements enable security teams to obtain a more unified view of their threat exposure by centralizing asset data and identifying critical misconfigurations in cloud workloads.

Click here to read our press release and discover how Picus' new features, CAASM and CSPM, enhance and automate your threat exposure management.

Cyber Security Events of the Month

Picus Security had a fantastic time at the RSA Conference 2023, the largest and most anticipated cybersecurity event of the year. RSA Conference 2023 brings together top industry professionals and the brightest minds to discuss the latest trends, innovations, and strategies in cybersecurity. This year's conference theme was "Resilience in a Digital World", couldn't be more relevant as we navigate the ever-evolving cyber landscape.

Explore our RSA recap blog by Trevor Daughney, our VP of Marketing, highlighting notable topics such as Artificial Intelligence, Cyber Risk, and Solution Consolidation, featuring a case study.

Picus Security has won the prestigious 2023 Global InfoSec Award for its “Cutting-edge Breach and Attack Simulation (BAS)” solution. Recognized by Cyber Defense Magazine for the second consecutive year, the award highlights Picus' innovation in security validation and continuous threat exposure management. The Picus Platform offers a unified solution to help customers proactively measure and respond to rapidly evolving cybersecurity risks.

Discover more about Picus Security's award-winning solution by clicking here.

Notorious Threats of the Month

Attack Campaign

The Lazarus group's DeathNote cluster has expanded its focus from cryptocurrencies to global defense, automotive, and academic sectors, using advanced tactics and techniques like Copperhedge backdoor, Blindingcan RAT, and BankShot trojan. To counter these sophisticated attacks, organizations must remain vigilant, conduct regular cybersecurity audits, and provide employee training in cybersecurity practices, particularly as the group continues exploiting fake job opportunities to deploy espionage malware.

Infostealer

The recently discovered Malware-as-a-Service (MaaS) platform, EvilExtractor, specializes in targeting Windows systems and streamlines cyber-attacks for those with minimal technical skills. By providing data extraction and ransomware capabilities, it amplifies potential threats to businesses, governments, and individuals, making it easier for cybercriminals to carry out their malicious activities.

Ransomware

Cylance ransomware is a new strain that has been identified targeting both Windows and Linux systems. It presents victims with a ransom note, instructing them to contact the attackers for negotiation. Users are advised to exercise caution when opening emails or clicking on links from unknown sources to prevent falling victim to ransomware.

For more information, visit our Threat Library on the Picus Platform.

________________________________________________________________

Simulate cyberattacks with the Picus Platform to test your defences against the latest threats within minutes.