The HYAS Threat Intel team partnered with Malwarebytes to connect the dots between Magecart Group 4 and the advanced threat group Cobalt.
Geopolitical risk is just one of many considerations that global enterprises and institutions must factor into their businesses, and when married with a firm’s information security, those risks can take on entirely new dimensions. Such has been the case with the current geopolitical environment when considering tensions between Iran and other global powers.
Recently we came across an interesting sample that warranted further investigation. The file in question was named “Reservar Grupos, Eventos e Feiras Groups, Events.docx” This particular sample (MD5: 52421a545a7472cf1451b99d914ea2dd) exploits CVE-2017-0199, which exploits the HTA handler in vulnerable versions of Microsoft Office when opening specially crafted RTF files. This CVE is heavily used to distribute […]
The difference between an obvious phish and a successful one is often the technical skill and attention to detail of the phish’s author. Gone are the days of poorly designed phishing kits and obvious deception; instead, a number of phishing kit authors are using increasingly sophisticated tactics to evade detection and trick targets into disclosing […]
Investigating attacker infrastructure is the bread and butter of HYAS Comox. One of the routine tasks we need to do as investigators and analysts is to find malware samples and infrastructure related to a given incident or report. Comox makes this task quick and painless, especially when combined with our Maltego transforms. In this post, […]
In recent months, there are has been a resurgence of Ursnif (aka Gozi ISFB) related campaigns. Since 2014, when the source code for the one of the more popular banking trojans was leaked, adversaries have been busy at work adding new features and capabilities to the malware. Some of these features and functions were highlighted […]
Over the past few months, HYAS has observed a noticeable increase in the number of credential stuffing attacks targeting multiple verticals including the enterprise market. “A credential stuffing attack involves attempting to use credentials that were publicly exposed during previous breaches in an automated fashion against new targets.” Multiple customers and partners reached out to […]
Over the past few months, HYAS has observed a significant increase in the number of domains associated with crime-as-a-service vendors focused on phishing, spamming, and malware distribution. The threat of phish-facilitated malware looms large over the healthcare sector. Research shows that phishing techniques are frequently used as initial delivery vectors for malware attacks, whether ransomware […]
Introduction Over the last dozen years, the concept of attribution has been introduced into the broader cybersecurity community and conversations. As a result, the concept – or some variation of the concept, has become a persistent element of conversation in our industry. Whether being employed by intelligence analysts, SOC analysts, threat researchers, threat hunters, or […]
“Battles are won because of asymmetry,” he says. The victor always has the advantage in some way. In the cybersecurity war, the attackers have long had the upper hand because they outclass the defenders in two key areas: information and time.
HYAS, a leading provider of attribution intelligence tools for infosec and cybersecurity professionals…
HYAS doesn’t like letting bad guys get away. For three years, we’ve been working on something that helps law enforcement and intelligence analysts nail them to the wall.