According to the tag cyberattack, the following results have been found:
Holidays, public holidays, any "extra" days off - this is an opportunity for attackers to try to launch an attack. The attackers' calculation is simple: the fewer "defending" specialists are at their workplaces, the higher the chances of breaking into the perimeter, establishing themselves, and causing damage. It was the same last year: at the beginning of May 2024, we were approached for help in investigating two serious cybersecurity incidents that occurred during the May holidays. Attackers targeted and destroyed the virtual infrastructure of large organizations and temporarily paralyzed their business operations. The normal weekend was ruined not only for our on-duty experts but also for representatives of the affected organizations, who had to trade nature and barbecue for servers and logs.
In the article "Reign of king: tactics and tools of the Obstinate Mogwai group" from the Solar 4Rays Cyber Threat Research Center, there is an interesting case of an attack through a contractor. The Solar SafeInspect PAM system installed at the customer played an important role in this
Throughout 2024, we have witnessed a lot of high-profile hacks, leaks, failures, and just funny news from the world of information security. For the New Year, we traditionally asked Alexey Drozd, our head of security, to share his personal top most memorable information security events of the year.
Attacks using the long-patched WinRAR vulnerability remain relevant for many companies. Let's figure out how a typical attack works, how attackers bypass antivirus software, what to do for protection. And, of course, we will try to conduct a typical attack ourselves.
The tekkix news service visited the SOC Forum 2024. This is another event dedicated to cybersecurity, organized by the Solar Group of companies. Due to a busy work schedule, I managed to get there only on the third day and only for a few hours. However, I was able to talk with Solar Group specialists about a rather interesting study. It was dedicated to the unique GoblinRAT malware, capable of remaining unnoticed in the infrastructure of attacked organizations thanks to advanced masking and bypassing security systems. The malware was found in the networks of several Russian government organizations and companies providing services to the public sector, with signs of presence since 2020. In each of the affected organizations, the attackers gained full access to the network.
Hello everyone! In the blog of the Solar 4RAYS Cyber Threat Research Center, we continue to share the results of incident investigations, useful tools for information security specialists, and other practical materials, some of which we also post here.