This weeks' briefing covers.

Throughout Q2 and Q3 2023, we observed an increased use of the malicious “SYSTEMBC” tool to maintain access in a compromised network. In this video, Kroll Threat Intelligence expert, Dave Truman, provides an initial walkthrough of our research into SYSTEMBC, focusing in its C2 server.

This weeks' briefing covers: Dive deeper: Additional Resources: July 11 2023 Cyber Threat Intelligence Briefing: July 10 2023 Cyber Threat Intelligence Briefing.

Kroll actively tracks malware command and control infrastructure, submissions to public sandboxes and active incident response (IR) and managed detection and response (MDR) case data to generate lists of the most active malware strains for comparison.

“In Q3, we did see an uptick in incidents impacting the manufacturing and construction sector largely led by business email compromise (BEC) or email compromise attacks. One of the reasons for this uptick in BEC attacks has to do with the reliance on third parties and suppliers.” – Laurie Iacono.

“From using QR codes in emails to sharing links via Microsoft Teams, threat actors are evolving their methodology to manipulate humans to click on the bait. This is not phishing through email; it's phishing through an instant messaging platform.” – Laurie Iacono.

In Q2 2023, Kroll reported a notable shift towards increased supply chain risk, largely driven by the CLOP ransomware gang’s exploitation of the MOVEit transfer vulnerability. The MOVEit exploitation rendered even organizations with mature cybersecurity controls helpless and vulnerable to financial and reputational damage. Only a handful were able to detect the exfiltration, and even fewer could handle the consequences once a trusted partner fell victim.

Watch Kroll expert Rahul Raghavan (Senior Vice President, Cyber Risk) highlight how organizations can scale their application security assessments with agile penetration testing. In this webinar, Rahul discusses how CISOs, CTOs, product engineers and security leaders can elevate their security posture by integrating effective security testing within the agile development process. Key sections.

Watch Kroll’s cyber threat intelligence leaders highlight key trends observed in Q2 2023 and outline the critical issues that organizations should be aware of, including a significant rise in ransomware activity fueled by the MOVEit vulnerability and new methods of email compromise attacks.

Threat intelligence can provide a rich insight into threat actor activity but often lacks the timelines and context that comes from the learning of real-life incident investigations. Security leaders need to know how to leverage this frontline intelligence to not only understand if they are likely to be in a similar situation but also to know how they could take immediate action on their defenses.