ThreatSpike

Mar 14, 2023   |  By Jacob Andrews
In recent years, phishing attacks have become increasingly sophisticated and are now being conducted through various messaging platforms such as Telegram. Telegram is a popular messaging app that allows users to send messages, photos, videos, and other files over the internet. It also provides APIs that allow developers to create custom bots and applications. Unfortunately, these same APIs can be used by malicious actors to exfiltrate credentials successfully phished from attacks.
Mar 7, 2023   |  By Adam Blake, CEO and Founder
Despite the growing awareness of the necessity for more advanced cyber security, firms are still falling foul of attacks which are undetected when they arrive and can stay for years. Adam Blake, CEO and Founder of ThreatSpike discusses the reasons why businesses are missing the mark and how they can keep one step ahead of cyber-attacks.
Mar 2, 2023   |  By Chandler Geary
High-profile ransomware attacks against large businesses and governments have become increasingly popular. They typically occupy news headlines on a monthly basis. As of writing, the most recent, high-profile attack was launched against Porsche, South Africa, where IT systems and some backups were impacted by ransomware from an unknown attacker. The gangs that perpetrate these attacks typically have carefully-crafted, large public personas and engage in significant posturing.
Since late December 2022, the ThreatSpike team has noticed a significant rise in highly targeted phishing campaigns aimed at the hospitality sector, which distribute infostealer malware. The threat actors (TAs) are primarily targeting front desk and reception staff, as they are responsible for handling customer queries via a generic email that can easily be found on the company website.
Feb 2, 2023   |  By Gagandeep Mehta
Redline infostealer gathers information and steals high value data from an infected machine. The Redline infostealer is considered one of the most dangerous malware currently being used in the wild and has been used in countless trojanized software, applications, games and cracked software. In addition to data exfiltration, Redline also has the capability to connect to a command and control (C2) server to download, upload files as well as perform remote commands.
Jan 30, 2023   |  By ThreatSpike
Industry-first fixed price managed offensive security service aims to close the cybersecurity gap, strengthen customers' cyber defence posture, and reduce risk.
Jan 20, 2023   |  By Gagandeep Mehta
This blog post will provide an analysis of the malicious Redline Infostealer payloads which have been taken from a real life malware incident, responded to and triaged by the ThreatSpike SOC team. This analysis will be broken down to demonstrate, describe and explain the various stages of the attack chain.
Feb 2, 2021   |  By Uchechi Odikanwa / James Lanagan
When it comes to cyber security, attackers seem to be classified as terrifying Advanced Persistent Threats (APTs) or trivialised as Script Kiddies. However, more often than not, the attackers that are actually faced lie somewhere in the middle; the not-so-advanced yet somewhat-persistent threat. Their attacks are often detected but can be difficult to unravel. Their Tactics, Techniques and Procedures do not include any zero-days, but still they manage to show ingenuity.
Jan 26, 2021   |  By Michael Prantl
In a previous article, we introduced a piece of malware that ThreatSpike detected in December 2020, moving laterally between hosts. The attack consisted of two components: A text editor repurposed as a launcher for the actual payload, identified as Cobalt Strike’s Beacon.
Jan 15, 2021   |  By James Lanagan
The array of phishing vectors used by attackers is constantly expanding. On a daily basis we observe numerous different phishing themes such as voicemails, fake invoices and documents requiring signing. Recently, we have seen more topical themes such as US elections, COVID-19 and Brexit.

ThreatSpike Labs provides the first end-to-end fully managed security service for companies of all sizes. We monitor networks for a broad range of security issues, tailoring our monitoring for the specific industry and requirements of each customer.

ThreatSpike's software defined security platform takes only a few hours to install after which time all activity on the network is monitored by a team of highly trained analysts and penetration testers. Companies are alerted in real time to any active threats, as well as weaknesses that could be used by attackers at a later time.

What can ThreatSpike detect?

  • Hacking: We monitor for hacking including reconnaissance, network and application exploits as well as lateral movement.
  • Malware: We use methods including machine learning to detect malicious executables, command and control activity as well as network propagation.
  • Vulnerabilities: We monitor for weaknesses in technology systems and business processes that may be used to steal data and commit fraud.
  • Insider Threats: We monitor logins, authorisation changes, access reach, electronic communications and data transfers to detect insider threats.

One Platform. One Partner. Complete Security.