Snyk Code is turning one! We’ve hit so many milestones in the last 12 months, and today we invite you to look back, celebrate, and peer into the future of code security with us.

Emotet started as a banking trojan in 2014 and later evolved to what has been considered the world’s most dangerous malware by Europol, often used throughout the world to deliver many different threats, including TrickBot. In October 2020, Netskope analyzed an Emotet campaign that was using PowerShell and WMI within malicious Office documents to deliver its payload. Later in 2021, we also spotted new delivery mechanisms being used, including squiblytwo.

Yesterday, the Elastic Security Research Team released a detailed report outlining technical details regarding the BLISTER launcher, a sophisticated campaign that we uncovered in December 2021. This latest release continues on research we’ve developed while observing the campaign over the last few months — specifically pertaining to the technical details of how the group behind this payload is able to stay under the radar and evade detection for many new samples identified.

Ready to secure government applications? Start with Zero Trust. Trust is the foundation of successful relationships. We want to trust our friends, companies, government, etc., and be trusted in return. But, sometimes mistrust better serves us. A few years ago, the cyber world adopted an approach to security known as trust-but-verify. A simplistic approach, it delivered innovative digital services to consumers – securely and efficiently.

Understanding the threat landscape and how threats behave is the first step CrowdStrike researchers take toward strengthening customer protection. They based the following threat landscape analysis on internal and open source data, which revealed that in 2021 the most commonly encountered macOS malware types were ransomware (43%), backdoors (35%) and trojans (17%). Each category is powered by a different motive: ransomware by money, backdoors by remote access and trojans by data theft. Figure 1.

The Gramm-Leach-Bliley Act (GLBA) aims to protect consumer financial privacy with three provisions: the Financial Privacy Rule, the Safeguards Rule, and the Pretexting Provisions. In our previous post, we covered the GLBA Financial Privacy Rule and what financial institutions, as defined by the GLBA, need to know to be compliant.

Tech decision makers surveyed by Pulse admitted last year that nearly 3 out of 4 companies (71%) experienced a ransomware incident and at least 12% of these incidents involved payments. This shows that ransomware attacks are proving to be a lucrative business for malicious cyber actors as they constantly put organizations’ cybersecurity measures to the test in a host of different sectors where different IT architectures are used.

Professionals working in cyber threat intelligence (CTI) overwhelmingly enjoy their jobs; over 66%, according to a limited survey of CTI professionals. They enjoy playing detective, investigator, researcher, analyzer, and communicator. What do they not love about the job? Chasing down bits and pieces of information manually through tons of different interfaces. Wrangling a time-intensive monstrosity of various files, web pages, and inconsistent formats, then merging them (ungracefully).