Cyber resilience is dependent not only on the strength of an organization’s own planning and defenses, but also that of its partners. Attackers increasingly are capitalizing on risks that come from supply chains. If a given target for a group of attackers proves to be difficult to infiltrate, they may look to other companies and organizations connected to the target. Supply chain attacks vary in sophistication and execution. They can range from compromising email accounts at partner companies to stealing code-signing certificates to infiltrating continuous integration and continuous delivery (CI/CD) software development pipelines. Organizations can vet their partners using questionnaires and surveys, but the security of a partner from day to day can be largely unknown. However, there are sources of cyber threat intelligence (CTI) that can provide advance warning of cybercriminals targeting partners and allow crucial time to make a risk evaluation. The following white paper explores a few of the most notable supply chain attacks and discusses how CTI can be operationalized to reduce risk — from monitoring malware indicators to exposed credentials to software vulnerabilities.
Intel 471 discovered a new Android trojan, FvncBot, that masquerades as a security application for mBank, a major Polish bank. Our Malware Intelligence team analyzed its code, which is new and not based on other leaked malware code.
Malware distribution campaigns that trick people into copying and pasting malicious commands, known as ClickFix, have been wildly successful. Here's an examination of ClickFix and how to defend against it.
Payment card "checkers" are used by criminal hackers to check the validity of stolen payment card details. Here's how this in-demand underground service works.
Stay informed with our weekly executive update, sending you the latest news and timely data on the threats, risks, and regulations affecting your organization.