Welcome to this week’s edition of the Threat Source newsletter.
I’m covering for Jon this week whilst he takes some well-deserved holiday. What’s on my mind this week? Well, apart from a new horror film that I just read about called “Slotherhouse” where the killer is, um, a sloth (I predict nothing but a masterpiece), there are a couple of things on my mind relating to open-source.
Firstly, on the bad actor side of things, we’re seeing more and more bad guys take advantage of the availability of tools that have been added to public malware sites, such as the infostealer “SaphireStealer” which you can read about below.
When I spoke to Cisco Talos’ Head of Outreach, Nick Biasini, about the biggest trends 2023 so far, he called out how attackers are increasingly using malicious open-source tooling. This has been a large part of the reason we are seeing a continuous fracturing of the ransomware and extortion landscape, as threat actors find what they need online, and then adapt these tools to suit their needs, and in many cases add on anti-detection mechanisms.
Speaking of 2023 trends, I just uploaded a new playlist of 1–2-minute long videos featuring Nick’s thoughts and explanations on some of the biggest threats we’ve seen so far this year - including the evolution of ransomware, the rise in commercial spyware, and supply chain attacks. Check out the playlist. As a preview, here's Nick talking about the evolution of ransomware in 2023:
On the flip side, open-source is of course one of the most important ways in which security defenders can learn, upskill, and share their findings with the ..
Support the originator by clicking the read the rest link below.
