As we head into the final furlong of 2024, we caught up with Talos’ Head of Outreach Nick Biasini to ask him what sort of year it’s been so far in the threat landscape.
In this video, Nick outlines his two major areas of concern. He also focusses on one state-sponsored actor that has been particularly active this year (Clue: It rhymes with “Bolt Teaspoon”), and we talk about why the infostealer market has gone through a maturing phase, and why that’s an issue for defenders.
After you’ve watched the video, I’ve highlighted some of our threat spotlight blogs from the year so far below, which may be worth a revisit.
2024 in threat research:
Jan. 18: Exploring malicious Windows drivers
Drivers have long been of interest to threat actors, whether they are exploiting vulnerable drivers or creating malicious ones. Malicious drivers are difficult to detect and successfully leveraging one can give an attacker full access to a system. Part 1 of our Driver series served as a starting point for learning about malicious drivers while part 2, released in June, covered the I/O system, IRPs, stack locations, IOCTLs and more.
Feb. 8: New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization
Talos discovered a new, stealthy espionage campaign that likely persisted since at least March 2021. The observed activity affects an Islamic non-profit organization using backdoors for a previously unreported malware family we have named “Zardoor.”
Feb. 15: TinyTurla Next Generation — Turla APT spies on Polish NGOs
This backdoor we called “TinyTurla-NG” (TTNG) was similar to Turla’s previously ..
Support the originator by clicking the read the rest link below.