The Recon incident response team recently responded to a case of business email compromise. The incident spanned over seven months of potential dwell time, and included the unraveling of encrypted malware hidden in an image file. Our analysis attributed the incident to a threat group known as TA551/Shathak, known for stealing banking credentials.
The Recon incident response team recently worked an intrusion case involving a ManageEngine Desktop Central server that was affected by CVE-2020-10189.
The Recon incident response team recently worked an intrusion case involving a Confluence web application server that was affected by CVE-2019-3396.
In my experience, one of those most prevalent and common threats to today’s enterprise networks comes in the form of malicious email attachments (shocker!). Attackers leverage document types that are most likely accessible to software installed on the victim endpoint, making Microsoft Office a prime target. Yes, in 2016, malicious macros are still a major problem.