Research
-
ResearchAndroid Malware on the Rise – A case study of AhMyth RAT
June 21, 2023The malicious application is based on the open-source Android RAT called AhMyth. The following commands are implemented: taking pictures, exfiltrating phone call logs and phone contacts, stealing files and SMS messages from the phone, tracking the device’s location, recording audio, and sending SMS messages. The network communication with the C2 server is done by switching from HTTP to WebSocket via the Socket.IO library.
More DetailsVlad Pasca
-
ResearchClose Encounters in the Public Sector
May 25, 2023SecurityScorecard and the Cyentia Institute recently teamed up to analyze data collected on over 230,000 organizations for clues about the underlying conditions exacerbating third- and fourth-party risk. We measured the extent of digital supply chains, investigated the prevalence of security incidents among third- and fourth-party vendors, and explored the effects of that exposure to gain insights on better managing risk. This document summarizes key findings from that research using a subset of the data focusing on 7,347 public sector organizations.
More DetailsPublic Sector -
ResearchClose Encounters in the Finance Sector
May 25, 2023It’s often said that cyber defenses are only as strong as the weakest link, which applies equally to individual organizations and their supply chains. Headlines of breaches stemming from third (and fourth) parties routinely testify to the truth behind the adage. As a result, most finance firms know the risks imposed by these “close encounters” with third and fourth parties. But what can be done about those risks? SecurityScorecard and the Cyentia Institute recently teamed up to analyze data collected on over 230,000 organizations for clues about the underlying conditions exacerbating third- and fourth-party risk. We measured the extent of digital supply chains, investigated the prevalence of security incidents among third- and fourthparty vendors, and explored the effects of that exposure to gain insights on better managing risk.
More Details -
ResearchA Deep Dive Into Medusa Ransomware
May 22, 2023Medusa ransomware appeared in June 2021, and it became more active this year by launchingthe “Medusa Blog” containing data leaked from victims that didn’t pay the ransom. The malwarestops a list of services and processes decrypted at runtime and deletes the Volume ShadowCopies.
More DetailsVlad Pasca
-
ResearchHow To Analyze Java Malware – A Case Study Of Strrat
May 3, 2023STRRAT is a Java-based malware that executes multiple commands transmitted by the C2 server. The JAR file was obfuscated using the Allatori obfuscator. It establishes persistence on the host by copying to the Startup folder and creating a scheduled task and a Run registry entry.
More Details -
ResearchManaging Third-Party Risk In The Era Of Zero Trust
March 22, 2023Given such a large expansion of attack surface, it is no surprise that 91%of respondents had experienced a security incident during the past 12months that tied back to one of those third parties. That ubiquitous threat is likely why respondents by and large expressed some level of concern with experiencing another breach or falling out of compliance due to a partner vulnerable to attacks
More DetailsAttack Surface Management, Cyber Threat Intelligence, Supply Chain Cyber Risk -
ResearchReduce Cyber Risk with the Predictive Power of Security Ratings
March 21, 2023The Marsh McLennan Global Cyber Risk Analytics Center and SecurityScorecard have come together to study how cybersecurity ratings correlate with reduced cyber insurance risk.
More DetailsCyber Insurance
