The Best of the Securonix Blog

It has been a busy year for the team working on the Securonix blog. We covered threats, product news, emerging trends and much more. Here is a selection of reader favorites and editor’s picks from the many posts we have published this year.

The research team at Securonix Threat Labs reported on several threat advisories. We’ve selected the top three to highlight. SEO#LURKER is a campaign that uses fake search results and fake Google ads to lure victims into installing malware when they search for safe applications like WinSCP, a popular SSH/SCP connection platform that has a large user base, to download. The attackers use Google’s Dynamic Search Ads (DSAs) to display malicious ads that redirect users to a compromised WordPress website, which then leads them to a phishing site controlled by the attackers.

The STARK#VORTEX cyberattack campaign targets Ukrainian military personnel by using drone-related documents as lure files to deliver malware. The campaign is attributed to a threat group known as UAC-0154, which is believed to be linked to North Korea. The campaign uses various techniques to evade detection, such as obfuscation, encryption, and domain generation algorithms.

DB#JAMMER is a campaign by threat actors who are targeting exposed Microsoft SQL (MSSQL) servers with brute-force attacks to deliver ransomware and other malicious payloads. The attackers use a variety of tools and techniques to compromise the servers and gain persistence. Some of these tools include enumeration software, RAT payloads, exploitation and credential-stealing software, and finally ransomware payloads.

Insider threats emerged as a concern as work environments shifted from remote, work-from-home locations to hybrid models. Coupled with global events and financial market changes, the risks associated with insider threats rose significantly. “The Human Element of Insider Threats” explores the three key drivers of accidental insider threats and how organizations can prepare for them.

The Securonix 2023 Threat Report details the year’s most impactful trends, threats, and vulnerabilities. The report also identifies frequently observed indicators of compromise (IoCs) and tactics, techniques, and procedures (TTPs), along with the top data sources where these activities were detected. The Threat Report covers threats during the last year, including phishing attacks that leverage corporate tools like Microsoft OneNote that continue to lead as a primary threat vector with a 62% increase over the past year.

Customer favorites this year included posts covering new enhancements to the Securonix platform. Early this year we announced our new product, Securonix Unified Defense SIEM, aligned with our vision for the future of threat detection, investigation and response (TDIR).

Access to timely and easy-to-implement threat content was another clear favorite for our readers. When it comes to threat detection, investigation, and response updated content is critical to keep pace with new TTPs. We launched dark mode, one of the most frequently requested features which helps analysts choose the mode most suited to their work environment and preferences.

SIEM is one of the oldest tools in the cybersecurity arsenal, having passed through multiple generations and with a long evolutionary history. Security incident and event management offers a broad range of use cases, from simple compliance reporting to advanced threat detection and threat hunting. Some technology providers are pushing for the adoption of SIEM alternatives as a response to the limitations of legacy SIEMs. The recent acquisition of Splunk by Cisco may offer a different perspective and while, some of those SIEM alternatives claims may seem reasonable, most of them are good examples of logical fallacies.

We could go on! We hope you enjoyed this brief list of all the Securonix blog has to offer. Check out the blog for timely, thought-provoking, and informative content.