FlagThis

Bitsight, a cybersecurity risk management solutions provider, has acquired Cybersixgill, a threat intelligence firm, for $115 million. This acquisition is a significant move for Bitsight, as Cybersixgill specializes in gathering threat intelligence data from the dark web, which is a valuable asset for companies looking to protect themselves from cyberattacks. This acquisition allows Bitsight to offer a more comprehensive suite of cybersecurity solutions to its customers, combining its own risk management capabilities with Cybersixgill’s threat intelligence expertise.

Obstracts is an open-source tool designed to extract threat intelligence from blog posts and other sources. It uses various techniques, including pattern matching and AI-based analysis, to identify and categorize indicators of compromise (IoCs) and tactics, techniques, and procedures (TTPs). Obstracts provides a valuable resource for security teams by automating the process of extracting relevant information from blog posts, saving analysts time and effort. The tool also supports contextual relationships between extracted data, enabling a more comprehensive understanding of threats. Obstracts is available on GitHub, allowing security professionals to use, modify, and contribute to its development. This open-source nature encourages collaboration and fosters a continuous improvement of threat intelligence capabilities.

Sophos has identified a five-year campaign, dubbed “Pacific Rim”, by Chinese threat actors targeting network appliances, particularly Sophos firewalls. These attackers, including APT31, APT41/Winnti, and a third group, have employed a variety of tactics, including botnets, zero-days, custom malware, firmware backdoors, and UEFI implants, in attempts to compromise these devices. The UEFI implants, while not entirely new, are particularly concerning as they provide attackers with a persistent foothold on the firewall, potentially enabling them to gain control over the entire network. This campaign highlights the vulnerability of network appliances and the increasing sophistication of threat actors. Attackers are exploiting vulnerabilities, utilizing zero-day exploits, and implementing backdoors to gain access to sensitive data and gain a foothold in targeted organizations.

APT41, a sophisticated threat actor, has been observed maintaining a persistent presence on gambling company networks for nine months. This group utilizes custom tools and techniques, including phantom DLL hijacking and WMIC JavaScript loading, to achieve their objectives. These tactics have been particularly effective in evading detection and establishing long-term access. The group’s continued focus on the gambling industry underscores the sector’s vulnerability to advanced cyber threats, demanding enhanced security measures and vigilance to counter these sophisticated attacks.

Check Point Research has uncovered a significant increase in global cyberattacks, reporting a 75% surge in the third quarter of 2024 compared to the same period in the previous year. This alarming trend highlights the escalating threat landscape and the growing sophistication of cybercriminals. The research indicates that the Education/Research sector has been the most targeted, while Africa has experienced the highest attack rates geographically. Ransomware incidents remain prevalent, with North America accounting for a substantial 57% of these attacks. The Manufacturing and Healthcare sectors have been particularly vulnerable to ransomware attacks.

APT41, a sophisticated threat actor, has been observed targeting the gambling industry with custom tools and achieving prolonged persistence, spanning nine months. Their tactics involve phantom DLL hijacking and WMIC JavaScript loading, allowing for stealthy operations and extended presence within victim networks. This activity highlights the growing interest of advanced threat actors in the gambling sector, demanding enhanced security measures to counter such persistent threats.