For those of us who value investments and opportunities each day, there is a significant challenge when considering a sizeable procurement. Not surprisingly, it is a considerable source of frustration for our colleagues in IT and security who are trying to justify the cost of purchasing hardware and software to protect our systems, tools, and organizations’ networks.

The problem is that standard calculation to evaluate investments is based on expected cash flow, in the form of revenue earned or expenses avoided: ROI, NPV, and IRR. The total cost of ownership is commonly used for IT investments but is exclusively based on fees by totaling the initial purchase price plus ongoing support. Investments in cybersecurity are challenging to value using these standard methodologies, leaving frustration on all sides of the discussion:

Becuase of these concerns, InQuest has developed an ROI Calculator!

InQuest Email Security Assessment

This month we harvested 658 samples from the wild capable of bypassing either Microsoft or Google. Of those, Microsoft missed 163 (25%), and Google missed 587 (89%). The distribution of misses by file kind is depicted below:

InQuire for a free, personalized email security assessment!

Latest InQuest™ Blog Posts

Analysis of a Remcos RAT Dropper

Posted on 2022-01-24 by Dmitry Melikov

Some time ago, we discovered a large wave of phishing emails with an exciting delivery method. This article will describe this method and show how it works, starting from a malicious document. We will explore the following documents, each with a beautiful visual lure that abuses the names and logos of Chase Bank and Bank of America.

2022-01 AsyncRAT

Posted on 2022-01-26 by Josiah Smith and Nick Chalard

This post is a quick dissection of an interesting malware lure that appears to be part of a campaign targeting Brazilian / Portuguese speaking users. The sample in question is available on InQuest Labs. Glancing at the macro you’ll quickly notice that a number of notepad.exe processes will be launched, additionally, there’s a reference to a malicious domain which we have filtered the below screenshot to: unimed-corporated[.]com.

InQuest™ Labs Research Spotlight

PowerRemoteDesktop

Power Remote Desktop is a fully functional Remote Desktop Application entirely coded in PowerShell.

Suricata Language Server

Suricata Language Server is an implementation of the Language Server Protocol for Suricata signatures.

factual-rules-generator

Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a running operating system.

Global Security Events

Why the Belarus Railways Hack Marks a First for Ransomware

A group of Belarusian politically motivated hackers known as the Belarusian Cyber Partisans announced on Twitter and Telegram that they had breached the computer systems of Belarusian Railways, the country's national train system, as part of a hacktivist effort the attackers call Scorching Heat.

KONNI evolves into stealthier RAT

KONNI is a Remote Administration Tool that has being used for at least 8 years. The North Korean threat actor that is using this piece of malware has being identified under the Kimsuky umbrella. This group has been very busy, attacking political institutions located in Russia and South Korea. The last known attack where KONNI Rat was used was described here.

Taiwanese Apple and Tesla contractor hit by Conti ransomware

Conti Ransomware Claims to Infect 1,500 Servers and 12,000 Computers at Taiwanese Electronics Firm. In its statement, the company said the incident impacted only non-critical systems, which had no significant impact on its operations. AdvIntel "Andariel" platform detected the attack on January 18.

Useful Links

Support

Social

Twitter

GitHub

InQuest™ Insider - Your monthly resource for the latest in cyber security news, trends, tips and tools. Subscribe here.

Unsubscribe here.