InQuest Newsletter #59

Starting as fans, attendees, trainees, and later evolving to… speakers, trainers, and authors… We've been making the annual hacker pilgrimage to Las Vegas for Black Hat and Defcon for nearly two decades. It's a genuinely exciting time. Reunite with friends and colleagues from all over the world, some you may see only once a year.

If you're curious to hear what we've been up to, schedule some time to chat. Coffee, cocktails, or a sit-down briefing... we look forward to catching up with everyone.

We're proud to announce that we're hosting a gathering this year in conjunction with some of our partners!

InQuest Email Attack Simulation

This month we harvested 903 samples from the wild capable of bypassing either Microsoft or Google. Of those, Microsoft missed 263 (29%), and Google missed 391 (43%). The distribution of misses by file type is depicted below:

Recently, we've incorporated the inclusion of samples sources from over 50 leading industry blogs. If any of these samples are able to reach your inbox (5 samples in July), then the source blog will be referenced in your daily EAS report.

Want to validate the efficacy of your email security stack? InQuire here for a one-month free email attack simulation

InQuest Latest Blog Posts

Top Malware Delivery Tactics to Watch Out for in 2023

Posted on 2023-07-30 by Isabelle Quinn

As we continue through 2023, the landscape of cybersecurity threats continues to evolve, with malware delivery tactics becoming increasingly sophisticated and challenging to detect. Cybersecurity experts predict that cybercriminals will continue to refine their methods and develop new ones to evade traditional security measures. In this blog post, we will explore some of the top malware delivery tactics to be aware of in 2023 and provide insights on how to protect your systems from these evolving threats.

InQuest Labs Research Spotlight

cool-retro-term

cool-retro-term is a terminal emulator which mimics the look and feel of the old cathode tube screens. It has been designed to be eye-candy, customizable, and reasonably lightweight.

No More Secrets

This project provides a command line tool called nms that recreates the famous data decryption effect seen on screen in the 1992 hacker movie Sneakers.

pyrdp

PyRDP is a Python Remote Desktop Protocol (RDP) Monster-in-the-Middle (MITM) tool and library.

Global Security Events

Fruity trojan downloader performs multi-stage infection of Windows computers

Doctor Web has uncovered an attack on Windows users involving a modular downloader trojan dubbed Trojan.Fruity.1. With its help, threat actors can infect computers with different types of malware, depending on the attackers’ goals. To conceal an attack and increase the chances of it being successful, they use a variety of tricks. These include a multi-stage infection process for target systems, using harmless apps for launching components of the trojan, and trying to bypass anti-virus protection.

CISA: New Submarine malware found on hacked Barracuda ESG appliances

CISA says new malware known as Submarine was used to backdoor Barracuda ESG (Email Security Gateway) appliances on federal agencies' networks by exploiting a now-patched zero-day bug. A suspected pro-China hacker group (UNC4841) deployed the backdoor in a series of data-theft attacks detected in May but active since at least October 2022.

Volt Typhoon targets US critical infrastructure with living-off-the-land techniques

Microsoft has uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organizations in the United States. The attack is carried out by Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering.

Useful Links

Support

Social

Twitter

GitHub

InQuest Insider - Your monthly resource for the latest in cyber security news, trends, tips, and tools. Subscribe here.

Unsubscribe here.