InQuest Newsletter #62

Cybersecurity Awareness Month, now in its 20th year, emphasizes user education against evolving cyber threats. The 2023 campaign introduced “Secure Our World,” focusing on strong passwords, multi-factor authentication, phishing awareness, and software updates.

At InQuest, we believe creating a robust Awareness Program reinforces the importance of continuous vigilance and adaptation in the digital world, promoting a year-round, security-first approach for both individuals and organizations.

As cyber threats become more complex, staying informed, vigilant, and proactive is essential for individuals and organizations. Cybersecurity Awareness Month is a reminder of the ongoing journey in cybersecurity, emphasizing the need for continuous effort and adaptation to navigate the digital world safely.

InQuest Email Attack Simulation

This month we harvested 552 samples from the wild capable of bypassing either Microsoft or Google. Of those, Microsoft missed 314 (57%), and Google missed 254 (46%). InQuest, MailTAC for reference, missed only 7 (.01%). The distribution of misses by file type is depicted below:

InQuest EAS includes samples sourced from 50+ industry leading blogs. This month, we sourced 401 samples from these blogs for inclusion in attack simulation.

Want to validate the efficacy of your email security stack? InQuire here for a one-month free email attack simulation

Lab's IOC Lead Time

Every month, we conduct an analysis to ascertain the lead time for our C2 (Command and Control) and TI (Threat Intelligence) compared to public blogs. Over the past 30 days, we've examined a total of 1159 indicators. Our findings reveal 2 instances of C2 victories and 80 successes in Threat Intelligence and Dark Web (TIDB) across 24 distinct sources. This data points to an average lead time of 379 days for these indicators, covering only 7% of the observed IOCs.

Upcoming Events

Webinar | Death by 1,000 File Types: How Files Creep Past Even the Best Security Controls

November 9, 2023

In today’s sophisticated threat landscape, security professionals face a daunting challenge: the endless array of file types attackers exploit to bypass robust security measures. This webinar will delve deep into the core issues surrounding file-based attacks, casting a spotlight not just on our solution-centric approach but the underlying problems that necessitated their creation..

Hacker Hoedown: The Second Dance

November 15, 2023

We’re grabbing our cowboy boots and hats for round two of the Hacker Hoedown. Join your industry colleagues for lightning talks, libations, and BBQ at San Hack (Jac) Saloon on Wednesday, November 15th at 6 pm. Talks will start at 7:30 pm. Open bar through midnight and BBQ while available

Join Us!

InQuest Latest Blog Posts

InQuest Celebrates 10-year Anniversary Preventing File-borne Attacks

Posted on 2023-10-18 by InQuest

It’s been ten years since InQuest opened it’s virtual doors back in 2013. Built for the most targeted computing environment on the planet, the Pentagon, our mission has been to empower private and public sectors to identify, detect, and prevent advanced malware, ransomware, phishing, scam and fraud attacks, breaches, and data loss incidents.

Las Vegas Casinos Under Siege: The Urgent Need for Advanced Ransomware Protection

Posted on 2023-10-05 by Katie Brown

In recent times, the world has witnessed an unprecedented surge in cyberattacks targeting high-profile corporations and institutions. Sadly, Las Vegas, the world’s gaming and entertainment capital, has not been immune to this disturbing trend. MGM Resorts and Caesars Entertainment, iconic names in the casino industry, have recently faced ruthless cyber onslaughts, exposing the vulnerability of even the most formidable entities in the sector.

InQuest Labs Research Spotlight

ZipPy

This is a research repo for fast AI detection using compression. While there are a number of existing LLM detection systems, they all use a large model trained on either an LLM or its training data to calculate the probability of each word given the preceeding, then calculating a score where the more high-probability tokens are more likely to be AI-originated..

GCR - Google Calendar RAT

Google Calendar RAT is a PoC of Command&Control (C2) over Google Calendar Events, This tool has been developed for those circumstances where it is difficult to create an entire red teaming infrastructure. To use GRC, only a Gmail account is required.

PsMapExec

A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec. PsMapExec is used as a post-exploitation tool to assess and compromise an Active Directory environment.

Global Security Events

SEC Charges SolarWinds and Chief Information Security Officer with Fraud, Internal Control Failures

The Securities and Exchange Commission announced charges against Austin, Texas-based software company SolarWinds Corporation and its chief information security officer, Timothy G. Brown, for fraud and internal control failures relating to allegedly known cybersecurity risks and vulnerabilities.

Malvertising via Dynamic Search Ads delivers malware bonanza

Most, if not all malvertising incidents result from a threat actor either injecting code within an existing ad, or intentionally creating one. Today, we look at a different scenario where, as strange as that may sound, malvertising was entirely accidental. The reason this happened was due to the combination of two separate factors: a compromised website and Google Dynamic Search Ads.

BeyondTrust Discovers Breach of Okta Support Unit

On October 2nd, 2023, the BeyondTrust security teams detected an identity-centric attack on an in-house Okta administrator account. The incident was the result of Okta’s support system being compromised which allowed an attacker to access sensitive files uploaded by their customers.

Useful Links

Support

Social

X.com

GitHub

InQuest Insider - Your monthly resource for the latest in cyber security news, trends, tips, and tools. Subscribe here.

Unsubscribe here.