Attackers can hide a threat in nearly any part of a file, from content to metadata. You need a security solution designed to uncover threats, no matter where they hide. FileTAC, powered by our Deep File Inspection® (DFI) technology, is that solution.

Many security solutions are dependent on receiving constant updates and rely on broader public dissemination before they are capable of identifying emerging threats. FileTAC leverages machine learning and advanced analytical algorithms to empower you to hunt for publicly unknown threats, keeping you ahead of the curve.

Dig deeper, learn more, and give your SOC team the tools they need to go on the offensive. Our Deep File Inspection® technology will give your team everything they need to stop file-borne threats in their tracks.

InQuest Email Attack Simulation
This month we harvested 552 samples from the wild capable of bypassing either Microsoft or Google. Of those, Microsoft missed 91 (16%), and Google missed 137 (25%). InQuest, MailTAC for reference, missed only 6 (.01%). The distribution of misses by file type is depicted below:
InQuest EAS includes samples sourced from 50+ industry leading blogs. This month, we sourced 407 samples from these blogs for inclusion in attack simulation.
Want to validate the efficacy of your email security stack? InQuire here for a one-month free email attack simulation
Lab's IOC Lead Time
Every month, we conduct an analysis to ascertain the lead time for our C2 (Command and Control) and TI (Threat Intelligence) compared to public blogs. Over the past 30 days, we've examined a total of 1568 indicators. Our findings reveal 1 instance of C2 victories and 209 successes in Threat Intelligence and Dark Web (TIDB) across 24 distinct sources. This data points to an average lead time of 234 days for these indicators, covering only 13% of the observed IOCs.
InQuest Latest Blog Posts

Navigating the Evolving Landscape of File-Based Cyber Threats

Posted on 2023-11-20 by Katie Brown

One of the most significant trends in the realm of file-based attacks is the use of email as a primary delivery mechanism. Attackers are increasingly leveraging emails to deploy their malicious payloads, capitalizing on the ubiquity and essential nature of email communications in the business world.

Read more

Less is Not More: Sharing Better Indicators

Posted on 2023-11-21 by Darren Spruell

Discover how to increase the effectiveness of threat information sharing by standardizing enriched indicators and review available tooling that can help with this endeavor.

Watch here
InQuest Labs Research Spotlight

Nemesis

Nemesis is an offensive data enrichment pipeline and operator support system. Built on Kubernetes with scale in mind, our goal with Nemesis was to create a centralized data processing platform that ingests data produced during offensive security assessments.

Read more

AVClass

AVClass is a Python package and command line tool to tag / label malware samples. You input the AV labels for a large number of malware samples (e.g., VirusTotal JSON reports) and it outputs a list of tags extracted from the AV labels of each sample.

Read more

Self-Operating Computer

A framework to enable multimodal models to operate a computer. Using the same inputs and outputs of a human operator, the model views the screen and decides on a series of mouse and keyboard actions to reach an objective.

Read more
Global Security Events

MALWARE SPOTLIGHT - INTO THE TRASH: ANALYZING LITTERDRIFTER

Gamaredon, also known as Primitive Bear, ACTINIUM, and Shuckworm, is a unique player in the Russian espionage ecosystem that targets a wide variety of almost exclusively Ukrainian entities. While researchers often struggle to uncover evidence of Russian espionage activities, Gamaredon is notably conspicuous. The group behind it conducts large-scale campaigns while still primarily focusing on regional targets.

Read more

US seizes Sinbad crypto mixer used by North Korean Lazarus hackers

The U.S. Department of the Treasury has sanctioned the Sinbad cryptocurrency mixing service for its use as a money-laundering tool by the North Korean Lazarus hacking group. A cryptocurrency mixer is a server that allows people to deposit crypto, which is mixed among many different wallet addresses to help prevent it from being accurately traced.

Read more

Exploitation of Unitronics PLCs used in Water and Wastewater Systems

CISA is responding to active exploitation of Unitronics programmable logic controllers (PLCs) used in the Water and Wastewater Systems (WWS) Sector. Cyber threat actors are targeting PLCs associated with WWS facilities, including an identified Unitronics PLC, at a U.S. water facility. In response, the affected municipality’s water authority immediately took the system offline and switched to manual operations—there is no known risk to the municipality’s drinking water or water supply.

Read more
InQuest Insider - Your monthly resource for the latest in cyber security news, trends, tips, and tools. Subscribe here.
Copyright © InQuest 2023






This email was sent to *|EMAIL|*
why did I get this?    unsubscribe from this list    update subscription preferences
*|LIST:ADDRESSLINE|*