Recently acquired by OPSWAT, InQuest is excited to reintroduce InQuest InSights as MetaDefender InSights! MetaDefender InSights is a comprehensive threat intelligence feed, designed to proactively safeguard against evolving cyber threats. This feed aggregates and analyzes billions of file samples and Indicators of Compromise (IOCs) from an extensive network of third-party sources, customer environments, and OPSWAT's internal research, offering unique visibility into the attack chain and early warning detection of emerging threats. MetaDefender InSights delivers real-time notifications, supports automated threat prevention, and enhances threat hunting efforts, helping security teams stay one step ahead in the face of sophisticated cyber campaigns.

Learn more about MetaDefender InSights.

InQuest Email Attack Simulation

This month we harvested 358 samples from the wild capable of bypassing either Microsoft or Google. Of those, Microsoft missed 182 (51%), and Google missed 148 (41%). InQuest, MailTAC for reference, missed 0 (0%)!!! The distribution of misses by file type is depicted below:

InQuest EAS includes samples sourced from 50+ industry leading blogs. This month, we sourced 513 samples from these blogs for inclusion in attack simulation.

Want to validate the efficacy of your email security stack? InQuire here for a one-month free email attack simulation.

InQuest Latest Blog Posts

What is Detection Engineering?

Posted on 2024-12-05 by Darren Spruell

Detection engineering is a field of cybersecurity focused on designing, implementing, and maintaining detection methods to identify potential security threats within an organization's environment. It goes beyond simply setting up alerts and involves a strategic approach to understanding threat behaviors, identifying IOCs (indicators of compromise), and developing detection logic that accurately identifies malicious activity without generating excessive false positives. Detection engineering is essential for enhancing an organization's threat detection capabilities and improving its overall security posture.

InQuest Labs Research Spotlight

komorebi

Tiling Window Management for Windows.

convoC2

Command and Control infrastructure that allows Red Teamers to execute system commands on compromised hosts through Microsoft Teams.

zizmor

zizmor is a static analysis tool for GitHub Actions. It can find many common security issues in typical GitHub Actions CI/CD setups.

Global Security Events

Threat Assessment: Howling Scorpius (Akira Ransomware)

Emerging in early 2023, the Howling Scorpius ransomware group is the entity behind the Akira ransomware-as-a-service (RaaS), which has consistently ranked in recent months among the top five most active ransomware groups. Its double extortion strategy significantly amplifies the threat it poses. Unit 42 researchers have been monitoring the Howling Scorpius ransomware group over the past year.

Earth Koshchei Coopts Red Team Tools in Complex RDP Attacks

In October 2024, an APT group that Trend Micro tracks as Earth Koshchei (also known as APT29 and Midnight Blizzard), likely used a rogue remote desktop protocol (RDP) attack methodology against numerous targets. This methodology was described earlier in 2022 by Black Hills Information Security in detail. The attack technique is called “rogue RDP”, which involves an RDP relay, a rogue RDP server, and a malicious RDP configuration file. A victim of this technique would give partial control of their machine to the attacker, potentially leading to data leakage and malware installation.

Chinese APT Exploits BeyondTrust API Key to Access U.S. Treasury Systems and Documents

The United States Treasury Department said it suffered a "major cybersecurity incident" that allowed suspected Chinese threat actors to remotely access some computers and unclassified documents. "On December 8, 2024, Treasury was notified by a third-party software service provider, BeyondTrust, that a threat actor had gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users," the department said in a letter informing the Senate Committee on Banking, Housing, and Urban Affairs.

Useful Links

Support

Social

X.com

GitHub

InQuest Insider - Your monthly resource for the latest in cyber security news, trends, tips, and tools. Subscribe here.

Unsubscribe here.