In just a matter of months during the COVID-19 pandemic, the percentage of employees working remotely jumped alarmingly from 20% to 71%. The World Health Organization (WHO) declared COVID-19 a pandemic in March 2020, and in response enterprises quickly scaled their cloud spend in the third quarter of that same year. Remote work surged, and organizations accelerated their cloud migration plans. Needless to say, Q3 of 2020 saw a massive influx of companies moving to the cloud.   So what does a seismic, unexpected shift to cloud services mean for security?   Our elite cloud threat resea ..read more

Attacks by the Nigeria-based SilverTerrier cybercrime gang surged in 2018 as the group increasingly focused on high-tech firms and wholesalers, according to a new analysis from the Palo Alto Networks Unit 42 threat research group. The report, “SilverTerrier – 2018 Nigerian Business Email Compromise,” shows how these cyber fraud schemes helped contribute to $1.29 billion that the FBI estimates was lost last year to Business Email Compromise schemes. Unit 42 has closely followed SilverTerrier since the threat research group was set up in 2014, analyzing some 1.1 million attacks to document how N ..read more

Palo Alto Networks Unit 42 threat research team has determined that the OilRig hacking group’s activities are more widespread than previously understood, compromising at least 97 organizations in 27 countries, including China. The conclusions were determined from an analysis of attack tools, scripts and other data believed to belong to OilRig, which were posted on the internet in March. That review found that the group had obtained nearly 13,000 stolen credentials as it targeted 18 industries - including government, technology, telecommunications and transportation. The data was posted in Marc ..read more

Palo Alto Networks has discovered that the threat actor behind the BabyShark malware family has expanded its operations beyond conducting espionage to also targeting the cryptocurrency industry. The company’s threat research team, Unit 42, discovered decoy documents related to xCryptoCrash, an online gambling game, that show the attackers are now also targeting the cryptocurrency industry. Unit 42 analyzed samples found on an attacker-controlled server, including the initial malware used to launch the attacks as well as two other files, KimJongRAT and PCRat, which BabyShark installs on victim ..read more

Palo Alto Networks and GoDaddy recently collaborated to take down some 15,000 subdomains promoting weight-loss products and other goods promising miraculous results. The websites sought to persuade millions of consumers into buying products backed by bogus endorsements purporting to be from celebrities including Stephen Hawking, Jennifer Lopez and Gwen Stefani. The compromised sites were uncovered in an investigation by Palo Alto Networks Unit 42 researcher Jeff White, who examined a massive campaign in which affiliate marketers used spam to push victims to sites where they were sometimes tric ..read more

DNS is a critical foundation of the Internet. There would be no way to get to websites without it, except by entering numerical IP addresses. Like so much on the internet, the power that makes DNS beneficial for everyone can be abused by a few for the detriment of many. Unit 42 researchers have released a report showing how attackers can abuse DNS to hide their tracks when they infiltrate networks and steal data using a technique known as “DNS Tunneling.” This research can help organizations understand DNS-based threats and the risks they pose to their environment. For more details, please see ..read more

Attacks by the Nigeria-based SilverTerrier cybercrime gang surged in 2018 as the group increasingly focused on high-tech firms and wholesalers, according to a new analysis from the Palo Alto Networks Unit 42 threat research group. The report, “SilverTerrier – 2018 Nigerian Business Email Compromise,” shows how these cyber fraud schemes helped contribute to $1.29 billion that the FBI estimates was lost last year to Business Email Compromise schemes. Unit 42 has closely followed SilverTerrier since the threat research group was set up in 2014, analyzing some 1.1 million attacks to document how N ..read more

Palo Alto Networks Unit 42 threat research team has determined that the OilRig hacking group’s activities are more widespread than previously understood, compromising at least 97 organizations in 27 countries, including China. The conclusions were determined from an analysis of attack tools, scripts and other data believed to belong to OilRig, which were posted on the internet in March. That review found that the group had obtained nearly 13,000 stolen credentials as it targeted 18 industries – including government, technology, telecommunications and transportation. The data was posted in Marc ..read more

Palo Alto Networks has discovered that the threat actor behind the BabyShark malware family has expanded its operations beyond conducting espionage to also targeting the cryptocurrency industry. The company’s threat research team, Unit 42, discovered decoy documents related to xCryptoCrash, an online gambling game, that show the attackers are now also targeting the cryptocurrency industry. Unit 42 analyzed samples found on an attacker-controlled server, including the initial malware used to launch the attacks as well as two other files, KimJongRAT and PCRat, which BabyShark installs on victim ..read more

Palo Alto Networks and GoDaddy recently collaborated to take down some 15,000 subdomains promoting weight-loss products and other goods promising miraculous results. The websites sought to persuade millions of consumers into buying products backed by bogus endorsements purporting to be from celebrities including Stephen Hawking, Jennifer Lopez and Gwen Stefani. The compromised sites were uncovered in an investigation by Palo Alto Networks Unit 42 researcher Jeff White, who examined a massive campaign in which affiliate marketers used spam to push victims to sites where they were sometimes tric ..read more