Cyber threats
Barometer

Following the success of Operation Endgame carried out in May 2024, EuroPol and its judicial counterpart EuroJust launched a follow-up to this large-scale operation, aptly named “Endgame 2.0.”
Like the first version, this operation targeted the infrastructure and operators of Malware-as-a-Service (MaaS) used in the initial compromises. The aim was to deprive the threat actors of their point of entry, thereby preventing the rest of the kill chain from unfolding. It was also a way of demonstrating the responsiveness of the police services in the face of this threat.
The targets were those that appeared following the first phase of the operation, including new variants and new groups. These included Bumblebee and Trickbot, which were already present, as well as Qakbot, Lactrodectus, and Warmcookie.

In total, over the three days of operations from May 19 to 22, the operation resulted in 300 servers being shut down worldwide, 650 domains neutralized, 20 arrest warrants issued, and €3.5 million in cryptocurrency seized.In its press release, EuroPol points out that these actions were made possible thanks to the joint efforts of police forces in several countries (Canada, Denmark, France, Germany, the Netherlands, the United Kingdom, and the United States) and that the operation is still ongoing. The coming months could therefore see further developments.

As is often the case in cybersecurity, the concept of Kill Chain, used to describe the structure of an attack, has its origins in the military. In 2011, the concept was adapted to cybersecurity, where it is also referred to as cyber kill chain. The aim of this breakdown is to enable defense and control measures to be put in place at each stage of the attack in order to contain it and prevent further action. It also makes it possible to determine the chronology of an attack.

In the initial version, proposed by Lockheed Martin, the modus operandi of cyberattacks was divided into seven distinct phases: reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on the target.Since then, several other versions have been published. The best known is probably the one on which the MITRE ATT&CK framework is based, which includes twice as many categories, including privilege escalation and lateral movement, providing a more granular view that is better suited to the growing complexity of attacks.

Malware, critical vulnerabilities, advanced persistent threats, industries particularly targeted, weak signals of emerging attacks…It’s no secret that knowledge of one’s adversary is a key factor for the security of an enterprise. The Cyber Threats Barometer gives you a monthly overview of the cyber threats detected by Gatewatcher CTI, our Cyber Threat Intelligence platform.

Gatewatcher CTI’s automated collection, analysis and correlation engines are continuously fed by more than 4000 data sources from multiple channels: social networks, specialized sites, dark and deep web. They make threat information available an average of 24 hours in advance of the competition and help operational response teams make better decisions by dramatically reducing their analysis and incident treatment times.