Compromise figures of the month
HIGHLIGHT OF THE MONTH
On 31 October, the MITRE Corporation unveiled version 14 of MITRE ATT&CK, once again confirming its role as the benchmark for cybersecurity experts. Since 2013, this framework has provided a common language for analysing threats and developing effective defence strategies across its specialist matrices: Enterprise, Mobile and ICS.
This biannual update, driven by a continuous improvement approach and contributions from the international community, enhances the matrices by incorporating recent lessons learned from malicious campaigns and adjusts defences to meet constantly changing needs.
In version 14, the Enterprise matrix of the MITRE ATT&CK framework focuses its extension on the deepening of detection notes, with a particular emphasis on lateral movement detection. In addition, this update takes into account a wider range of social engineering techniques such as identity theft, financial theft and voice phishing. This broader approach goes beyond strictly technical threats and now incorporates behavioural and psychological threat vectors, marking a further step towards a holistic understanding of cyber security attack and defence strategies.
The ICS section is enriched by more than a dozen assets, reinforcing the common language for better cross-sector communication and wider application of the framework. The Mobile section has been adapted to the specific threats posed by mobile devices, with new phishing categories.
common vulnerabilities and exposures [CVE]
DEFINITION OF THE MONTH
An infostealer, a contraction of “information” and “stealer”, is a variant of malware whose aim is to extract sensitive or personal data from a computer system for malicious purposes. Infostealers share a common goal with phishing or quishing – as seen in last month’s definition – also seeking to recover personal information such as IDs or bank details.
There are 2 main reasons why cybercriminals use infostealers:
- Discretion: infostealers are designed to operate silently, avoiding arousing the suspicions of users or security software. They can operate in the background without disrupting normal computer operations.
- Target diversity: This last point is the most important reason for the popularity of malware. Malware can target a wide range of data, from personal and financial information to business data, depending on the needs of the cybercriminal.
This type of malware is therefore very widespread on the Internet, but as businesses are generally targeted by more complex malware, ordinary users are the main target.
targeted business sectors
ABOUT THE CYBER THREATS BAROMETER
Malware, zero-day vulnerabilities, advanced persistent threats, industries and sectors particularly targeted, weak signals of emerging attacks…It’s no secret that knowledge of one’s adversary is a key factor for the security of an enterprise. The Cyber Threats Barometer gives you a monthly overview of the cyber threats detected in the previous month by Gatewatcher CTI , our Cyber Threat Intelligence platform.
Gatewatcher CTI’s automated collection, analysis and correlation engines are continuously fed by more than three thousand data sources from multiple channels: social networks, specialized sites, dark and deep web. They make threat information available an average of 24 hours in advance of the competition and help operational response teams make better decisions by dramatically reducing their analysis and incident treatment times.