CXO logo

Join us for the Spring 2021 Series. Register Today

Company > Blogs

News and views from the leading voice
in secure digital transformation

Hero Panel Image
Security Research
cover image
Insights and Research
10 Min read

Return of the MINEBRIDGE RAT With New TTPs and Social Engineering Lures

Introduction In Jan 2021, Zscaler ThreatLabZ discovered new instances of the MINEBRIDGE remote-access Trojan (RAT) embedded in macro-based Word document files crafted to look like valid job resumes (CVs). Such lures are often used as social engineering schemes by threat actors. MINEBRIDGE buries itself into the vulnerable remote desktop ...
Distributing malware through chat services
Insights and Research
10 Min read

Discord CDN: A Popular Choice for Hosting Malicious Payloads

Introduction Since the onset of the pandemic, the internet has become a central part of our lives. People of all ages turned online for school and work, to stream videos, to play video games, have virtual get-togethers, shop, talk to their doctor, and engage in any number of other activities. During 2020, research showed a sharp increase in g...
botnet
Insights and Research
5 Min read

Did COVID Cancel Christmas for Cybercriminals?

ThreatLabZ, the security research team at Zscaler, is responsible for monitoring and tracking global cybercrime activity, which typically drops each year around the Russian Orthodox Christmas on January 7th. In most years, activity increases back to normal near the middle to end of January. However, in 2021, cybercrime activity did not exhibit this...
Botnets
Insights and Research
32 Min read

DreamBus Botnet – Technical Analysis

Zscaler’s ThreatLabZ research team recently analyzed a Linux-based malware family that we have dubbed the DreamBus Botnet. The malware is a variant of SystemdMiner, which consists of a series of Executable and Linkable Format (ELF) binaries and Unix shell scripts. Some components of the botnet have been analyzed in the past with the malware dating ...
New obfuscation and evasion techniques used in phishing campaigns
Insights and Research
14 Min read

New Phishing Trends and Evasion Techniques

Zscaler ThreatLabZ researchers recently came across multiple phishing campaigns using novel obfuscation and evasion techniques. In this blog, we will present an analysis of four phishing campaigns and the various obfuscation methods used in each, also describing some of the tools the attackers used to obfuscate their JavaScript code. JavaScript...
RDP Brute Force attack delivers Ransomware and can propagate laterally
Insights and Research
4 Min read

Ransomware Delivered Using RDP Brute-Force Attack

Zscaler ThreatLabZ recently published a report on the 2020 State of Public Cloud Security that showed security misconfiguration to be the leading cause of cyberattacks against public cloud infrastructure. In this blog, we will look at one of the commonly abused security misconfigurations—the RDP service port left open to the internet—and how cyberc...
cyberattack
Insights and Research
5 Min read

The Hitchhiker’s Guide to SolarWinds Incident Response

On December 13, 2020, multiple security vendors in conjunction with CISA disclosed a software supply-chain attack involving the SolarWinds Orion platform. The disclosure detailed the activities of an advanced persistent threat (APT) adversary that was able to gain access to SolarWinds systems to create trojanized updates to the Orion platform betwe...
ThreatLabZ predictions
Insights and Research
5 Min read

Cybersecurity Past, Present, and Future: ThreatLabZ Looks at 2020 and the Year Ahead

Welcome to the end of 2020. The close of every year brings a lot of online activity—especially now, with everyone at home and socially distancing. Unfortunately, even as people stay at home to protect themselves, they are not safe from threat actors—who are busy developing exploits targeted at people working and shopping online. In keeping with...
SolarWinds CyberAttack & FireEye Red Team Tools Coverage
Insights and Research
5 Min read

Zscaler Coverage for SolarWinds Cyberattacks and FireEye Red Team Tools Theft

Update On Dec 13, 2020, FireEye published additional details regarding the breach involving SolarWinds Orion supply chain attack where multiple other organizations were also impacted. FireEye also published countermeasures to detect the campaign at various stages here. Zscaler Coverage Zscaler leveraged the details on the countermeasures p...
lock
Insights and Research
15 Min read

The 2020 State of Cloud (In)Security

Key findings 63% do not use multifactor authentication for cloud access 50% do not rotate access keys periodically 92% do not log access to cloud storage, eliminating the ability to conduct forensic analysis of an incident 26% of workloads expose SSH ports to the internet and 20% expose RDP Public cloud has made possible previousl...

Explore More Topics