Threat Hunting//
Threat Hunting Case Study: FileFix
FileFix bypasses Mark of the Web (MotW) protections by hijacking the Windows File Explorer address bar. Here is how to hunt for it.
Cyber resilience is dependent not only on the strength of an organization’s own planning and defenses, but also that of its partners. Attackers increasingly are capitalizing on risks that come from supply chains. If a given target for a group of attackers proves to be difficult to infiltrate, they may look to other companies and organizations connected to the target. Supply chain attacks vary in sophistication and execution. They can range from compromising email accounts at partner companies to stealing code-signing certificates to infiltrating continuous integration and continuous delivery (CI/CD) software development pipelines. Organizations can vet their partners using questionnaires and surveys, but the security of a partner from day to day can be largely unknown. However, there are sources of cyber threat intelligence (CTI) that can provide advance warning of cybercriminals targeting partners and allow crucial time to make a risk evaluation. The following white paper explores a few of the most notable supply chain attacks and discusses how CTI can be operationalized to reduce risk — from monitoring malware indicators to exposed credentials to software vulnerabilities.
