A recent Digital Forensics and Incident Response (DFIR) report has uncovered various sophisticated tools threat actors employ to bypass major security defenses.
These tools have been found to effectively circumvent protections offered by popular antivirus programs such as Windows Defender and Malwarebytes.
The report highlights the alarming capability of these tools to delete backups and disable critical systems, posing a significant threat to cybersecurityinfrastructure.
Tools and Techniques Unveiled
Among the tools identified in the report are Ngrok, which is used for proxy services, and SystemBC, a tool known for its stealth and persistence. Additionally, two well-known command-and-control frameworks, Sliver and PoshC2, were discovered to be part of the threat actor’s arsenal.
These frameworks are notorious for their ability to facilitate remote access and control over compromised systems, making them a preferred choice for cybercriminals.
The Broadcom report also detailed the discovery of an open directory containing various batch scripts. These scripts, designed to target both Windows and Linux systems, are utilized at different stages of an attack.
They are instrumental in disabling security measures, stopping critical services, and establishing command and control channels, enabling attackers to maintain their foothold within compromised networks.
The most recent activity involving these tools was detected in August 2024, underscoring the ongoing and evolving nature of cyber threats. The ability to bypass antivirus defenses and delete backups represents a significant escalation in cybercriminals’ tactics.
Organizations are urged to bolster their cybersecurity measures, ensuring they have robust backup solutions and advanced threat detection systems.
As the cybersecurity landscape evolves, staying informed and proactive is crucial. This report’s findings serve as a stark reminder of the importance of vigilance and preparedness in the face of increasingly sophisticated cyber threats.
