HP Wolf Security's latest Threat Insights report is out, and it shows how cybercriminals are using malware kits and GenAI to improve the efficiency of their attacks.
There are plenty of legit uses for generative AI tools, but they're also giving attackers more time to experiment with stealthy techniques to trick users, according to the report. For example, by embedding malicious code inside images on websites to increase the chances of infection.
Key findings from the report include the increasing popularity of malware-by-numbers kits. Separate VIP Keylogger and 0bj3ctivityStealer campaigns are using identical techniques and loaders, which suggests malware kits are being shared across different groups. These campaigns hide the same malicious code in image files on well-known and trusted sites like archive.org.
And generative AI also is helping to create malicious HTML documents. The research identified an incident in which an XWorm attack, initiated by HTML smuggling, used malicious code to download a harmful file – with the loader's detailed line-by-line description suggesting it was crafted using generative AI. There's much more in the full report here.
Now, here's today's MSSP update. Drop me a line at [email protected] if you have news to share or want to say hi!
Today's MSSP Update
1. Orca Security launches Sensor for CDR: Cloud security company Orca Security this week introduced Orca Sensor, a lightweight security solution that integrates runtime visibility and protection with the Orca Cloud Security Platform. This enhancement significantly bolsters Orca’s Cloud Detection and Response (CDR) capabilities, offering real-time visibility, detection, investigation, and prevention optimized for cloud-native architectures and modern DevOps workloads.
2. Cisco AI Defense protects AI deployments in enterprises: Cisco this week launched AI Defense to safeguard AI transformation within enterprises by addressing the risks introduced by the development, deployment, and usage of AI. AI Defense embeds Cisco’s AI and cybersecurity technology into existing network visibility and enforcement points, solving for three key AI security areas: Discovery, Detection and Protection, Cisco said in a statement.
3. Sweet Security launches cloud detection LLM: Cloud runtime detection and response company Sweet Security this week launched its Large Language Model (LLM)-powered cloud detection engine. The engine will significantly enhance Sweet's unified detection and response solution, the firm said, enabling it to reduce cloud detection noise to an unprecedented 0.04%.
4. SentinelOne announces additional Purple AI integrations: SentinelOne's Purple AI security analysis tool can now be used with data from several third-party security offerings, including those from Palo Alto, Zscaler, Microsoft, Okta, Proofpoint and Fortinet. The company also introduced multilingual support for Purple AI, adding natural language queries and summaries in Spanish, French, German, Italian, Dutch, Arabic, Japanese, Korean, Thai, Malay, Indonesian and more in addition to its English-language capabilities.
5. Cytracom acquires Telivy: MSP infrastructure software firm Cytracom has acquired Telivy, a cybersecurity and risk management solutions firm. The acquisition will enhance Cytracom's platform with advanced capabilities in attack surface management (ASM) and data security posture management (DSPM), enabling MSPs to better serve their clients' security and compliance needs. Cytracom's expansion into security and risk management (SRM) via this acquisition complements its established secure access service edge (SASE) and unified communications-as-a-service (UCaaS) solutions.
