Threat Intelligence Report Date: September 4, 2024 Prepared by: David Brunsdon, Threat Intelligence - Security Engineer, HYAS Malware, short for malicious software, refers to any software designed to harm, exploit or otherwise compromise the functionality and security of computers, networks and devices. Common types of malware include viruses, Trojans, ransomware, ... Read More

Threat Intelligence Report Date: August 28, 2024 Prepared by: David Brunsdon, Threat Intelligence - Security Engineer, HYAS As the US election approaches, the surge in political activity and heightened public interest make it an attractive target for cybercriminals. In each election cycle, billions of dollars are donated to support various ... Read More

Threat Intelligence Report Date: August 19, 2024 Prepared by: David Brunsdon, Threat Intelligence - Security Engineer, HYAS This year, the HYAS Threat Intelligence team has been tracking the use of the Steam gaming platform by threat actors to host command and control (C2) domain addresses, leveraging Steam user accounts to ... Read More

Threat Intelligence Report Date: August 12, 2024 Prepared by: David Brunsdon, Threat Intelligence - Security Engineer, HYAS Threat Actors Exploiting Legitimate Services to Disguise TrafficRecently, the HYAS Threat Intelligence team has noticed an increase in malware communicating with subdomains under the ply.gg domain. The domain is a part of Playit.gg’s ... Read More

Threat Intelligence Report Date: August 6, 2024 Prepared by: David Brunsdon, Threat Intelligence - Security Engineer, HYAS Dynamic DNS (DDNS) is a service that automatically updates the Domain Name System (DNS) in real-time to reflect changes in the IP addresses of a domain. Unlike traditional static DNS, where the IP ... Read More

Weekly Threat Intelligence Report Date: July 15, 2024 Prepared by: David Brunsdon, Threat Intelligence - Security Engineer, HYAS StealC seems like an appropriate name for stealer malware written in C. It’s been available for less than two years as a Malware-as-a-Service product, and is a regular occurrence in HYAS malware ... Read More

Weekly Threat Intelligence Report Date: June 28, 2024 Prepared by: David Brunsdon, Threat Intelligence - Security Engineer, HYAS Recently a Chinese company named Funnull purchased the domain (polyfill.io) and github of an open source javascript library used in over 100,000 websites. https://sansec.io/research/polyfill-supply-chain-attack Polyfill allows website creators to maintain support for ... Read More

Weekly Threat Intelligence Report Date: June 24, 2024 Prepared by: David Brunsdon, Threat Intelligence - Security Engineer, HYAS Malware developers will use all sorts of techniques to obfuscate their C2 location and keep security analysts from being able to understand the operation of their malware. One common technique is to ... Read More

The financial sector is a prime target for cyber attacks. Financial organizations and their customers and clients feel the fallout of major ransomware and phishing campaigns more than ever, and there’s often more at stake. Finance needs a new approach to deal with the ongoing rise in cybercrime. The right ... Read More

Identifying and Mitigating Complex Malware Campaigns with ASNs This week, I spent a good deal of time going down some rabbit holes - all of which were fascinating. However, this is an example where some of the work we do we would like to share but aren't always able. In ... Read More