Botnets kept coming back from the dead, ransomware actors found new ways to make money through data theft extortion and threat actors and malware who have been around for more than a decade find ways to stay relevant.
After Microsoft blocked macros by default in Office documents, attackers needed to find a new file format for their lure documents that could execute malware or malicious code without users noticing.
In other botnet news, the infamous Emotet malware came back online after a relatively quiet period, this time deploying malicious Microsoft Word documents as lures.
Its newest efforts involved infection chains that Talos had not observed the operators using before.
At the time, Talos believed the actor behind this botnet was located in Brazil.
Talos' Vulnerability Research team disclosed dozens of vulnerabilities that affect several small and home office routers.
Talos released several new Snort rules to detect the Rhysida ransomware and details on the actor's TTPs, including a new ransom note in which they pose as a legitimate cybersecurity company.
Talos discloses new information about the infamous Lazarus Group APT, including several new RATs they're using in the wild.
SapphireStealer, an open-source information stealer, is disclosed after Talos observed the malware across public malware repositories with increasing frequency since its initial public release in December 2022.
Talos released an advisory about these attacks, urging users to patch immediately and releasing new Snort rules to detect the exploitation of CVE-2023-44487.
YoroTrooper, which Talos initially reported on earlier in the year, started using new TTPs, including new obfuscation techniques and the use of commodity malware.
The actor is likely operating out of Kazakhstan, but these new tactics were made to look as if their lure documents came from the government of Azerbaijan.
Although Arid Viper is believed to be based out of Gaza, Cisco Talos has no evidence indicating or refuting that this campaign is related in any way to the Israel-Hamas war, which also began in October.
Talos identified the most prolific Phobos variants, common affiliate tactics, techniques and procedures, and characteristics of the Phobos affiliate structure.
Talos releases the details of Project PowerUp, an effort from multiple teams across Cisco to create a new, bespoke hardware device used to protect Ukraine's power grid.
CNN first wrote about these efforts, and Joe Marshall, Talos' researcher who spearheaded the project, wrote a firsthand account for the Talos blog.
For further analysis of the threat landscape trends in 2023, download your copy of the Talos Year in Review.
Recommendations that defenders can use from Talos' Year in Review Report December 14, 2023 07:21.
The 2023 Talos Year in Review is full of insights on how the threat landscape has evolved.
In this video, experts from across Cisco Talos came together to discuss the 2023 Talos Year in Review.
This Cyber News was published on blog.talosintelligence.com. Publication date: Tue, 19 Dec 2023 13:13:05 +0000