We like to think of our annual Threat Detection Report as the “Burn Book” of cybersecurity: a non-exhaustive tome of the most grotsky threats, trends, and techniques that we see across our customer’s environments.
Since October 3rd is National Mean Girls Day, we thought this would be a fetch opportunity showcase “Get in loser, we’re detecting threats,” a Mean Girls-themed webinar presented by Red Canary Detection Engineers Mak Foss and Rachel Schwalk. They break down how to detect some of the top threats highlighted in the 2023 Threat Detection Report with a deep dive into initial access, execution, and persistence techniques of Qbot, Gootloader, SocGholish, and more—so we can all get along like we used to in middle school and bake cakes filled with rainbows and smiles and everyone would eat and be happy…
The full webinar is available on-demand, and you can watch clips below.
“Raise your hand if you’ve been personally victimized by Gootloader.”
Mak and Rachel first highlight Gootloader malware, a common entry point for Cobalt Strike. Its hobbies include delivering payloads, transmitting victim data, and persisting covertly.
“Qbot doesn’t even go here.”
While law enforcement took down Qbot’s infrastructure this past summer, its associated behavior is still worth looking at for, as adversaries such as TA570 and TA577 have plenty of similar tools at their disposal. “Girl World” may be at peace by the end of Mean Girls, but there are always “Junior Plastics” entering the fray.
“I’m SocGholish. Duh.”
To paraphrase Cady Heron, “In the real world, Halloween is when kids dress up and beg for candy. But in SocGholish world, Halloween is the one time of year a drive-by download can masquerade like software updates for initial access and no other thrunter can say anything about it.”
“I’m sorry I laughed at you that time you got LOLBins at Barnes & Noble. And I’m sorry for telling everyone about it. And I’m sorry for repeating it now.”
Principal Duvall has sequestered all the girls in the school until 4:00 and Ms. Norbury asks each girl to confess and apologize to each other—it’s time to go over what we’ve learned today.
Mathlete Lightning Round: The limit of detection engineering does not exist!
To close things out, Mak and Rachel are quizzed by the audience about preventing automatic execution of script files, filtering out noisy detectors, cloud security threats, and more.
Privacy & Cookies Policy
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.