See you, 2022. This final week withstanding, this year didn’t bring us any singular headline-dominating incident in the ranks of the sweeping SolarWinds campaign that closed out 2020 or the Log4Shell vulnerabilities and widespread Microsoft Exchange zero-day exploitation we saw in 2021 (fingers crossed we didn’t just jinx that!). But adversaries were as persistent as ever, and Red Canary was there to help security professionals stay one step ahead of new threats and evolving tradecraft. Here are the year’s best of Red Canary’s blogs, videos, social media, and more.
Best new blogs
These were the most read, shared, and discussed articles we published in 2022.
1. Raspberry Robin gets the worm early
2. ChromeLoader: a pushy malvertiser
3. The Goot cause: Detecting Gootloader and its follow-on activity
4. Forward thinking: How adversaries abuse Office 365 email rules
5. Better know a data source: Antimalware Scan Interface
VIDEO REWIND
Best legacy blogs
These classics still get steady traffic each month, remaining relevant–in some cases years after publication.
1. Microsoft Exchange server exploitation: how to detect, mitigate, and stay calm (March 2021)
2. Windows Registry attacks: Knowledge is the best defense (April 2017)
3. Threat hunting for PsExec, open source clones, and other lateral movement tools (November 2018)
4. Detecting SharePoint attacks via worker process activity (October 2019)
5. Clipping Silver Sparrow’s wings: Outing macOS malware before it takes flight (February 2021)
VIDEO REWIND
Best educational resources
These are some of our flagship resources to help defenders figure out which threats to prioritize while fine-tuning their detection capabilities.
1. Atomic Red Team year in review
2. 2022 Threat Detection Report
3. The Detection Series: Open Scripting Architecture, AppleScript, and JavaScript for Automation
4. 15 critical tactics for protecting Linux from cyber attacks
5. MDR Buyer’s Guide
VIDEO REWIND
Best social posts
These posts were the most liked, commented, shared, and memed. Don’t forget to follow, like, and subscribe!
Best of Twitter
Are you ready for NOW! That’s What I Call Threat Sounds? 34 of today’s hottest infosec adjacent tracks packed into one power packed collection? https://t.co/OKU0amOjRY pic.twitter.com/NKb35hZUPn
— Red Canary (@redcanary) May 18, 2022
Over the past few hours, we’ve observed malicious phishing emails associated with the delivery affiliate TR in multiple customer environments. The infection scheme was consistent, executing in the following pattern: OneDrive phishing page -> ZIP download -> malicious XLSB -> Qbot
— Red Canary (@redcanary) February 18, 2022
Best of LinkedIn
VIDEO REWIND
Best definitely real podcast
This year we proved that audio is one of the best ways of sharing hashes, second only to a PDF.
Introducing the Unsalted Hash: a podcast for thought leaders like you
VIDEO REWIND
Cheers to 2023!
We’re already at work on next year’s Threat Detection Report (taking song requests for the accompanying playlist!) and look forward to sharing much more intelligence, threat research, detection guidance, and occasional silliness to brighten your day. See you next year!
Related Articles
The CrowdStrike outage: Detection and defense in depth