当前位置:首页 > 报告详情

主题演讲 _ 适应攻击手法——展望 2024 年勒索软件攻击——来自 DFIR 报告的洞见.pdf

上传人: 可*** 编号:991803 2025-12-07 24页 1.69MB

1、SANS Ransomware Summit 2025Peter O _pete_0Angelo Violetti angelo_violettiAdapting Tradecraft:Examining Ransomware Attacks in 2024Insights from The DFIR ReportAgendaReview of Ransomware attacks in 2024Domain Takeover Methods of lateral movementAttacker Tooling LOLBIN and customHands-on Keyboard Obser

2、ving operators on the CLIReal Intrusions by Real Attackers,The Truth Behind the Intrusion2https:/www.first.org/tlp/2024/2025-The DFIR ReportObservedoRansomware activityoExploit vulnerabilities,fake software,phishingoDiverse use of C2 frameworksoMix of LOLBINS&Custom ToolingReportso11 Public Reportso

3、23 Private ReportsDisclosuresoBlackSuit(Royal)RansomwareDetectionsohttps:/ Malware Familieso14k C2 endpointsOtherPodcasts,CTF3https:/www.cisa.gov/news-events/cybersecurity-advisories/aa23-061ahttps:/ Overview in 20244Cobalt StrikeMetasploitBrute RatelTop C2 FrameworksTraffic Tunneling(e.g.,SystemBC)

4、MimikatzPsExecTop Tools UsedT1189:Drive-by CompromiseT1190:Exploit-Public Facing ApplicationT1078:Valid AccountsTop Initial Access Techniques45%22%Black Suit33%Others(e.g.,RansomHub)Top Ransomware FamiliesTime to RansomT0+5D:05H:05M:59ST0+1D:03H:13M:42STime to LateralTime to Hands-OnT0+17H:23M:34ST0

5、+16H:53M:27STime to DiscoveryInitial AccessT0Top Ransomware FamiliesAverage Time to Discover,Hands-On,Lateral&Ransom2/3 of the times,they happen in the first hour of intrusionTLP:CLEARTrends Takedown Operations5August 2023Operation Duck HuntThe FBI along with international partners performed a coord

6、inated takedown of the QakBot infrastructureMay 2024Operation EndgameEuropol conducted the takedown of several malware infrastructure used by ransomware groups:IcedID,SystemBC,Pikabot,Smokeloader and BumbleBeeMajor Takedown OperationsFebruary 2024Operation CronosAn international coalition led by UKs

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据《SANS Ransomware Summit 2025》报告内容,以下是全文关键点: 1. 2024年 ransomware 攻击趋势:LockBit 恶意软件持续流行,RansomHub 等新家族出现。 2. 攻击手段:攻击者主要利用驱动下载、漏洞利用和钓鱼等初始访问技术。 3. C2 框架:Cobalt Strike 和 Metasploit 是最受欢迎的 C2 框架。 4. 工具使用:SystemBC 和 Rclone 等工具被广泛使用。 5. 拔除行动:FBI 和 Europol 等机构成功进行了多次 ransomware 基础设施拔除行动。 6. 发现时间:攻击者在入侵后的前一小时发现 ransomware 的比例高达 45%。 7. 防御建议:加强审计日志、AV 日志监控、测试和了解环境等防御措施。
"2024 ransomware攻击揭秘" 2024年黑客工具揭秘" 2024年趋势分析"
客服
商务合作
小程序
服务号
折叠