Cyber Attack Trends — Jan 2024

Contents Download

1.Focus Issue of the Month

Every year from November to February when Korea's fiscal year changes, malware (Stealer Botnet) and phishing attacks that steal personal information by imitating specific public institutions, companies, or media outlets occur most frequently.

Chapter 1 deals with the quantity of global and South Korea malicious bot infections, Malicious IP Landscape and the analysis of Malicious Lookalike Domains utilized in real cyber attacks within South Korea.

  • Continued Increase in Malicious Bot Infections
  • Malicious IP Landscape
  • Attacks Using Malicious Lookalike Domains Increase During Holiday Season

2. December Insights and Trends

Chapter 2 features an analysis of information collected through Logpresso CTI during December 2023. This data was collected based on IoC information derived from the results of a dynamic analysis of malware, domestic and overseas information collected through OSINT techniques, and Honey Pots (a system intentionally installed in order to detect abnormal access).

  • Malicious IP Addresses
  • Lookalike Domains
  • Malicious Bot Infections
  • Credential Leaks

3. Threat Analysis - Malware Disguised as Resumes

Recently, there has been an increase in cyber attacks where malware, disguised as resumes, is being sent to company recruiters. In Chapter 3, we take a closer look at the method of malware attacks disguised as documents, using an example of a fraudulent email received by an authentic Logpresso recruiter. The content below is an actual email received by an HR employee at Logpresso.

  • Forms of Attack
  • Attack Process
  • Further Analysis on the Binary
  • How to Prevent Ransomware Attacks

4. 2024 Cyber Security Threat Forecast

Beginning with the launch of ChatGPT by OpenAI, there has been a significant surge in the deployment of generative AI based on Large Language Models (LLM) such as Google Bard and Meta Llama 2. In 2024, attackers are expected to actively utilize generative AI to expand the scope of their attacks and carry out more sophisticated infringements. Chapter 4 covers five types of security threats that will be prominent in 2024.

  • Increasingly Sophisticated and Globalized Phishing Attacks
  • Ransomware Attempts to Expand to Multiplatform
  • Supply Chains Attacks
  • Credential Stuffing
  • Increasing Industrial Security Threat

Contents Download

Logpresso Cyber Threat Intelligence

Logpresso is a specialized company in security and IT operations(SecOps), established in 2013. We offer security operation solutions such as log management, SIEM(Security Information and Event Management), SOAR(Security Orchestration, Automation, and Response), and DFIR(Digital Forensic & Incident Response) based on our fundamental technology.

Logpresso CTI is a cyber threat intelligence service optimized to immediately utilize such security threat information in security information and event management (SIEM) / security orchestration, automation, and response (SOAR) platforms. Relying on various open-source intelligence (OSINT) data sources such as the dark web and deep web, Logpresso CTI provides intelligence feeds that can detect various cyber-attacks including advanced persistent threats (APT), phishing, and credential stuffing.

Unlike many CTI services that are only available on a limited basis through API, Logpresso CTI synchronizes all indicators of compromise (IoC) directly to SIEM/SOAR, enabling full, real-time investigation of all logs. Unlike existing security architectures that primarily rely on detection through security devices, our approach enables the detection of threats proactively before a direct attack occurs.

See Also