Feb 2024 — Cyber Attack Trends

Contents Download

1. January Insights and Trends

Chapter 1 features an analysis of information collected through Logpresso CTI during January 2024. This data was collected based on IoC information derived from the results of a dynamic analysis of malware, domestic and overseas information collected through OSINT techniques, and Honey Pots (a system intentionally installed in order to detect abnormal access).

According to the analysis of data from January 2024, there has been an increase in credential leaks in South American and Asian countries.

  • Malicious IP Addresses
  • Lookalike Domains
  • Malicious Bot Infections
  • Credential Leaks

2. Threat Analysis

  • Cases of Kimsuky Malware Distribution : ‘Kimsuky’ is a threat group supported by the North Korean regime. This chapter provides an in-depth analysis of Kimsuky’s attack patterns by examining real-world cases that occurred in 2023.

  • Distribution of Mobile Phone Malicious Apps (Impersonating V3 Mobile Security) : This chapter also analyzes a malicious app disguised as AhnLab V3 Mobile Security, a popular mobile anti-virus app in South Korea. The malicious app had a similar icon and name to the actual app, making it difficult for users to distinguish between the two.

Contents Download

Logpresso Cyber Threat Intelligence

Logpresso is a specialized company in security and IT operations(SecOps), established in 2013. We offer security operation solutions such as log management, SIEM(Security Information and Event Management), SOAR(Security Orchestration, Automation, and Response), and DFIR(Digital Forensic & Incident Response) based on our fundamental technology.

Logpresso CTI is a cyber threat intelligence service optimized to immediately utilize such security threat information in security information and event management (SIEM) / security orchestration, automation, and response (SOAR) platforms. Relying on various open-source intelligence (OSINT) data sources such as the dark web and deep web, Logpresso CTI provides intelligence feeds that can detect various cyber-attacks including advanced persistent threats (APT), phishing, and credential stuffing.

Unlike many CTI services that are only available on a limited basis through API, Logpresso CTI synchronizes all indicators of compromise (IoC) directly to SIEM/SOAR, enabling full, real-time investigation of all logs. Unlike existing security architectures that primarily rely on detection through security devices, our approach enables the detection of threats proactively before a direct attack occurs.

See Also