One Step Ahead in Cyber Hide-and-Seek: Automating Malicious Infrastructure Discovery With Graph Neural Networks


When launching and persisting attacks at scale, threat actors can inadvertently leave behind traces of information. They often reuse, rotate and share portions of their infrastructure when automating their campaign’s setup before launching an attack.

Defenders can leverage this behavior by pivoting on a few known indicators to uncover newer infrastructure. This article describes the benefits of automated pivoting and uses three case studies to show how we can discover new indicators.

Read more…
Source: Trend Micro


Sign up for our Newsletter


Related:

  • How to Mitigate the Risk of Rogue Employees

    January 16, 2025

    Rogue employees present significant financial and cybersecurity risks to organizations. Rapid7 threat researchers and penetration testers are actively observing how malicious actors exploit hiring pipelines to infiltrate businesses. This blog highlights real-world tactics, including: Insider Reconnaissance: Rogue applicants leveraging interviews to map office layouts, identify vulnerable devices, and even plant malware during site visits. Read more… Source: Rapid7 Sign up ...

  • One Step Ahead in Cyber Hide-and-Seek: Automating Malicious Infrastructure Discovery With Graph Neural Networks

    January 13, 2025

    When launching and persisting attacks at scale, threat actors can inadvertently leave behind traces of information. They often reuse, rotate and share portions of their infrastructure when automating their campaign’s setup before launching an attack. Defenders can leverage this behavior by pivoting on a few known indicators to uncover newer infrastructure. This article describes the benefits ...

  • Enhancing Botnet Detection with AI using LLMs and Similarity Search

    January 8, 2025

    As botnets continue to evolve, so do the techniques required to detect them. While Transport Layer Security (TLS) encryption is widely adopted for secure communications, botnets leverage TLS to obscure command-and-control (C2) traffic. These malicious actors often have identifiable characteristics embedded within their TLS certificates, opening a potential pathway for advanced detection techniques. In first-of-its-kind research, ...

  • A Windows filetype update may have complicated cyber threat detection efforts

    January 4, 2025

    The use of archive files as malware delivery mechanisms is evolving, presenting challenges for Secure Email Gateways (SEGs), new research has claimed. A recent report by Cofense highlights how cybercriminals exploit various archive formats to bypass security protocols, particularly following a significant update to Windows in late 2023. Traditionally, .zip files have been the most common ...

  • Improving Detection and Response: Making the Case for Deceptions

    April 5, 2024

    Let’s face it, most enterprises find it incredibly difficult to detect and remove attackers once they’ve taken over user credentials, exploited hosts or both. In the meantime, attackers are working on their next moves. That means data gets stolen and ransomware gets deployed all too often. And attackers have ample time to accomplish their goals. In ...

  • A lightweight method to detect potential iOS malware

    January 16, 2024

    In 2021 and 2022, Kaspersky researchers had the privilege of working on a few Pegasus malware infections on several iPhone devices. The iPhones were Initially given to them by their partners for general security checks before the researchers discovered the infections. Investigating such cases can be complicated, costly, or time consuming due to the nature of ...