Post AV463I4y3esW9Z8dAe by cstromblad@ioc.exchange
 (DIR) More posts by cstromblad@ioc.exchange
 (DIR) Post #AV463I4y3esW9Z8dAe by cstromblad@ioc.exchange
       2023-04-26T14:39:58Z
       
       0 likes, 0 repeats
       
       My colleague once described an analogy between the cyber criminal ecosystem and an assembly line. In any developing and growing ecosystem you are likely to observe specialisation as a consequence of growth and evolution.One such consequence of this maturing ecosystem is the Initial Access Broker enabled by Credential and Information stealer malware. The market of credential stealers is flourishing with many families available for purchase by criminals.This subset of the ecosystem, the information stealer market, is itself an ecosystem growing and developing. We noticed recently that actors have begun to offer services to make malware much harder to detect by EDR/AV-tools. They do this by offering various forms of technical "packers" and "cryptors" making each iteration copy of a malware unique and adding multiple layers of obfuscation.This is yet another development and evolution of a maturing ecosystem.#Malware #Development #ThreatIntelligence