Researchers at Sygnia have disclosed a financially-motivated threat actor dubbed ‘Elephant Beetle’, observed over the last two years as they have exploited multiple known and likely unpatched vulnerabilities, stealing millions of dollars from organizations worldwide using an arsenal of over 80 unique tools and scripts. The Sygnia report detailed the approach of targeting Java applications on Linux systems and overwriting non-threating files as they slowly prepare for the true attack. An expert with Gurucul has offered some perspective.
<p>The adaptability of the Elephant Beetle threat actor and subsequent exploits developed to evade detection or modifications to continue once detected, shows a level of sophistication that is out of scope for traditional XDR or SIEM. In addition to leveraging dwell time to evade detection, the documented exploits are clearly meant to increase the level of noise created by most XDR/SIEMs leaving security analysts unable to correlate what is a real attack versus chasing false positives. The ability to baseline user access to applications and understand deviations in acceptable asset and network usage and behaviors with customizable machine learning models can drastically reduce the noise and discover attacks much more quickly despite the extensive use of dwell time.</p>
<p>Additionally, The New York Office of the Attorney General has <a href=\"https://u7061146.ct.sendgrid.net/ls/click?upn=4tNED-2FM8iDZJQyQ53jATUW-2BLxr4emh7VocYvSCZsSWLmEumgRNzhHVe-2BPF3QCLj4Veywz6g76SRNI0h-2Bct6-2F9izOBUO8kP0FZIbX18pf6h-2BDmiK8xgsLJ6cZLB7CXIT1pAXEUqayZH9xoL9v5t0dvLPtpqxyyhlP0-2BalQ0cYRmI-3DhAtj_S3RA1gMvL7v1TdZrqvF2X48vY2LyH9KYdxKxBaPFp6Fl1TEEsXDQbgk-2FWPw9Ah5nwh5z3HPLIw79cePUeHvYGbACtpGEOUo9gKA7RdPV7CHYnRZ1BgjoepqPsAq5T4X7OPHmw4iuricWSmMEgE-2BxhUTLKTRvIi6e57WKbN9z1MXEqrjJmhCN68JyYtbbUUfOodIBwmy8qI6bPkiH8ze29wWut89Q5GtZWeamtWaJhiYOlKC6iL-2B53NqQse-2F2hobtUztmbknQLYhGnzAVYtRA1Vbu0YwB1GolfePj-2BzsBSH3g79YnXi5e9pP0cjfE24dipeZ35NCLlq6dg0duJAnW-2B8T1Hk3wYSoDmSrkUWn0FKquL0XyeIG9-2FUA0UMt27Z-2Br\" target=\"_blank\" rel=\"noopener\" data-saferedirecturl=\"https://www.google.com/url?q=https://u7061146.ct.sendgrid.net/ls/click?upn4tNED-2FM8iDZJQyQ53jATUW-2BLxr4emh7VocYvSCZsSWLmEumgRNzhHVe-2BPF3QCLj4Veywz6g76SRNI0h-2Bct6-2F9izOBUO8kP0FZIbX18pf6h-2BDmiK8xgsLJ6cZLB7CXIT1pAXEUqayZH9xoL9v5t0dvLPtpqxyyhlP0-2BalQ0cYRmI-3DhAtj_S3RA1gMvL7v1TdZrqvF2X48vY2LyH9KYdxKxBaPFp6Fl1TEEsXDQbgk-2FWPw9Ah5nwh5z3HPLIw79cePUeHvYGbACtpGEOUo9gKA7RdPV7CHYnRZ1BgjoepqPsAq5T4X7OPHmw4iuricWSmMEgE-2BxhUTLKTRvIi6e57WKbN9z1MXEqrjJmhCN68JyYtbbUUfOodIBwmy8qI6bPkiH8ze29wWut89Q5GtZWeamtWaJhiYOlKC6iL-2B53NqQse-2F2hobtUztmbknQLYhGnzAVYtRA1Vbu0YwB1GolfePj-2BzsBSH3g79YnXi5e9pP0cjfE24dipeZ35NCLlq6dg0duJAnW-2B8T1Hk3wYSoDmSrkUWn0FKquL0XyeIG9-2FUA0UMt27Z-2Br&source=gmail&ust=1641671225884000&usg=AOvVaw1dEpUUq7IJMhYThT4MI_OV\">notified</a> 17 companies of security breaches after it spent months monitoring hacking forums dedicated to credential stuffing attacks and found that more than 1.1 million user accounts had been hacked and sold online. An expert with Gurucul offers additional comments on this breaking story.</p>