Researchers at Sygnia have disclosed a financially-motivated threat actor dubbed ‘Elephant Beetle’, observed over the last two years as they have exploited multiple known and likely unpatched vulnerabilities, stealing millions of dollars from organizations worldwide using an arsenal of over 80 unique tools and scripts. The Sygnia report detailed the approach of targeting Java applications on Linux systems and overwriting non-threating files as they slowly prepare for the true attack. An expert with Gurucul has offered some perspective.

Experts Comments

January 07, 2022
Saryu Nayyar
CEO
Gurucul

The adaptability of the Elephant Beetle threat actor and subsequent exploits developed to evade detection or modifications to continue once detected, shows a level of sophistication that is out of scope for traditional XDR or SIEM. In addition to leveraging dwell time to evade detection, the documented exploits are clearly meant to increase the level of noise created by most XDR/SIEMs leaving security analysts unable to correlate what is a real attack versus chasing false positives. The ability

.....Read More

The adaptability of the Elephant Beetle threat actor and subsequent exploits developed to evade detection or modifications to continue once detected, shows a level of sophistication that is out of scope for traditional XDR or SIEM. In addition to leveraging dwell time to evade detection, the documented exploits are clearly meant to increase the level of noise created by most XDR/SIEMs leaving security analysts unable to correlate what is a real attack versus chasing false positives. The ability to baseline user access to applications and understand deviations in acceptable asset and network usage and behaviors with customizable machine learning models can drastically reduce the noise and discover attacks much more quickly despite the extensive use of dwell time.

Additionally, The New York Office of the Attorney General has notified 17 companies of security breaches after it spent months monitoring hacking forums dedicated to credential stuffing attacks and found that more than 1.1 million user accounts had been hacked and sold online. An expert with Gurucul offers additional comments on this breaking story.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.