Today Palo Alto Networks would like to officially introduce its new threat intelligence team, Unit 42, and announce the release of their first research paper, 419 Evolution.Unit 42 uses data collected from the Palo Alto Networks security platform to provide context into an attacker’s motivations and methods. Using their Critical Intelligence Requirements developed by their leadership, they determine what data is necessary to answer questions about threats to Palo Alto Networks and their customers.They collect this data from both internal and external sources and run it through a detailed threat analysis process. The team, led by their Chief Security Officer Rick Howard, includes a group of experts with deep experience in threat intelligence and is backed by the Palo Alto Networks engineering team. You’ll see the output of Unit 42’s research in the form of white papers as well as regular entries on their blog. If you have any questions about Unit 42 and their mission, check out this FAQ. The 419 Evolution report describes a series of attacks first detected in May 2014. The team tracked this activity back to Nigerian actors who had previously been active in launching 419 scams.The paper shows that these individuals’ tactics have evolved as they’ve begun using Remote Administration Tools (RAT) and other malware tools as part of their attacks. While these actors are not nearly as sophisticated as the top cyber crime and espionage groups in the world, we believe they represent an emerging threat to businesses. The paper details the tools and infrastructure used in the attack, including NetWire, a commercially available RAT. To help incident responders dealing with NetWire attacks, the team has released a free tool that decrypts and decodes NetWire command and control traffic.
Unit 42: A New Era In Threat Intelligence
Filed Under: Account Monitoring & Control, Application Security, Asset Inventory, Boundary Defense, BYOD, Cloud Security, Configuration Management, Data Loss Prevention, Data Security, Disaster Recovery, Incident & Event Management, Log Management, Malware Defense, Mobile Device Management, Patch Management, Penetration Testing, Privilege Management, Role Based Access, Security Awareness Training, Sharepoint Security, Uncategorized, Vulnerability Assessment, Wireless Device Control