Prevailion’s first APEX™ Report demonstrates its unique visibility into the top compromised industries. Prevailion is an evolved solution for an evolved threat. We believe the next generation of intelligence that will lead businesses into a new era of security is Compromise Intelligence. This report shows the active compromises that organizations are up against.
Research from cyber-intelligence outfit Prevailion suggests that TA505 has compromised more than 1,000 organizations. Organizations that include two U.S. state government networks, two U.S. airlines and one of the world’s top 25 banks.
Prevailion’s Tailored Intelligence Team has continued to follow an evolving threat actor group dubbed TA505 – a known cyber criminal organization that has likely been active since at least 2017, whose motives are speculated to be financial in nature. This group has been known to infect victims through business email compromise. Once a victim’s system is initially compromised, TA505 has been observed utilizing a wide variety of commercially available and custom remote access trojans. Upon gaining access, with a trojan in the network, they have been observed stealing sensitive financial data and in some cases deploying ransomware as recently as October of 2019.
New vulnerabilities put specific devices or systems at risk, US-CERT issues warnings about Dridex malware, and cybercriminals are charged and sentenced.
The U.S. government says it’s on high alert for cyberattacks from foreign countries in this election year. Yet private cybersecurity firms have often been the ones sounding the alarm, and in some cases, they are selling their services to the U.S. intelligence community.