George Glass
Associate Managing Director
Cyber Risk
London
Webinar Replay – Fighting Advanced Malware Threats: Kimsuky and the ScreenConnect Vulnerability
June 26, 2024 | (Online)
Get the latest insights into threat actor activity straight from the frontlines fueled by data from Kroll’s incident response intelligence and elite analyst.
On February 19, software firm ConnectWise notified clients of two vulnerabilities (CVE-2024-1708 and CVE-2024-1709) impacting on-premise versions of their remote management tool, ScreenConnect. Within days, the vulnerability was under heavy exploitation from several groups, including the Advanced Persistent Threat (APT) group known as Kimsuky.
Watch Kroll’s Head of Threat Intelligence in EMEA, George Glass, address how Kimsuky weaponized the ScreenConnect vulnerability using new malware strain TODDLERSHARK.
Threat intelligence fueled by frontline incident response intel and elite analysts can provide a rich insight into threat actor activity. Security leaders need access to this frontline incident intelligence to understand if they are likely to be in a similar situation but also take immediate action on their defenses. In this briefing, George highlights how the malware was deployed as part of an attempted compromise, then detected and stopped by the Kroll Responder team.
This webcast covers:
- The Kroll Cyber Threat Intelligence (CTI) team’s discovery and analysis of new malware resembling the VBScript-based BABYSHARK malware called TODDLERSHARK
- How the malware was used in post-compromise activity
- BABYSHARK and it’s association with a threat actor that Kroll tracks as KTA082 (Kimsuky)
- How the malware utilized legitimate Microsoft binary and alternate data streams and exhibited elements of polymorphic behavior
Dive Deeper into Kroll’s Cyber Risk Solutions
Get a better understanding of the breadth of Kroll’s cyber risk services. Download below for more information:
Download the Latest Research from Kroll
Grab a copy of the latest reports and insights below and stop by to discuss with our experts. Click to download:
- Q1 2024 Cyber Threat Landscape Report
- The State of Cyber Defense: Diagnosing Cyber Threats in Healthcare
- Data Breach Outlook 2023
- Managed Detection and Response (MDR) Buyer’s Guide
- Microsoft Threat Detection and Response: Five Key Pitfalls
- The State of Cyber Defense 2023: Detection and Response Maturity Model
Connect With Us
Cyber Risk
Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.
Cyber Threat Intelligence
Threat intelligence are fueled by frontline incident response intel and elite analysts to effectively hunt and respond to threats.
Cyber Risk Retainer
Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.
24x7 Incident Response
Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.
Ransomware Preparedness Assessment
Kroll’s ransomware preparedness assessment helps your organization avoid ransomware attacks by examining 14 crucial security areas and attack vectors.
Kroll is headquartered in New York with offices around the world.
55 East 52nd Street 17 Fl
New York NY 10055
Sign up to receive periodic news, reports, and invitations from Kroll.
Our privacy policy describes how your data will be processed.
© 2024 Kroll, LLC. All rights reserved.
Kroll is not affiliated with Kroll Bond Rating Agency,
Kroll OnTrack Inc. or their affiliated businesses. Read more.