22
Nov
Companies can detect Aurora and malware like it by implementing command line logging and looking for unusual WMIC and PowerShell commands. Additionally, implementing Canary files can help detect file grabber activity, and user behavioral analysis on netflow data can help detect anomalous network activity, such as connections to strange external ports. Application allowlisting can also help prevent the loader activity seen in Aurora.
https://thehackernews.com/2022/11/researchers-warn-of-cyber-criminals.html
https://blog.sekoia.io/aurora-a-rising-stealer-flying-under-the-radar/
