Hello, welcome to the Tuesday, August 23rd, 2022 edition of the Sands Internet Storm Center's

Stormcast. My name is Johannes Ulrich, and today I am yet again recording from Jacksonville, Florida.

In today's diary, Xavier took a look at the prevalence or lack there off of native 64-bit

Malver. It is almost difficult these days to find a CPU that is not 64-bit and many operating

systems do support 64-bit these days. But of course, Malver usually doesn't have a great reason to give up the 32-bit compatibility,

even if it only affects a small percentage of systems.

Things like performance or memory use and such, of course, is usually not a big issue for Malver.

Xavier's attempt to answer the question used the daily archives from Malware Basar.

Malware Basar, unlike a virus total, makes it easy to download large number of samples.

They actually have sort of a daily dump that you can download, So Xavier ended up downloading 217 gigabytes of

matter, which went back to February 2020, so more than two years back. And he used a

Yara rule to detect if a binary was either 32-bit or 64-bit. Well, the short answer, only about 6% of binaries were detected as 64-bit code, but among

them was only one single DLL file.

However, if you look at the graph that he posted, it looks like there was a steady increase

in the number of 64-bit samples

starting around the beginning of this year. So it's possible that the malware world is

switching to 64-bit, which of course has some implications then when it comes to detection.

And the use of proxies to mask an attacker's origin isn't really anything new, but the FBI issued

a bulletin late last week warning users that they're seeing a search in the use of proxies

specifically for credential stuffing attacks.

So credential stuffing, that refers to an attack where an attacker uses

usernames and passwords or other personal data that was leaked in prior breaches.

...