Latest news with #ReliaQuest
Techday NZ
6 days ago
- Business
- Techday NZ
Cyber attackers use AI to automate exploits & sell deepfakes
New analysis from ReliaQuest has found that cyber attackers are increasingly commercialising and refining the use of artificial intelligence (AI) in operations, with up to 45% of initial access attempts attributed to automated vulnerability discovery and SQL injection scanning. AI-skewed threat landscape The report, based on research and threat detection data from ReliaQuest, details how AI-powered bots and frameworks now automate much of the early stage attack process. These tools are not only accelerating the pace of exploitation but are also reducing the technical barriers to entry for less-skilled attackers, making advanced tactics more widely accessible. Automation has led to attackers leveraging AI as the "brain" behind malware campaigns. Whereas previous use of large language models (LLMs) and deepfake technology amplified existing strategies, ReliaQuest has seen these techniques become more widespread and sophisticated across both criminal and nation-state operations. Malware adapts to AI defences The report observes that while LLM-generated scripts often include distinctive markers such as verbose code comments or generic variable names, attackers are adapting quickly. The 'Skynet' malware, for example, not only integrates sandbox evasion and TOR-encrypted communications, but also employs prompt injection loaded into memory to manipulate AI-based security tools. ReliaQuest's analysis cautions that "Relying solely on NGAV or other single-layer defences is no longer enough. Enterprises must embrace continuous innovation, combining defence-in-depth strategies with advanced detection capabilities to stay ahead." Malware and usability Attackers continue to deploy existing malware variants with newer AI-backed features. The report highlights the evolution of the 'Rhadamanthys' infostealer into an AI-powered toolkit with features including AI-driven password recovery, optical character recognition for data extraction, and AI analytics for data tagging and campaign tracking. These developments enable even inexperienced cybercriminals to conduct sophisticated campaigns: "Its integrated AI features enable even rookie criminals to conduct large-scale theft campaigns. The latest iteration automatically tags and filters stolen data based on perceived value and provides a dashboard to track campaign statistics." Commercialisation of deepfakes "Groups now position themselves as professional 'Deepfake-as-a-Service' operators, blending slick marketing with the shadowy ambiguity of deepfake technology that's dangerous in the wrong hands," the report says. Services such as CREO Deepfakes and VHQ Deepfake sell highly realistic video content for applications ranging from impersonation scams to cryptocurrency marketing. Deepfake operators advertise advanced features, including geographic targeting and optimised traffic alignment, and the number of service providers is growing. The report notes, "Attacks are becoming smarter, more frequent, and tougher to detect." Malicious GPTs and jailbreaking trends ReliaQuest's research finds a growing trend of jailbreaking mainstream LLM models such as OpenAI GPT-4o, Anthropic Claude, and X's Grok. Jailbreak-as-a-service marketplaces now offer pre-built malicious prompts for phishing campaigns, malware scripts, and utilities for credit card validation and cryptocurrency laundering. Many new malicious GPT offerings are simply repackaged public models sold at inflated prices. "Investigations revealed that many of these models simply utilised open APIs, added bypass instructions, and repackaged tools at significantly inflated prices - sometimes costing three times more than their original versions." The report adds that, "Jailbroken versions remove ethical boundaries, content restrictions, and security filters, turning regulated tools into unregulated engines of cybercrime." This commoditisation is also lowering the technical threshold for less experienced criminals. Automating vulnerability discovery at scale ReliaQuest's latest data shows that 45% of initial access in customer incidents over the past quarter involved vulnerability exploitation, highlighting the impact of AI-driven automation. Autonomous AI frameworks and bots can now handle tasks such as asset scanning, vulnerability confirmation, and exploitation with little human oversight. The report's findings state, "AI-powered bots are transforming the way weaknesses are identified, excelling at tasks like scanning for open ports, detecting misconfigurations, and pinpointing outdated software with unmatched speed and precision. These bots often outpace defenders' ability to patch vulnerabilities, creating new challenges for security operations teams." SQL injection automation Automation is also affecting SQL injection (SQLi) attacks, enabling attackers to discover and exploit web application vulnerabilities with ease. The tool "bsqlbf," for example, specialises in automating blind SQLi, allowing attackers to test payloads and confirm vulnerabilities without directly accessing underlying data. "Automation has transformed SQLi attacks, dramatically reducing the time, effort, and expertise needed. By streamlining discovery and exploitation, automated tools allow attackers to exploit vulnerabilities at scale, amplifying the risks posed by insecure applications and databases." Defensive measures and key recommendations ReliaQuest advises organisations to adopt a multi-layered, proactive security stance. Key recommendations include prioritising threat hunting, ensuring comprehensive system logging, training employees to spot AI-generated attacks, deploying advanced detection tools, and reviewing the use of AI within sensitive operational environments. The report emphasises, "As AI-powered threats evolve, defenders must stay ahead by focusing on detecting malicious techniques, restructuring security processes, and addressing AI-related risks."
Techday NZ
26-06-2025
- Business
- Techday NZ
ReliaQuest launches GreyMatter automation to speed threat response
ReliaQuest has introduced GreyMatter Workflows, a capability designed to accelerate the detection and containment of security threats by automating operational workflows within its GreyMatter platform. GreyMatter Workflows enables customers to create business-specific automated processes using a no-code, drag-and-drop interface. This functionality aims to reduce the manual effort involved in security operations and enhance response speeds across complex threat environments. Workflow automation The new feature is integrated natively with ReliaQuest's AI-driven security operations platform and automates essential tasks across detection, containment, investigation, and response activities within existing technology infrastructures. GreyMatter Workflows extends automation beyond traditional security tools, facilitating direct interaction with other business units and end users. It also offers integration with services such as Microsoft Teams and Slack, enabling more comprehensive threat verification and communication capabilities. Pre-built workflow templates are provided, based on frequent use cases observed among ReliaQuest's enterprise clients, and can be further customised to suit unique organisational requirements. Security teams can develop and deploy automation processes with zero-code design from initial implementation, and have the option to use AI Agents for more tailored adjustments throughout investigative workstreams. According to ReliaQuest, the adoption of GreyMatter Workflows leads to a reduction in operational complexity, diminishes the need for manual intervention, and shortens incident response times. Customers reportedly experience a 64% decrease in Mean Time to Respond (MTTR) and are able to eliminate more than half of manual response tasks. Customer and industry response "The threat landscape is accelerating, but the operational workflows used to detect and contain those threats haven't kept up," said Brian Foster, President of Product and Technical Operations at ReliaQuest. "Security teams need the ability to automate complex workflows quickly, so they can focus more on managing threats and less on managing tools. GreyMatter Workflows gives our customers the ability to build powerful end-to-end automations to unify all phases of security operations, without leaving the platform." Pat O'Keefe, Head of Global Security Operations and Risk Management at Circle K, commented on the significance of rapid threat management, particularly for organisations with substantial and dispersed operational footprints. "Detecting and containing threats quickly has never been more important in cybersecurity, especially for a business like ours that is distributed across hundreds of locations around the world," said Pat O'Keefe. "Being able to extend our automation capabilities further into our business will help us stay proactive in protecting our brand." Bo Olsen, Security Engineering Manager at Eastern Bank, discussed the evolving direction of daily security operations, emphasising automation as a key priority to allocate resources toward more strategic objectives. "As we look to what's next in cybersecurity, we plan to automate as much as possible of the day-to-day security operations processes so we can spend more time on what matters most to our business," said Bo Olsen. "We can't achieve that level of efficiency with traditional SOAR – an expensive add-on that doesn't deliver the outcomes we really need." Platform details The GreyMatter platform utilises ReliaQuest's Universal Translator, detection-at-source, and Agentic AI components to facilitate connectivity and threat management across cloud, multi-cloud, and on-premises environments. The introduction of Workflows supports ReliaQuest's objective of enabling tailored security outcomes for organisations with differing technology architectures and business needs. With over 1,000 customers and 1,200 staff across six global locations, ReliaQuest continues to offer capabilities in security operations that address the responsiveness and efficiency demands faced by enterprises amid dynamic cybersecurity challenges.
Business Wire
25-06-2025
- Business
- Business Wire
ReliaQuest GreyMatter Further Speeds Detection and Containment of Threats with Native Automation Workflows
TAMPA, Fla.--(BUSINESS WIRE)--Today ReliaQuest, the leader in AI-powered security operations, announced GreyMatter Workflows, a new capability that allows customers to create business-specific workflows using a no-code, drag-and-drop capability – further eliminating the manual effort out of security operations for faster response to threats. GreyMatter Workflows is native to ReliaQuest's AI-powered security operations platform, which already automates critical aspects of detection, containment, investigation and response across security teams' existing technology stacks. This new capability takes automation a step further, allowing GreyMatter to extend its reach beyond the security stack and interact directly with any business unit or end user to verify potential threats, including deeper integrations into communications tools like Microsoft Teams or Slack. GreyMatter Workflows includes out-of-the-box templates based on the most common use cases from ReliaQuest's enterprise customer base, with customization available to address more unique use cases specific to a customer's business needs. With drag-and-drop functionality, security teams can build, modify, and launch automations with zero-code design on day one. Customers can use AI Agents to more deeply customize all aspects of the investigation process. This approach reduces operational complexity, requires less human effort, and allows for faster response times, often within minutes. On average, customers using GreyMatter Workflows achieve a 64% decrease in their Mean Time to Respond and can remove over half of manual response activities. 'The threat landscape is accelerating, but the operational workflows used to detect and contain those threats haven't kept up,' said Brian Foster, President of Product and Technical Operations at ReliaQuest. 'Security teams need the ability to automate complex workflows quickly, so they can focus more on managing threats and less on managing tools. GreyMatter Workflows gives our customers the ability to build powerful end-to-end automations to unify all phases of security operations, without leaving the platform.' 'Detecting and containing threats quickly has never been more important in cybersecurity, especially for a business like ours that is distributed across hundreds of locations around the world,' said Pat O'Keefe, Head of Global Security Operations and Risk Management at Circle K. 'Being able to extend our automation capabilities further into our business will help us stay proactive in protecting our brand.' 'As we look to what's next in cybersecurity, we plan to automate as much as possible of the day-to-day security operations processes so we can spend more time on what matters most to our business,' said Bo Olsen, Security Engineering Manager at Eastern Bank. 'We can't achieve that level of efficiency with traditional SOAR – an expensive add-on that doesn't deliver the outcomes we really need.' Learn more here. About ReliaQuest ReliaQuest exists to Make Security Possible. Our AI-powered security operations platform, GreyMatter, allows security teams to detect threats at the source, contain, investigate and respond in less than 5 minutes – eliminating Tier 1 and Tier 2 security operations work. GreyMatter uses our Universal Translator, detection-at-source, and Agentic AI to seamlessly connect telemetry from across cloud, multi-cloud and on-premises technologies. ReliaQuest is the only cybersecurity technology company that delivers outcomes specific to each organization's unique architecture, technology and business needs. With over 1,000 customers and 1,200 teammates across six global operating centers, ReliaQuest Makes Security Possible for the most trusted enterprise brands in the world. Learn more at
Techday NZ
19-06-2025
- Techday NZ
ReliaQuest report exposes rise of social engineering cyber threats
ReliaQuest has released its latest quarterly report, outlining identified trends in cyber attacker techniques, malware use, and ransomware group activity observed between March and May 2025 across its customer base. ClickFix and social engineering tactics One of the most notable trends identified in the report is the widespread use of ClickFix, a social engineering method that misleads users into pasting malicious commands into tools such as PowerShell or the Windows Run prompt. Attackers disguise these actions as solutions to false issues, such as fake CAPTCHAs or Windows updates, enabling them to circumvent defences and introduce malware with comparative ease. This approach has facilitated the increased use of malware families such as Lumma and SectopRAT, both of which utilise trusted tools like MSHTA to deliver malicious payloads. The report notes that social engineering has significantly contributed to the rise of these attack vectors, stating, "Social engineering played a pivotal role in the success of these top tactics." Lateral movement and initial access trends Phishing-based techniques accounted for over half of observed initial access incidents among customers, while drive-by compromise incidents rose by 10% compared to the previous period. The report sees a shift, as attackers increasingly rely on user manipulation rather than exploiting technical vulnerabilities. ReliaQuest's analysis highlights the prominence of remote desktop protocol (RDP) over internal spear phishing as a method of lateral movement within networks. This shift is closely associated with attackers impersonating IT helpdesks to persuade users to install RDP tools. The report finds, "The shift away from tactics like internal spearphishing suggests attackers are favouring techniques that require less user interaction and offer more direct access to internal systems." Additionally, drive-by downloads powered by campaigns such as ClickFix and widely available phishing kits continue to lower the threshold for cybercriminal activity. External remote resources dropped from third to fourth place among initial access vectors, further illustrating the focus on exploiting human factors. MSHTA on the rise for defence evasion MSHTA (Microsoft HTML Application Host), a native Windows binary, was reported to be involved in 33% of defence evasion incidents during the period, up from just 3.1% the previous year. Attackers use this legitimate tool to bypass conventional security tools by convincing users to execute malicious commands themselves, often delivered through social engineering campaigns such as ClearFake. "ClearFake's early adoption of ClickFix techniques propelled MSHTA from 16th to second place among defence evasion tactics. Recently, other ClickFix adopters have fuelled MSHTA's current surge, leveraging broader social engineering tactics to bypass defences more effectively," the report details. Changes in ransomware operations The report notes significant changes among ransomware groups, with the closure of "RansomHub" leading many affiliates to migrate to other groups, notably Qilin, which saw a 148% increase in activity. Play and Safepay also reported increased activity of 116% and 266%, respectively. The number of active ransomware groups has dropped by nearly 30%, but newer or established ransomware-as-a-service (RaaS) platforms have absorbed most of these affiliates, raising concerns over increasingly professionalised threats. "With major ransomware groups like RansomHub gone, RaaS operators are vying to capitalise on the influx of affiliates searching for new platforms. To attract this talent, we'll likely see RaaS platforms introduce innovative capabilities or revise profit-sharing models. This competition is expected to create a more fragmented yet increasingly sophisticated ransomware ecosystem, posing even greater challenges for defenders." Impact on industry sectors The construction industry was the only sector to see an increase in ransomware attack victims, rising by 15%. ReliaQuest attributes this to opportunistic targeting as attackers seek out industries with perceived weaker defences. The report notes, "Construction organisations may feel compelled to pay ransoms quickly to avoid costly downtime and operational delays, making them attractive targets." By contrast, the retail sector saw a 62% decrease in victims, attributed to a drop in activity from the "CL0P" ransomware Cleo campaign. Malware trends and threat actor activity The period saw increased activity by the SectopRAT malware, delivered via ClickFix and malvertising campaigns. Despite infrastructure takedowns in May 2025, Lumma infostealer operations continue, with new logs advertised on cybercriminal forums and marketplaces. "Although Lumma's activity is likely to decline over the coming months as the impact of the takedown continues to unfold, it's likely the group could regain traction over time. As attention around the takedown diminishes, attackers may return to this familiar and well-established tool," the report comments. Emergence of Scattered Spider Scattered Spider, after a five-month hiatus, returned in April 2025 with attacks on UK retail organisations. The group is identified for using detailed social engineering against high-value individuals such as CFOs and utilising both on-premises methods and cloud techniques for stealth and control. "Scattered Spider's success lies in its ability to combine social engineering precision, persistence in cloud environments, and on-premises technical expertise. These TTPs allow the group to achieve initial access, maintain control, and operate stealthily, making it difficult for organizations to detect and remediate the group's activity in the early stages of an attack." Recommendations and defensive measures ReliaQuest's report makes several recommendations for organisations, including disabling Windows Run for non-administrative users, enforcing control over RDP tool installations, implementing web filtering, and prioritising user training against social engineering. Additional measures include strengthening identity verification, enabling advanced monitoring, and conducting regular risk assessments, particularly for privileged user accounts. Looking ahead, the report anticipates broader adoption of ClickFix among ransomware affiliates, increased sophistication by groups such as Scattered Spider, and the continued rise of infostealer malware like Acreed. The report concludes by emphasising the need for proactive investment in advanced detection, user education, and securing of both cloud and traditional infrastructure to counter an upward trend in attack complexity and evasion tactics.
Business Wire
17-06-2025
- Business
- Business Wire
ReliaQuest Named to Inc.'s 2025 Best Workplaces List
TAMPA, Fla.--(BUSINESS WIRE)--ReliaQuest is proud to announce it has been named to Inc.'s 2025 Best Workplaces, honoring companies that have built exceptional workplaces and world-class mindsets that support their teams and customers. 'ReliaQuest is proud to again be named to Inc.'s Best Workplaces,' said ReliaQuest Founder and CEO Brian Murphy. 'This is a testament to our talented teammates and customers around the world.' This year's list, featured on is the result of comprehensive measurement and evaluation of companies across America. The award process involved a detailed employee survey conducted by Quantum Workplace, covering critical elements such as management effectiveness, professional development, and overall company culture. Each company's benefits were also audited to determine overall score and ranking. ReliaQuest is honored to be included among the 514 companies recognized this year. In naming ReliaQuest to this list, Inc. recognized the company's commitment to ongoing development of its 1,200+ global teammates, as they deliver cybersecurity outcomes to the largest enterprise brands in the world through ReliaQuest's Agentic AI-powered security operations platform, GreyMatter. ReliaQuest has grown largely by developing its own leaders and promoting from within, which the company does over 80% of the time. 'Inc.'s Best Workplaces program celebrates the exceptional organizations whose workplace cultures address their employees' welfare and needs in meaningful ways,' says Bonny Ghosh, editorial director at Inc. 'As companies expand and adapt to changing economic forces, maintaining such a culture is no small feat. Yet these honorees have not only achieved it—they continue to elevate the employee experience through thoughtful benefits, engagement, and a deep commitment to their teams.' To view the full list of winners, visit About ReliaQuest ReliaQuest exists to Make Security Possible. Our AI-powered security operations platform, GreyMatter, allows security teams to detect threats at the source, contain, investigate and respond in less than 5 minutes – eliminating Tier 1 and Tier 2 security operations work. GreyMatter uses our Universal Translator, detection-at-source, and Agentic AI to seamlessly connect telemetry from across cloud, multi-cloud and on-premises technologies. ReliaQuest is the only cybersecurity technology company that delivers outcomes specific to each organization's unique architecture, technology and business needs. With over 1,000 customers and 1,200 teammates across six global operating centers, ReliaQuest Makes Security Possible for the most trusted enterprise brands in the world. Learn more at About Inc. Inc. is the leading media brand and playbook for the entrepreneurs and business leaders shaping our future. Through its journalism, Inc. aims to inform, educate, and elevate the profile of its community: the risk-takers, the innovators, and the ultra-driven go-getters who are creating the future of business. Inc. is published by Mansueto Ventures LLC, along with fellow leading business publication Fast Company. For more information, visit About Quantum Workplace Quantum Workplace, based in Omaha, Nebraska, is an HR technology company that serves organizations through employee-engagement surveys, action-planning tools, exit surveys, peer-to-peer recognition, performance evaluations, goal tracking, and leadership assessment. For more information, visit
