As we have discussed in previous articles on our blog, smart technologies are advancing at a precedential speed. New technologies and IoT devices allow operational technology infrastructures to connect to the information technology (IT) realm, receiving data and controls from Internet-connected devices. While this creates amazing opportunities and technological advancement, such as simplified process control, real-time visibility, and decreased unplanned downtime, connecting OT devices to the Internet makes them vulnerable to an additional world of threats and attack types. Companies and facilities must strictly protect their industrial control system (ICS) and SCADA networks, since a breach can cause damage to an electrical grid, an oil rig, or even to emergency services systems during a crisis.Read More
Last Friday’s family dinner started like any other. My grandmother stealthily running around the kitchen adding some finishing touches to her amazing dishes, while her children and grandchildren gradually arrive. Meeting once a week (or two) for a Friday dinner is customary for traditional Israeli families (and let’s face it, Israel is so small that no matter where you live – it’s still no more than a few-hour drive from your family). As we started moving delicious-smelling food from the kitchen to the dining room, my family asked me excitedly (and a bit worriedly) – “Did you hear about the Shirbit cyber attack? They got attacked with a ransom malware, have you heard of those?”.Read More
5G is here, and it is definitely changing 21st century technology. The fifth generation of wireless connectivity marks a new era for devices of all kinds, serving as critical infrastructure to promote the digitization, automation and connectivity of machines, robots, smart appliances, transport solutions and more. In addition to advanced infrastructure technologies - smartphones, computers and Internet-of-Things devices are extremely prevalent in every home - and they’re getting smarter. With the increased demand for connectivity and 5G-enabled IoT devices, vendors are rushing their products to be the first on the market, trying to beat out the competition on the way. According to Statista, there will be a whopping 74 Billion connected devices by 2025. Even last month’s Black Friday deals on next generation smartphones and smart devices may very well have equipped another couple million Americans with 5G-compatible devices. But despite the excitement and hype around smart technologies, this race-to-market is creating a gaping hole where strong security and advanced technology must meet. Vendors are sacrificing security testing, allowing potential vulnerabilities to remain hidden in the backend of devices.Read More
2020 has been quite a year. The global Covid-19 pandemic changed up the rules of most peoples’ daily lives, taking a big toll on individuals, businesses and organizations. During this time, cyber attackers were quick to jump on the exploitation wagon, taking advantage of the chaos and changes in work and activity patterns to deploy attacks, steal information and cash in on victims. Large firms such as Deloitte have seen a spike in cyber-attacks during the Coronavirus pandemic such as Covid-themed phishing, malspam, and ransomware attacks.Read More
While it does not boast any special or complex installation tactics, Shlayer’s distribution vector has made it a tremendous success - the malware has been the most prevalent MacOS strain since its debut two years ago, never falling off its leading spot. Shlayer uses a well-known infection tactic – pressing on a bad link directs the victim to a fake Adobe Flash update.Read More
The chief problem with cyber security is that most of our tools and workforce is geared to waiting for adverse events, detecting those events (sometimes months after the fact), investigating the breach that has already occurred, and then cleaning up. This slow and reactive process ensures breaches happen and security staff us overwhelmed under the noise.
This talk will focus on automation and machine learning techniques that can proactively identify threats seen in the wild based on the latest academic research. This techniques allow organizations to identify suspect infrastructure before it is used to attack them. The key to making this work is infusing machine learning with knowledge of how actual attacks work and the threat landscape. Machine learning without intelligence is merely gussied up mensa math exercises.
Earlier this month, a new variant of the Guildma information stealer was analyzed by the Internet Storm Center (ISC). The malware’s new campaign has been seen targeting various countries in South America, with the highest number of infections recorded in Brazil. It seems that Guildma is spreading quickly, with another recent campaign reaching over 150,000 infection attempts in a matter of weeks.Read More
Making connections and finding new indicators is an important part of IOC analysis, and is probably the most enjoyable part as well. Blog posts and reports on new threats will usually mention the indicators seen to be used by the specific malware sample or attack vector analyzed, yet in many cases there is a larger malicious infrastructure behind them just waiting to be uncovered (and blocked!). Sometimes, a whole other malicious infrastructure can be revealed by examining IOCs related to malicious IPs and domains. There are a variety of tools out there that can help analysts investigate indicators of compromise and their infrastructure, and perform enrichment to shed light on related, malicious IOCs.
In this post, we will review some of our Security Research Team’s favorite connection and enrichment platforms.
Welcome To Our New Weekly Series, Free Open Source Analysis Tools.
This Week's Topic: Free Open-Source Analysis Tools, Why Use IOCs?
Throughout this series, we'll be talking about a Security Analyst’s IOC analysis journey. From discovering relevant indicators and performing the analysis, to finding enrichments and new IOCs. We will also share recommendations for free open-source analysis tools and use cases completed by ThreatSTOP's Security and Research Team, showing how to utilize the various platforms and tools. Let's get started.Read More
You’ve probably heard of Threat Intelligence, it's all the rage and all the cool kids are doing it… where’ve you been? Threat Intelligence, or “TI,” is everywhere and in everything, and it can be cool, but it can also be slippery and confusing and complex and a huge waste of time and resources depending on what you do (or don’t do) with it. In this post, we’re going to make a bunch of snarky statements about Threat Intelligence, and we’re going to spill the tea on how you (as a small or medium sized business) can use it and actually get some security value in return.Read More