Resources

Blog

3 Areas of Your IT Infrastructure that SCM Can Help to Secure

Gone are the days when security teams could focus all of their efforts on keeping attackers out of the network. There’s no inside or outside anymore. The modern network is porous; it allows greater numbers and types of devices to connect to it from all over the world. This characteristic might serve organizations’ evolving business needs as they...
Blog

RDP Used by Iranian Actors in International Dharma Ransomware Attacks

Iranian actors leveraged the Remote Desktop Protocol (RDP) as part of an international campaign to target companies with Dharma ransomware. Group-IB uncovered the campaign while conducting an incident response engagement for a Russian company in June 2020. As part of its investigation, the digital security solutions provider's digital forensics team...
Blog

How IT-OT Security Has Changed in the Wake of COVID-19

After the global outbreak of coronavirus 2019 (COVID-19), organizations quickly transitioned to remote work in order to enforce social distancing and to keep their employees safe. But this work-from-home arrangement opened up organizations to more risk as well as less redundancy and resilience. That’s especially the case for organizations with...
Blog

University of Utah Paid Over $450K to Ransomware Attackers

The University of Utah paid a fee of more than $450,000 to attackers after they infected a portion of its servers with ransomware. The University of Utah's CSBS building. On July 19, 2020, the Information Security Office (ISO) notified the university's College of Social and Behavioral Science (CSBS)...
Blog

Snail Mail With a Privacy Twist

A friend of mine received an interesting piece of snail mail the other day. It was one of those inheritance scam letters that usually arrive in E-Mail. An image of the letter is shown below: In summary, the author, a high-ranking bank official, has an unclaimed inheritance that he is willing to split...
Blog

Decryption Tool Released for WannaRen Ransomware

Security researchers released a decryption tool that enables victims of WannaRen ransomware to recover their files for free. On August 19, Bitdefender announced that it had made a WannaRen decryption utility publicly available for download. The security firm urged victims of this ransomware to save the decryptor somewhere on their computer after...
Blog

Security Execs’ Advice on Overcoming the Challenges of Remote Work

At the outset of the global coronavirus 2019 (COVID-19) pandemic, many organizations decided to enforce social distancing by requiring that their employees begin working from home. This decision changed the fundamental way in which many employees were accustomed to working. It also created new security challenges for organizations that had larger...
Blog

From Customer to Employee – A Tripwire Journey

Tripwire is very much household name within the cybersecurity community. It's been around from the early days of creating intrusion detection software that would later be known as File Integrity Monitoring (FIM) all the way through to deploying a portfolio of products that focuses on SCM, Vulnerability Management, Asset Management, Industrial...
Blog

Credential Stuffing Attacks Targeted GCKey, CRA Accounts

Malicious actors launched credential stuffing attacks that targeted Canada's GCKey service and Canada Revenue Agency (CRA) accounts. On August 15, the Treasury Board of Canada Secretariat announced that the Government of Canada was in the process of responding to a series of credential stuffing...
Blog

Integrating the Risk Management Framework (RMF) with DevOps

Information security should be at the heart of every system launched. In accordance with the Federal Information Security Management Act (FISMA), an information technology system is granted an Authority to Operate (ATO) after passing a risk-based cybersecurity assessment. The ATO Problem However, the ATO process can pose several challenges to the...
Blog

CISA Warns of Phishing Emails Leading to Spoofed COVID-19 Relief Page

The Cybersecurity & Infrastructure Security Agency (CISA) warned that phishing emails are redirecting recipients to spoofed COVID-19 loan relief pages. On August 12, CISA announced its discovery of the attack campaign in Alert (AA20-225A): The Cybersecurity and Infrastructure Security Agency (CISA) is currently tracking an unknown malicious cyber...
Blog

Google App Engine, Azure App Service Abused in Phishing Campaign

A phishing campaign abused both the Google App Engine and the Azure App Service to steal victims' Microsoft Outlook credentials. Netskope observed that the attack campaign started with a shortened link "https://bitly[.]com/33nMLkZ" distributed by a phishing email. This link redirected a recipient of the email to a Google App Engine domain "https:/...