Resources

Blog

PonyFinal Ransomware Delivered by Extended Human-Operated Attacks

Security researchers witnessed the deployment of PonyFinal ransomware at the end of extended human-operated attack campaigns. In a series of tweets, Microsoft Security Intelligence revealed it had observed human-operated campaigns laying in wait for the right moment to deploy PonyFinal ransomware as their final payload. In their operations, the...
Blog

[F]Unicorn Ransomware Masquerading as COVID-19 Contact Tracing App

A new ransomware family called "[F]Unicorn" masqueraded as a COVID-19 contact tracing app in order to target Italian users. On May 25, the the Computer Emergency Response Team (CERT) from the Agency for Digital Italy (AgID) revealed in an advisory that it had received a sample of [F]Unicorn from security researcher JamesWT_MHT. The sample analyzed...
Blog

The MITRE ATT&CK Framework: Exfiltration

Once an attacker has established access and pivoted around to the point of gathering the necessary data, they will work on exfiltration of that data. Not all malware will reach this stage. Ransomware, for example, usually has no interest in exfiltrating data. As with the Collection tactic, there’s little guidance on how to mitigate an attacker...
Blog

Protecting Fleet Data from Security Threats

Big data is revolutionizing fleet management — specifically in the form of telematics. From engine diagnostics that track fuel efficiency and mileage to sensors that detect aggressive driving behavior and interior vehicle activity, this information is so valuable that we’re quickly approaching the point where connected technology will come standard...
Blog

Updated AnarchyGrabber Steals Passwords, Spreads to Discord Friends

Researchers found an updated version of AnarchyGrabber that steals victims' plaintext passwords and infects victims' friends on Discord. Detected as AnarchyGrabber3, the new trojan variant modified the Discord client's %AppData%\Discord\[version]\modules\discord_desktop_core\index.js file upon successful installation. This process gave the malware...
Blog

Climbing the Vulnerability Management Mountain: Reaching the Summit (VM Maturity Level 5)

Only the truly committed ever reach the summit of anything. This sentiment holds true for vulnerability management. An organization cannot reach the summit without a serious commitment to fund and staff the program appropriately across the organization. Reaching ML:5 means tying the program to the business. Everyone must be aligned with the metrics...
Blog

How to Protect the Future of IT

Working remotely, either from home or from elsewhere, isn’t something new. It has been used by many companies worldwide over the past decade. That said, it was typically restricted to only a couple days a month or to specific IT-savvy departments. But as we have seen throughout time, adversity and crisis lead to change and sometimes revolutions in...
Blog

Observing a Privacy Milestone: Expert Thoughts on GDPR’s 2nd Anniversary

May 25, 2020 marks the second anniversary of when the European Union’s General Data Protection Regulation (GDPR) took full effect. Undoubtedly, many organizations have succeeded in achieving compliance with the Regulation by now. But that raises some important questions. What benefits have those organizations experienced in achieving compliance, for...
Blog

U.S. Elections: Effectively Balancing Access and Security

For a Democratic Party desperate to unseat President Trump in November, the primary election process has been filled with large-scale technology failure, official miscalculations, voter annoyance and public embarrassment, not to mention piles of money spent in pursuit of an improved 21st-century process that turned out to be worse than what they had...
Blog

MilkmanVictory Ransomware Created for Purpose of Attacking Scammers

A hacking group claimed that it developed a new ransomware strain called "MilkmanVictory" for the purpose of attacking scammers. Collectively known as "CyberWare," the group announced their creation on Twitter in mid-May. https://twitter.com/LiteMods/status/1261605833290514432?s=20 In an email conversation with Bleeping Computer, CyberWare revealed...
Blog

BlockFi Hacked Following SIM Swap Attack, But Says No Funds Lost

For just under 90 minutes last Thursday, hackers were able to compromise the systems of cryptocurrency lending platform BlockFi, and gain unauthorised access to users' names, email addresses, dates of birth, address and activity history. In an incident report published on its website, BlockFi was keen to stress that the hacker's activity had been...
Blog

Scattered Canary Behind Hundreds of Fraudulent Unemployment Claims

Security researchers discovered that the Scattered Canary group had filed hundreds of fraudulent unemployment claims in the wake of COVID-19. According to Agari Cyber Intelligence Division, at least some of the threat actors who took part in a large-scale fraud campaign targeting dozens of states' unemployment insurance programs belonged to a...
Blog

Verizon DBIR 2020: Cloud Apps, Stolen Credentials, and Errors

It’s DBIR season! Put down your pens, stop watching “The Last Dance” and get to reading the key findings of the 13th edition of the annual Verizon Data Breach Investigations Report! If “experience is merely the name men gave to their mistakes,” as Oscar Wilde puts it in The Picture of Dorian Gray, then the more we know about the threats we face and...
Blog

The MITRE ATT&CK Framework: Collection

The Collection tactic outlines techniques an attacker will undertake in order to find and gather the data they need to meet their actions on objectives. I see most of these techniques as being useful for describing what a piece of malware or threat actor is up to rather than looking to them for guidance on how to mitigate and detect their actions....
Blog

Attacks Targeting ICS & OT Assets Grew 2000% Since 2018, Report Reveals

The digital threat landscape is always changing. This year is an excellent (albeit extreme) example. With the help of Dimensional Research, Tripwire found out that 58% of IT security professionals were more concerned about the security of their employees’ home networks than they were before the outbreak of coronavirus 2019 (COVID-19). Slightly fewer...
Blog

Winning with Cyber Threat Intelligence: Taking a More Personal View

In this final article of our trilogy, we investigate how a cyber threat intelligence (CTI) analyst and associated programmes provide insight about physical and cyber threats to your organisation. The value of these insights is reflected in the wins, which come as a result of context building, holistic understanding, and enhanced awareness in order...
Blog

The Perimeter Really Is Gone - CIS Controls and COVID-19 with Tony Sager

Tony Sager, Senior Vice President and Chief Evangelist at CIS (Center for Internet Security) joins us to discuss the best approaches to the changing security landscape in the wake of COVID-19. Tony is a lifelong defender, with more than 44 years of experience. He spent most of his career at the NSA and now leads the development of the CIS Controls,...
Blog

'Glitch' in Illinois' PUA System Blamed for Exposing SSNs, Private Data

Government officials said that a glitch in the State of Illinois' Pandemic Unemployment Assistance (PUA) program exposed thousands of people's Social Security Numbers (SSNs) and other private data. Jordan Abudayyeh, a spokesperson for Illinois Governor J. B. Pritzer, sent a statement to WBEZ on May 16. In it, she revealed that the Illinois...