Cyber Threat Intelligence

What is a XSRF attack? XSRF, also known as Cross-Site Request Forgery, is a type of attack that involves tricking a user into making a malicious transaction with a website without their knowledge. This can occur when a user is logged into a website and visits a malicious website or clicks on a malicious link. The attacker can then use the user’s active logged in status on another website to make requests on the user’s behalf, potentially allowing the attacker to perform unauthorized actions or access sensitive information. XSRF attacks can be prevented by implementing proper authentication and authorization measures on the website, such as using unique tokens for each user session. What is a session hijacking attack? Session hijacking is a type of cyberattack where an attacker takes over a user’s active session on a website or application and gains unauthorized access to the user’s account. This can be…

Read more

Why is user awareness training important for IT security? Phishing operations represent 41% of cyber breach incidents according to the IBM X-Force report. Deloitte estimates phishing to be the initial attack vector in 91% of cyber breaches.   These estimates put phishing at the forefront of corporate attack surface because they identify phishing as the most successful method used by attackers to compromise a system and gain initial access to a victim’s network.  In response, organizations need to increase their resilience against phishing and other types of social engineering attacks. By testing their staff’s ability to effectively identify phishing attempts and malspam and providing educational material, an organization can identify potential weaknesses and reduce the chance that an employee will fall prey to an attack.  Of course, secondary cybersecurity measures should be in place to detect and respond to a successful phishing attack, user awareness training is a good practice…

Read more

Nessus is an enterprise vulnerability scanner that can perform external and internal credentialed scans and can support a continuous vulnerability management program.  Nessus favors ease of use as compared to granular control over scanning which allows quick and efficient scanning configuration.  Nessus comes with many pre-configured scans for PCI-DSS, compliance OVAL, and SCAP scanning, and many scans for novel threats such as Solarigate, CISA threat advisories, Log4Shell, Ransomware attacks, and more. Watch the video below to get the full scoop on how Nessus can support enterprise vulnerability management.    

Read more

From the defender’s perspective ransomware is the biggest threat in the modern cybersecurity landscape. From a criminal perspective it’s a highly lucrative form of cybercrime, and perpetrators face only negligible chances of being prosecuted with less than 20 arrests reported in 2020 [1]. The highest amount of ransom ever paid by a single company for a single incident is $40 million US dollars [2][3], however, the cost of a ransomware attack is not limited to ransom payments. Companies can incur millions more in remediation costs, service downtime, legal settlements, higher insurance premiums, and potentially suffer long-term deleterious effects to their brand reputation [4]. One report estimates that 74% of ransomware payments go to Russian backed groups; more than $400 million USD in 2021 [5]. Another report from blockchain research group Chainalysis suggests that nearly $700 million USD in ransomware ransom was paid in 2020 [6] [7]. Not all ransomware strains…

Read more

OpenSSF is a new initiative aimed at improving the security of open source software (OSS). Founded by a group of major tech companies, including Google, Microsoft, and Red Hat, OpenSSF is intended to provide a collaborative framework for organizations to work together on security best practices, guidelines, and tools for OSS. The goal of OpenSSF is to make it easier for organizations to adopt OSS without sacrificing security. What is Software Supply Chain Risk? Software supply chain risks refer to the potential vulnerabilities and security threats that can arise in the process of creating, distributing, and maintaining software. These risks can come from a variety of sources, including the use of insecure or unverified third-party components, inadequate testing and verification processes, and the lack of secure communication and collaboration among teams. One of the biggest risks associated with the software supply chain is the potential for malicious code to be…

Read more

In an MSNBC interview posted to YouTube on February 24th, 2022, approximately 24 hours after the initial invasion of Ukraine by Russian military forces, Leon Panetta former US Secratary of Defence and former head of the CIA was asked whether now is a good time for the US to use offensive cyber-war against Russia.  Rather that address the question directly, Panetta addressed the greater context of the invasion for Ukrainian national security.  The question is worth addressing though. So, is now a good time for counter forces to launch a cyber offensive? Is now the time for offensive cyber-attack? It Depends. That is the short and true answer. Here comes the why. Probably the most effective use of cyber weapons in warfare is when they are purposed for for gathering information, aka spying. The most advanced forms of cyber weapons (known as advanced persistent threats or APT for short) are…

Read more

We Have All Heard This Story Before It’s no doubt that ransomware is is the biggest threat in the modern cybersecurity landscape. The highest amount of ransom ever paid by a single company for a single incident is $40 million US dollars. Companies can incur millions more in remediation costs, service downtime, legal settlements, higher insurance premiums, and potentially suffer long-term deleterious effects to their brand reputation. Blockchain research group Chainalysis suggests that nearly $700 million USD in ransomware ransom was paid in 2020. Defenders have all been hearing this story for years, and know how to secure against ransomware right? The most common initial access vector is phishing so staff training sessions educating our staff on how to spot a deceptive url is required to keep the bad guys out. Installing endpoint security products and keeping them updated, and of course keep bulletproof backups right? Well, yes and no….

Read more

What Is “Fake Ransomware”? The term “fake ransomware” might conjure up some feelings of relief. After all, if the ransomware is fake, then it must not have encrypted files, right? However, the term has been used to refer to a few different variants of a true ransomware attack. Firstly, it has been used to describe ransomware that does not encrypt files, but instead attempts to trick the victim into thinking their files are encrypted while demanding a payment to recover them. Secondly, the term has also been used to refer to ransomware that does in fact encrypt your files, but does not offer a decryption key if ransom is paid. This is much more nefarious and destructive than the first type; a real sucker punch. And most recently, the term has been used to refer to a case where ransomware was deployed by a company against itself to cover up…

Read more

In part 1 of PHP Malware series, we learned what a web-shell is and learned some basic ways that an attacker can build web-shell in PHP. In part two we took a look at how web-shells can be hidden using base 64 encoding and AES encryption techniques. In part three we’re gonna look at other crafty ways that an attacker could obfuscate PHP web shell or other malware such as a stealer which would exfiltrate sensitive data as it’s processed by a website. Cyber criminals want to avoid malware being found, and when it is found, they want it to be difficult for a researcher to discover what the malware is doing. An an attack technique is novel, attackers don’t want defensive security researchers to be able to use the technique information to build defensive strategy or make the information public. In order to demonstrate the skill’s of reverse engineering…

Read more

In October 2021, while writing an article about EDR/XDR solutions,  I read an article from The Journal of CyberSecurity and Privacy entitled:  “An Empirical Assessment of Endpoint Detection and Response Systems against Advanced Persistent Threats Attack Vectors”.  I think now is a good time to revisit that research paper. The study tested state of the art EPP and EDR platforms against simulated APT attacks.  They key contribution of this paper is that it reveals what type of TTPs are still able to circumvent top of the line EDR solutions.  The products tested in the study are a who’s who of leading endpoint security vendors? Seeing a blog post from Recorded Future discussing the same paper  reminded me about it, and wanted to contribute my take on it. The full FINAL paper is available and the published version is available by searching Google for the article title “An Empirical Assessment of…

Read more