M-Trends 2015: A View From the Front Lines (German Language)

| April 26, 2016

article image
Talking about the threat landscape is no substitute for experiencing it first-hand. "M-Trends 2015: A View from the Front Lines," distills the insights gleaned from hundreds of Mandiant incident response investigations in more than 30 industry sectors. The report provides key insights, statistics, and case studies illustrating how the tools and tactics of advanced persistent threat (APT) actors have evolved over the last year.

Spotlight

IID

IID is an Infoblox company. Its flagship product, ActiveTrust, adds clarity to cyberthreat intelligence by distilling threat data from thousands of trusted sources, and fusing it into actionable intelligence delivered to security professionals and automated infrastructure. Fortune 500 companies and U.S. government agencies leverage IID to detect and mitigate threats, making ActiveTrust one of the world’s largest commercial cyberthreat data exchanges. The IID page will transition through March, and be sunset at the end of the month.

OTHER ARTICLES

New ‘Haken’ Malware Found On Eight Apps In Google Play Store

Article | February 21, 2020

Researchers have identified eight malicious Android apps in the official Google Play marketplace distributing a new malware family. The “Haken” malware exfiltrates sensitive data from victims and covertly signs them up for expensive premium subscription services. The eight apps in question, which have since been removed, had collectively been downloaded 50,000 times. The apps were mostly camera utilities and children’s games, including “Kids Coloring,” “Compass,” “qrcode,” “Fruits coloring book,” “soccer coloring book,” “fruit jump tower,” “ball number shooter” and “Inongdan.” The apps legitimately function as advertised, but in the background covertly perform an array of malicious functions. “Haken has shown clicking capabilities while staying under the radar of Google Play,” said researchers with Check Point Research, in an analysis on Friday. “Even with a relatively low download count of 50,000+, this campaign has shown the ability that malicious actors have to generate revenue from fraudulent advertising campaigns.

Read More

Guest Blog: Cyber security guidance for remote working

Article | March 20, 2020

In these challenging times, it’s sad to learn that cyber criminals are only increasing their activity as they look to capitalise on the Covid-19 crisis. With the NCSC (National Cyber Security Centre) issuing warnings of such activity on a daily basis, it’s important that we all work to protect our businesses from the damage of cybercrime. As many of us move to working from home, the opportunity for cyber attacks only increases, so it’s vital that we work together with our IT colleagues to adopt good cyber health practices. If you are working from home, you should only be using a VPN (Virtual Private Network) or a secure home network with strong end-to-end encryption; e.g. Office 365 SSL session. Don’t be tempted to use public wifi, as hackers can position themselves between you and the access point.

Read More

Ryuk: Defending Against This Increasingly Busy Ransomware Family

Article | February 12, 2020

On December 16, 2019, the U.S. Coast Guard disclosed a security incident at a facility regulated by the Maritime Transportation Security Act (MTSA). Forensic analysis suggests that the incident might have begun when an employee clicked on a link embedded in a phishing email.This action enabled a threat actor to set Ryuk ransomware loose on the facility’s network. Ultimately, the infection spread to all IT network files, leading Ryuk to disrupt the corporate IT network and prevent critical process control monitoring systems from functioning properly. Phishing is one of the primary infection vectors for most ransomware families, but there’s an interesting twist with this particular family. As noted by Malwarebytes, a typical Ryuk attack begins when a user opens a weaponized Microsoft Office document attached to a phishing email. Opening the document causes a malicious macro to execute a PowerShell command that attempts to download the banking trojan Emotet. This has the ability to download additional malware onto an infected machine that retrieves and executes Trickbot.

Read More

Progress Is the Promise in National Cybersecurity Strategy

Article | March 23, 2020

How can progress be measured when it comes to shifts in national security strategy and practice? Several assessment variables might include changes in official national guidance, legal authorities, types of campaigns or operations, lexicon used in national security discourse, and early results of the application of those changes. Since 2016, with the introduction of the construct of persistent engagement and the subsequent development of defend forward, all these variables have changed in a positive manner.

Read More

Spotlight

IID

IID is an Infoblox company. Its flagship product, ActiveTrust, adds clarity to cyberthreat intelligence by distilling threat data from thousands of trusted sources, and fusing it into actionable intelligence delivered to security professionals and automated infrastructure. Fortune 500 companies and U.S. government agencies leverage IID to detect and mitigate threats, making ActiveTrust one of the world’s largest commercial cyberthreat data exchanges. The IID page will transition through March, and be sunset at the end of the month.

Events