The Cyber Espionage Blueprint

This week the RSA FirstWatch team released research that explores the realities associated with long-term Advanced Persistent Threat (APT) analysis.  The report, The Cyber Espionage Blueprint Understanding Commonalities in Targeted Malware Campaigns, is the culmination of a year’s worth of research from the RSA FirstWatch team.  In that time they collected approximately 2400 samples that…

You Say Potato, I Say Innovation

I’ve always been a fan of the potato, in any incarnation. Whether it be mashed, baked, sweet, fried or in a salad, it’s alllll good; Idaho’s prized export is one of the more versatile subterraneous vegetables. And you would think with all its various culinary constructions, it has more than earned its keep in any…

The What, Why and How of Business-Driven IAM

A June article in “TechRepublic” stated that Identity and Access Management (IAM) is one of the most sought-after platforms in IT Security. In fact, since 2009, the number of organizations installing IAM solutions has “risen from around 25 percent to 70 percent.” But even a rudimentary understanding of economics would tell you that this sharp…

IAM on Campus: Iowa State Edition

This blog has always maintained that an important part of any company’s long-term viability is a strong IT security platform.  It was published here and here and here, and oh ya, here.  But even we were a little surprised when Futurity cited research asserting that a reliable IT Security platform is not just a vital…

New Trojan #INTH3WILD: Is Cybercrime Ready to Crown a New “KINS”?

Was that a typo? What is a “KINS”? Well, it appears that KINS is the name of a new professional-grade banking Trojan that is very likely taking its first steps in the cybercrime underground and could be poised to infect new victims as quickly and effectively as its Zeus, SpyEye and Citadel predecessors. Some Cybercrime…

It’s Raining Zbot! New Variant Turns to Cloud for Strength #INTH3WILD

By Fielder, Senior Researcher, RSA FirstWatch Team RSA FirstWatch has detected a new Zbot variant that utilizes multiple cloud services providers to strengthen their command and control ability.  While malware in the cloud has been discussed and observed for years, what makes this variant of Zbot different is that it doesn’t behave like most variants…

The security pitfalls of mining Big Data

(Editor’s note: In this guest essay, Laura Robinson, Chair of the Security for Business Innovation Council, outlines the security challenges in working with Big Data.) In many ways, last year – 2012 – can be considered the year of Big Data. TIME declared “Big Data” the #2 buzzword of the year, and data scientist Nate…

ECAT and Zeus revisited: P2P edition

Our team likes to use variants of Zeus to test and demo ECAT’s capabilities. Zeus is definitely on the mature side for a malware family, yet its authors update Zeus on a regular basis, ensuring low AV detections with the most recent variants. Zeus is not targeted malware by any means, in fact quite the…

How to Make Your Sandbox Smarter

Sandboxes are a great tool with two primary uses: A tool to assist malware analyst during their analysis and A first line security tool for Tier 1/Level 1 (T1/L1) analysts to help determine if a file exhibits malicious behavior and to rate the severity of an incident. It is the later use that I am…

The Carberp Code is #INTH3WILD – Now What?

By Daniel Cohen, Head of Knowledge Deliver and Business Developments, RSA FraudAction Group   History Repeats Itself…. “History repeats itself, and that’s one of the things that’s wrong with history.” – Clarence Darrow Be it internal disagreements within the Carberp team, or law enforcement pressure following the arrests in 2012, the Carberp cyber gang members…