An Update on Terracotta VPN

  Yesterday at Black Hat Asia in Singapore, RSA Researcher Kent Backman presented an update on Terracotta, our name for a VPN service marketed in China that we originally reported on in August of 2015. Great Firewall traversal, a primary use case for Terracotta, is commonly marketed to Chinese users. Terracotta was notable because many…

Privacy: THE HOT TOPIC at #RSAC

Data privacy dominated the discourse at RSA Conference last week, unlike any hot-topic of years past. If you’re fascinated by this debate, as I am, and missed-out on some or all of RSAC this year, here is a list of talks that caught my attention. In addition to these keynote talks, the discussion spilled-out into…

Threat Detection Techniques – ATM Malware

There once was a time when stealing money from a bank ATM required actual physical manipulation of the terminal itself.  Many criminal schemes have been repeated throughout the years, ranging from physical destruction of the terminal (ramming it with a vehicle) to the use of ‘skimmers’ to steal customer credentials.  Successful ATM capers were not…

Is Canada really better at Cyber?

The 2016 Cyber Readiness Study of Canadian Organizations was published today by Scalar Decisions, a solution provider based in Toronto, and RSA partner.  Scalar was recently rated #1 for Security among Information Communications and Technology companies in Canada by The Branham Group. When we compare the results of the second annual Scalar Security Study with…

Peering into GlassRAT

Today RSA is reporting GlassRAT, a previously undetectable Remote Access Tool (RAT) which was discovered by the RSA Incident Response Team and investigated by RSA Research during an engagement with a multi-national enterprise.   While the malware was not detectable by endpoint antivirus products, RSA Security Analytics was able to identify and alert on its network…

Reconnaissance: A Walkthrough of the “APT” Intelligence Gathering Process

Rotem Kerner of RSA Research has penned a short paper, Reconnaissance: A Walkthrough of the “APT” Intelligence Gathering Process.   It is first in a series that we will publish the follows The Cyber Kill Chain[i]. The Cyber Kill Chain model was developed by Lockheed Martin’s Computer Incident Response Team earlier in the decade.   It breaks…

Terracotta VPN: Enabler of Advanced Threat Anonymity

Today, RSA Research published an in-depth report on a commercial VPN network, originating in China, which we are calling “Terracotta”.  It is being used as a launch platform for APT actors including the now well-known Shell_Crew / Deep Panda group (which RSA exposed in a January 2014 report, http://www.emc.com/collateral/white-papers/h12756-wp-shell-crew.pdf ). Terracotta’s network of 1500+ VPN…