Fear Nothing: The Gamers Approach To Building a SOC

“You say the hill’s too steep to climb. Chiding! You say you’d like to see me try, Climbing! You pick the place and I’ll choose the time. And I’ll climb the hill in my own way” – from Fearless by Pink Floyd   Cliché alert! There is no silver bullet for security (I warned you).…

Read More

Four ways the financial industry could have fought Carbanak

It sounds like something out of a movie script — robbing a bank over the Internet — but that’s essentially what happened recently with the Carbanak malware. If you hadn’t heard about it, this was a campaign which ran over the course of 24 months and is believed to have netted thieves about US$1 billion.…

Read More

I’m sorry, I don’t speak security Klingon

“I’m just a soul whose intentions are good. Oh Lord, please don’t let me be misunderstood” From Don’t Let Me Be Misunderstood by The Animals Recently, I was speaking with a customer who told us their company’s top priority for the year was increasing their information security capabilities. Their biggest competitive advantage like many other…

Read More

Security Hipsters Meet The Mainstream

“Well, my boyfriend’s in a band, he plays guitar while I sing Lou Reed. I’ve got feathers in my hair, I get down to Beat poetry. And my jazz collection’s rare, I can play most anything. I’m a Brooklyn baby.” – from Brooklyn Baby by Lana Del Rey.   Whether we like it or not the…

Read More

RSA Rises to the Challenge of APTs

Recent news around APT attacks have underscored the critical importance of improving our techniques for rapidly detecting, analyzing and responding to APTs. To foster research in this area, Los Alamos National Lab (LANL) recently released an anonymized dataset of DNS activity collected from their internal servers over a two months window (February and March 2013), overlaid with traffic from 20 simulated APT attacks during the month of March. LANL also issued a public challenge to the cybersecurity community to “develop techniques for detecting malicious externaldomains given the DNS logs for a site and to identify potentially infected hosts in the process.”

Read More

The Danger of Denial

I was very surprised recently, in a conversation I had with someone I used to work with, to hear him remark that he didn’t think there is any such thing as stealthy, targeted attacks. His comment was something like “those warnings about APTs, targeted attacks, whatever you want to call them, is just a distraction…

Read More

How to Make Your Sandbox Smarter

Sandboxes are a great tool with two primary uses: 1.) A tool to assist malware analyst during their analysis and 2.) A first line security tool for Tier 1/Level 1 (T1/L1) analysts to help determine if a file exhibits malicious behavior and to rate the severity of an incident. It is the later use that I am going to focus on. When used correctly, sandboxes can enhance a T1/L1 analysts ability to detect and classify incidents for an organizations’ Security Operation Centers (SOC).

Read More

The next marketing buzzword in security is…

Every year we seem to have a new buzz term in security. As someone who lives in the security product marketing world I’ve seen trends come and go. Terminology that was once mandatory in every piece of collateral suddenly becomes stale and cringe-worthy (APT is becoming one of these). We’ve had a bunch of buzzwords and phrases; some were pretty good and some were really terrible. I should know I helped propagate some of these buzzwords.

Read More

Lions at the Watering Hole – The “VOHO” Affair

As part of routine security research, the RSA Advanced Threat Intelligence Team identified a new hacking attack this week that uses a technique that we’ve termed “Watering Hole”. In the new attack we’ve identified, which we are calling “VOHO”, the methodology relies on “trojanizing” legitimate websites specific to a geographic area which the attacker believes will be visited by end users who belong to the organization they wish to penetrate. This results in a wholesale compromise of multiple hosts inside a corporate network as the end-users go about their daily business, much like a lion will lie in wait to ambush prey at a watering hole.

Read More