This blog series examines response options to an enterprise intrusion of some sort, be it by “APT” or Hacktivists” or some other category involving a purpose-driven actor. I’ll refer to these as targeted attacks even though they are often not targeted too specifically, but that’s a different topic. These threats pose a risk to the organization that is, generally speaking, more severe than typical malware on a single system. A hactivist attempting to discredit your company will probably have more of a business impact than a single computer infected by the Zeus crimeware trojan. Of course, that “common” Zeus infection could happen to be on a system used by someone in finance who has access to company records, as seen in actual attacks, and may indicate a major threat to your organization.
Introduction In the first installment of this blog series we discussed several principle ideas and concepts necessary for security analysts as they seek to master an understanding of indicators of compromise (IOC). We discussed how IOCs relate to observables and how observables tie or relate to measurable events or stateful properties on a host. We [...]
Introduction Every day security analysts are faced with piecing together disparate parts of complex events of interest related to emerging and sophisticated threats. These pieces can be simple metadata elements or much more complex malicious code and content samples that require advanced reverse engineering and analysis. When pulled together, the cumulative result equates to [...]
RSA’s Peter Tran talks to Speaking of Security about new Advanced Cyber Defense Services being offered to help orgnanizations in North America and Europe create proactive strategies for defending their digital assets against a wide range of threats, and provide incident response expertise designed to help customers react aggressively to active attacks and critical incidents.
Shady Rat, Aurora, Poison Ivy, ZeuS, SpyEye, Ice IX, Stuxnet and Flame. This strange combination of terms may have no immediate relation to the layman, but for those involved in computer security and incident response, they speak of events that have sparked press coverage, executive interest and late nights.