malware

The CISO White Elephant Party

The holiday season is the storm before the calm. Available time is occupied with getting ready for end-of-quarter / end-of-year, squeezing in meetings before folks depart, shopping, and of course attending white elephant gift exchange parties. These parties are notorious for exchanging absurd gifts that are burdensome, possibly expensive, and serve little purpose. If you’re…

Friendly Fraud and How to Keep Parents Safe Online

I recently read a great blog which discusses a child’s journey through the digital universe.  If you are a parent, especially of a young child, I highly recommend it.  The digital world offers so many amazing opportunities for our children to learn, yet there is certainly a dark side of which we must always be…

Peering into GlassRAT

Today RSA is reporting GlassRAT, a previously undetectable Remote Access Tool (RAT) which was discovered by the RSA Incident Response Team and investigated by RSA Research during an engagement with a multi-national enterprise.   While the malware was not detectable by endpoint antivirus products, RSA Security Analytics was able to identify and alert on its network…

David vs. Goliath

Yes. Yes. You are very good at what you do (even the best!). You have skills, techniques, speed and strength. But is that enough? Just being the best at what you do doesn’t mean you will win against any opponent. Have you ever thought what will happen to a boxer entering the Octagon with an MMA fighter? If…

Another day. Another Ransomware.

TeslaCrypt is a ransomware trojan that targets computers with user data and specific computer games installed. Once the system is infected, the malware searches for various file types related to personal documents and different games, including Call of Duty series,World of Warcraft, Minecraft and World of Tanks, and then encrypts them.  The victim is then prompted with a…

Are Cybersecurity Enhancements Drowning in the New Rec Center?

The trusty Jansport you’ve used for years is dilapidated and it’s time to replace those three ring binders. Paper supplies to fresh bedding are filling up the trunk. Let’s not forget the full size mirror for the back of the door. Mom & Dad are throwing in a jammer RFID card for your wallet, insisting…

The Targeted Forensics Series: Examination of Command Line RAR and 7-ZIP Prefetch Files (Part 2)

As an Advisory Consultant for RSA’s Advanced Cyber Defense practice, one of my objectives is show our clients how to focus on incident investigation and not just resolution. This is a holistic solution, made of many components, one of which I always recommend, is performing live response/targeted forensics. This series is focused on establishing procedures…

The Targeted Forensics Series: Examination of Command Line RAR and 7-ZIP Prefetch Files (Part 1)

As an Advisory Consultant for RSA’s Advanced Cyber Defense practice, one of my objectives is to show our clients how to focus on incident investigation and not just resolution. This is a holistic approach, made of many components, one of which I always recommend, is performing live response/targeted forensics. This series is focused on establishing…

More than Meets the Eye

In Arlington, VA, there is a center that focuses on cyber attack mitigation, where close to 100 specialists monitor what’s going on in the world. This is the Department of Homeland Security (DHS) cybersecurity center. It is located in a suburban area in a building with no government seals or signs. In short, it is…

An APT Case Study

The RSA IR team deals with APT actors on a daily basis on networks of various sizes. Regardless of the size of the network, or the number of advanced actors we find in them, one thing is paramount to both us and our customers during investigations: the ability to quickly scope severity of the intrusion. …