Another day. Another Ransomware.

TeslaCrypt is a ransomware trojan that targets computers with user data and specific computer games installed. Once the system is infected, the malware searches for various file types related to personal documents and different games, including Call of Duty series,World of Warcraft, Minecraft and World of Tanks, and then encrypts them.  The victim is then prompted with a…

Read More

The Targeted Forensics Series: Examination of Command Line RAR and 7-ZIP Prefetch Files (Part 2)

As an Advisory Consultant for RSA’s Advanced Cyber Defense practice, one of my objectives is show our clients how to focus on incident investigation and not just resolution. This is a holistic solution, made of many components, one of which I always recommend, is performing live response/targeted forensics. This series is focused on establishing procedures…

Read More
Figure 1

More than Meets the Eye

In Arlington, VA, there is a center that focuses on cyber attack mitigation, where close to 100 specialists monitor what’s going on in the world. This is the Department of Homeland Security (DHS) cybersecurity center. It is located in a suburban area in a building with no government seals or signs. In short, it is…

Read More

An APT Case Study

The RSA IR team deals with APT actors on a daily basis on networks of various sizes. Regardless of the size of the network, or the number of advanced actors we find in them, one thing is paramount to both us and our customers during investigations: the ability to quickly scope severity of the intrusion. …

Read More
Media Provided by :

Wolves Among Us: Abusing Trusted Providers for Malware Operations

Within the past year the RSA Incident Response (IR) team has worked multiple APT engagements where they’ve identified the adversary’s malware using a unique method of determining its Command and Control (C2) server. By leveraging trusted content providers, such as popular shopping sites and discussion forums, adversaries can perform operations within a network in plain…

Read More

Zeus Toolkit infected with a Ramnit Worm

RSA Research monitors and analyzes the malicious activity of online cybercrime infrastructures on an ongoing basis. In a recent discovery, the lab’s researchers studied the workings of a customized Zeus Trojan Admin panel, which had apparently picked up a Ramnit worm that infects any machine that installs the Zeus Panther Admin panel. A History Lesson…

Read More