Ransomware

Blank Slate: A Tale of Two Malware Servers

In March 2017, Palo Alto Networks Unit 42 published research on a new malicious spam campaign dubbed “Blank Slate.” Named as such because the malspam message is empty. Only the malicious attachment is present, as seen in Figure 1. Figure 1: Blank Slate malspam e-mail Recently, Blank Slate struck deploying Cerber ransomware once again, affording…

What Your Business Can Learn from WannaCry

The biggest cyber attack began last week, spreading to more than 150 countries and infecting 200,000 machines. The outbreak is a ransomware threat, WanaCrypt0r 2.0 also known as WannaCry, with worm-like capabilities leveraging an exploit against vulnerable Microsoft Windows® operating systems. Ransomware mimics the age-old crime of kidnapping: someone takes something you value, and in…

How Ransomware uses TMP files and the Temp folder

In my previous blog, Why Malware Installers Use TMP files and the Temp folder, I discussed the advantages malware can have by using atomic writes instead of simply copying the malware to the intended location. In this blog, I discuss how ransomware uses the same technique for its purpose and how it is different from…

Are we leading by example?

It was a great week leading the RSA Conference Security Operations Center (SOC) Team consisting of RSA systems engineers, RSA Incident Response analysts and our partners at Cisco AMP Threat Grid. The Security Operations Center previously monitored the Black Hat conference network, but this was a first-time exhibit at RSA Conference. The team signed onto…

Launching the Security Operations Center (SOC) at RSA Conference

Welcome to RSA Conference 2017! The RSA Conference SOC team set up the Security Operations Center over the weekend. We were here along with scores of construction crews re building huge booth displays for some of the largest security companies in the world. It was a long weekend of building, lighting – and of course…

The Elephant in the Room for Endpoint Security

Stop me if you’ve heard this story before… Three blind men are traveling down the road to visit a friend.  On the way, they encounter an elephant.  Not being able to see it, they each stopped and felt the elephant to figure out what sort of creature it was.  The first one grabbed the trunk…

Six Steps For Cybercrime Survival

While recently cleaning my grandfather’s attic, I came across an old Federal Civil Defense Administration brochure titled “Six Steps to Survival – If an enemy attacked today would you know what to do?”  In our modern times, many of us are being attacked on a daily basis by cybercriminals. As such, do you know what…

The Era of Proportional Ransomware Has Arrived

According to the FBI the incursion of ransomware has just gone from bad to worse. In a recent alert, the U.S. Federal Bureau of Investigation (FBI) warned that recent ransomware variants have targeted and compromised vulnerable business servers to identify and target hosts, thereby multiplying the number of potential infected servers and devices on a network. More…

Hackers Hunt for Healthcare Records

What’s the difference between data theft from a bank account versus a healthcare record? For starters, think of theft from a bank account as the equivalent of a single withdrawal; one and done. Sooner than later it’s discovered, a new account number is issued and, as a hacker, you’re effectively cut off. When it comes…

Ransomware: The New Cyber Kryptonite

And then, there was irony. While Apple has been able to hold out against the FBI demanding it produce a backdoor into the iPhone used in the recent San Bernardino attack, it was unable to render a similar defense against a strain of ransomware that recently, albeit briefly, infected its own Mac computers. The recent…