RSA Labs, Page 2

The Fiesta Exploit Kit – Not So Festive After All

Exploit kits (EK) are a very popular with attackers to compromise a target system. The ease of use and its success rate compared to other infection vectors are among the reasons attackers are attracted to using these kits. In recent years, exploit kits were used to deliver ransomware, the most famous of which was the…

Why Malware Installers Use TMP files and The Temp folder when infecting Windows

Ever wonder why there are too many TMP files detected on an infected system? Even if they have different names, the file are exact copies of one another, why? The first thing a malware installer (first stage of infection) does when executed on a target system – be it a dropper or downloader – is…

The evolution of a Threat Pattern

In an era of agile development and digital transformation, any application is subject to ongoing enhancement and improvement. Indeed, software engineering is a complex process with many interdependent tasks where multiple functions share responsibilities to strike a balance between software quality and business objectives, regardless of the specialized nature of the teams within the organizational…

3 Steps to a Secure ICS Network

Industrial Control Systems (ICS) attacks have a direct impact on people’s lives. The consequences of these attacks can be unpredictable, which is why ICS protection is a hot topic in security right now. Defining the right protection layer and best approach to secure communications in this environment is crucial. Historically, ICS departments operated independently from…

Mastering the implementation of a Threat Pattern

In previous posts we have discussed two of the most critical phases in the “The Lifecycle of a Threat Pattern”: analysis and design. In the analysis phase the objective is to fully understand the asset in scope by getting deeper into the context to formulate a set of residual risks to which the asset might be…

Multi-layered Analysis of a Threat Pattern

If you do not fully know the asset, how can you protect it? This is the first challenge security practitioners face during any activity, whether it is a penetration test, code review, risk assessment, or design of a threat pattern. In a previous post, author Davide Veneziano provided an overview of the building-block required to design a consistent…

Context in Risk-Based Threat Patterns

Risks come from various sources that are not always possible to identify and subsequently prevent and mitigate in advance. With the growth in cloud, social, mobile and “bring your own device” computing, the size of the attack surface is greater than ever. Many attack scenarios are possible mainly due the complexity of the network’s topology and…

Measure your Readiness – Threat Intelligence Program

In the first part of this series we talked about the journey to undertake building a security monitoring and incident response program based on five dimensions: analytics, governance, measurement, operational and organizational. The third main program, also considered a primary capability of an effective Security Operations Center, is the development of tactical, operational and strategic…

Setting the Benchmark in the Network Security Forensics Industry

“Setting the benchmark” – “Beating thirty other products in threat detection and response capabilities” – “Outstanding achievement in product leadership, technological innovation, customer service, and product development” – “Superior capabilities for best addressing customer needs” Wow! While we certainly don’t do what we do here for such accolades – we do it to help our…

Measure your Readiness – Security Monitoring Program

In the previous post of this series “Measure your Readiness”, I depicted a framework to assess, shape and accelerate a Threat-Driven Incident Response program useful for all kind of organizations to enhance their response capabilities and be ready to deal with unforeseen incidents. The second post in the series aims to look at the “security…