Category Archives: threat hunting

Black Hat 2022 Sneak Peek: How to Build a Threat Hunting Program

Posted on by

You may recall my previous blog post about how our X-Force veteran threat hunter Neil Wyler (a.k.a “Grifter”) discovered nation-state attackers exfiltrating unencrypted, personally identifiable information (PII) from a company’s network, unbeknownst to the security team. The post highlighted why threat hunting should be a baseline activity in any environment. Before you can embark on […]

The post Black Hat 2022 Sneak Peek: How to Build a Threat Hunting Program appeared first on Security Intelligence.

Continue reading Black Hat 2022 Sneak Peek: How to Build a Threat Hunting Program

Security Obscurity Versus Ethical Hackers: Who’s Right?

Posted on by

Security breaches can lead to damage to a business’s finances, operations and reputation. What many companies might fear most is the latter: damage to their reputation. This may explain why 65% of organizations want to be seen as infallible, as per a recent HackerOne survey. Meanwhile, 64% maintain a culture of security through obscurity, and […]

The post Security Obscurity Versus Ethical Hackers: Who’s Right? appeared first on Security Intelligence.

Continue reading Security Obscurity Versus Ethical Hackers: Who’s Right?

What Cybersecurity Teams Can Learn From the US Cyber Command’s ‘Hunt Forward’

Posted on by

After decades of playing defense, the United States government went on the offense in the past few years against global state-sponsored cyber attackers. U.S. Cyber Command conducted “hunt forward” operations recently in 16 countries, including in Ukraine, as part of a policy set in 2018.  This policy involves partnering with foreign countries on finding cyber […]

The post What Cybersecurity Teams Can Learn From the US Cyber Command’s ‘Hunt Forward’ appeared first on Security Intelligence.

Continue reading What Cybersecurity Teams Can Learn From the US Cyber Command’s ‘Hunt Forward’

Digital Shadows Weaken Your Attack Surface

Posted on by

Every tweet, text, bank transaction, Google search and DoorDash order is part of your digital shadow. We all have one, and the contents of your shadow aren’t always private. For example, in April 2021 attackers leaked data containing the personal information of over 533 million Facebook users from 106 countries.  Sure, you might want your tweet […]

The post Digital Shadows Weaken Your Attack Surface appeared first on Security Intelligence.

Continue reading Digital Shadows Weaken Your Attack Surface

Countdown to Ransomware: Analysis of Ransomware Attack Timelines

Posted on by

This research was made possible through the data collection efforts of Maleesha Perera, Joffrin Alexander, and Alana Quinones Garcia. Key Highlights The average duration of an enterprise ransomware attack reduced 94.34% between 2019 and 2021:  2019: 2+ months — The TrickBot (initial access) to Ryuk (deployment) attack path resulted in a 90% increase in ransomware […]

The post Countdown to Ransomware: Analysis of Ransomware Attack Timelines appeared first on Security Intelligence.

Continue reading Countdown to Ransomware: Analysis of Ransomware Attack Timelines

Black Basta Besting Your Network?

Posted on by

This post was written with contributions from Chris Caridi and Kat Weinberger. IBM Security X-Force has been tracking the activity of Black Basta, a new ransomware group that first appeared in April 2022. To date, this group has claimed attribution of 29 different victims across multiple industries using a double extortion strategy where the attackers […]

The post Black Basta Besting Your Network? appeared first on Security Intelligence.

Continue reading Black Basta Besting Your Network?

Splunk SPL Queries for Detecting gMSA Attacks

Posted on by

1    Introduction What is a group Managed Service Account (gMSA)? If your job is to break into networks, a gMSA can be a prime target for a path to escalate privileges, perform credential access, move laterally or even persist in a domain via a ‘golden’ opportunity. If you’re an enterprise defender, it’s something you need…

The post Splunk SPL Queries for Detecting gMSA Attacks appeared first on TrustedSec.

Continue reading Splunk SPL Queries for Detecting gMSA Attacks

How Dangerous Is the Cyber Attack Risk to Transportation?

Posted on by

If an attacker breaches a transit agency’s systems, the impact could reach far beyond server downtime or leaked emails. Imagine an attack against a transportation authority that manages train and subway routes. The results could be terrible.  Between June of 2020 and June of 2021, the transportation industry witnessed a 186% increase in weekly ransomware […]

The post How Dangerous Is the Cyber Attack Risk to Transportation? appeared first on Security Intelligence.

Continue reading How Dangerous Is the Cyber Attack Risk to Transportation?

MITRE ATT&CK and SIEM Rules: What Should Your Expectations Be?

Posted on by

The MITRE ATT&CK threat framework is seemingly everywhere these days, and with good reason. It is an invaluable tool for understanding the various methods, or as MITRE refers to them Tactics and Techniques, employed by threat actors. It offers annotated and curated details about those methods, and it provides the capability to visualize this data […]

The post MITRE ATT&CK and SIEM Rules: What Should Your Expectations Be? appeared first on Security Intelligence.

Continue reading MITRE ATT&CK and SIEM Rules: What Should Your Expectations Be?

The Growing Danger of Data Exfiltration by Third-Party Web Scripts

Posted on by

The theft of personal or sensitive data is one of the biggest threats to online business. This danger, data exfiltration or data extrusion, comes from a wide variety of attack vectors. These include physical theft of devices, insider attacks within a corporate network and phishing, malware or third-party scripts. The risk for regular website users […]

The post The Growing Danger of Data Exfiltration by Third-Party Web Scripts appeared first on Security Intelligence.

Continue reading The Growing Danger of Data Exfiltration by Third-Party Web Scripts