Collaborate Disseminate
By profiling and documenting criminal TTPs network defenders can better understand criminal behavior and how specific attacks are created.
The post Why Understanding Cyber Criminals Behavior and Tools is Vital appeared first on Radware Blog.
The post … Continue reading Why Understanding Cyber Criminals Behavior and Tools is Vital
FortiGuard Labs’ Derek Manky talks about how threat playbooks can equip defense teams with the tools they need to fight back against evolving attacker TTPs. Continue reading Simplifying Proactive Defense With Threat Playbooks
The APT threat landscape is a mixed bag of tried-and-true tactics and cutting-edge techniques, largely supercharged by geo-politics, a report finds. Continue reading APT Groups Finding Success with Mix of Old and New Tools
The Evilnum APT has added the RAT to its arsenal as part of a big change-up in its TTPs. Continue reading Python-based Spy RAT Emerges to Target FinTech
A document that cybersecurity professionals consult in analyzing hacking groups will soon expand to include attack techniques used against industrial control systems, a recognition of the growing number of adversaries that target critical infrastructure. The goal is to help organizations understand and defend against disruptive cyberattacks like the one that cut power for some 225,000 people in Ukraine in 2015. That means filling in gaps in the cybersecurity community’s knowledge base of the hacking methods that are unique to industrial environments as well as those that also apply to IT networks. The document, known as the “ATT&CK” framework, should account for the “full gamut of adversary behavior,” said Otis Alexander, one of the lead cybersecurity engineers who helps maintain it at MITRE Corp., a federally funded not-for-profit organization. The updated framework could be available to network defenders as soon as December. It will cover attacks against ICS protocols and ways in which hackers might hinder incident response, Alexander said at MITRE’s ATT&CKcon conference […]
The post How would MITRE’s popular cyberattack framework apply to industrial control systems? appeared first on CyberScoop.
Introduction
In July 2018, FireEye devices detected and blocked what appears to
be APT10 (Menupass) activity targeting the Japanese media sector.
APT10 is a Chinese cyber espionage group that FireEye has tracked
since 2009, and they have a histor… Continue reading APT10 Targeting Japanese Corporations Using Updated TTPs
To better track advanced hacking groups, U.S.-based companies should watch for signals in human behavior instead of changing tactics, according to Casey Kahsen, an IT specialist at the Department of Homeland Security. From one campaign to another, there are “a lot of similarities” in the behavior of a Russian government hacking group that has targeted U.S. energy companies, Kahsen said Friday at a cybersecurity event on Capitol Hill. “Some things have changed, but the behavior element remains largely the same because that’s expensive to change,” he said. “The actors are going to change tactics; they’re going to change tools,” Kahsen explained at the event, hosted by the Lexington Institute. “We need to be looking for the things that they did that are more difficult to change – the human behavior element.” The human behavior that Kahsen referenced typically includes a group’s hours of operations or coding style, which cybersecurity experts say […]
The post DHS cyber specialist: look for behavior patterns with APTs appeared first on Cyberscoop.
Continue reading DHS cyber specialist: look for behavior patterns with APTs
Introduction
In the third week of March 2018, through FireEye’s Dynamic Threat
Intelligence, FireEye discovered malicious macro-based Microsoft Word
documents distributing SANNY malware to multiple governments
worldwide. Each malicious docu… Continue reading SANNY Malware Delivery Method Updated in Recently Observed Attacks
Kaspersky Lab founder and CEO Eugene Kaspersky says he’s figured out why the U.S. government hates his company. According to Kaspersky, his company’s research into a sophisticated, international cyber espionage operation that targeted government entities in Russia, Iran and Rwanda represents why the Russian anti-virus maker has become a bogeyman for the U.S. government. This reasoning came during public comments Kaspersky made Tuesday during a small event in London. His comments are the most detailed effort among Kaspersky’s multiple attempts to defend his company from allegations the Moscow-based company acts as an intelligence collection tool for Russian spies. Kaspersky talked about his company’s discovery of U.S. intelligence related hacking operations, including those of the NSA-linked “Equation Group” and CIA-linked “Lamberts,” being the reason for the recent firestorm. He specifically emphasized the unveiling of one particular campaign — known as ProjectSauron or Strider — as a driving factor while also implying U.S. involvement with […]
The post Why Eugene Kaspersky keeps talking about ‘Project Sauron’ appeared first on Cyberscoop.
Continue reading Why Eugene Kaspersky keeps talking about ‘Project Sauron’