In-brief: a report from the firm CrowdStrike finds sophisticated nation-backed hacking groups were very active in 2014, with attacks on governments, pro-democracy advocates as well as banks and retailers.
In-brief: A new company, PFP Cybersecurity, says it can detect malware infections almost instantly by analyzing changes in the way infected devices consume power. The company is targeting industrial control system and critical infrastructure with new products.
With each passing day, evidence mounts that the attack on Sony Pictures Entertainment was a long-duration hacking event that gave malicious actors extensive access to the company’s network and data. The hack started out looking like a particularly nasty example of hacktivism – with thousands of SPE systems wiped of all data. Going on two weeks after revelations of the hack, however, the incident appears to be something much more dire: a massive breach of corporate security that gave malicious attackers access to gigabytes – and possibly terabytes- of sensitive data. With only a fraction of the allegedly stolen data trove released, the ripple effects of the incident are already washing up against other Sony divisions and firms with direct or indirect ties to the company. The latest developments in the saga include publication of some 40 gigabytes of internal files. As described by buzzfeed.com, the files include: “email exchanges with employees regarding specific […]
In an earlier blog, I discussed essentials for visibility-driven security and the importance of having both visibility and correlation to quickly assess events in real-time. In this post, we will examine the different dimensions of visibility across the attack continuum and how crucial it is to have these dimensions in place in order to defend against known and emerging threats. Visibility-driven capabilities are critical if cybersecurity professionals are to do their job effectively. In order to accurately see what’s really happening across dynamic, changing, environments and provide a full understanding of malicious incidents, visibility must provide an accurate picture of users, devices, data, threats, and the relationships between them. And it must do so in near real-time and across a wide range of infrastructures to support new business models related to mobility, cloud, and the Internet of Things (IoT). For many security breaches, the gap between the time of compromise and the […]
The Electronic Frontier Foundation (EFF) is having a big week. First the organization announced “Let’s Encrypt,” a new, free certificate authority (CA) with the goal of moving everyone to adopt encrypted web communications. Then, today, the group announced Detekt, a malware detection tool designed to expose evidence of state surveillance. The tool is intended to help journalists, political activists and others identify malware associated with state-sponsored spying. Developed by security researcher Claudio Guarnieri, Detekt is available on Github and at the site resistsurveillance.com. The tool was written in Python tool and scans the memory of Windows systems (XP and 32 and 64 bit and Windows 8) for malware. Essentially, its a straight-up malware scanner that focuses on malware associated with spying, namely: DarkComet RATm XtremeRAT, BlackShades RAT, njRAT, FinFisher FinSpy, HackingTeam RCS, ShadowTech RAT and Gh0st RAT. You might also like “Hacker takes on the Worlds spy agencies.” Alas, unlike most anti malware programs (which at least claim to detect the same malware families) […]