How to Stop NotPetya and Similar Ransomware from Spreading in the Network

Posted by Yaron Zinar on Jul 5, 2017 2:06:01 PM

NotPetya, a recent malware, masquerading as the known Petya ransomware started wreaking havoc at a world scale last week. Initially, it looked like another wave in the malware storm that started with Shadow Brokers’ publication of EternalBlue and other zero-day vulnerabilities in Windows OS. And, in fact, NotPetya used EternalBlue as one of the lateral movement methods in its arsenal. But, apparently, the developers of NotPetya wanted to hit some high-value targets and the risk that these networks had already been fully patched would have ruined their attack.

Read More

Topics: Adaptive Response, Credential Compromise, ueba, Ransomware

QakBot, Stop Playing with my Active Directory!

Posted by Eran Cohen on Jun 23, 2017 9:39:32 AM

Really, it’s not just me saying that Active Directory is the crown jewel. It's actually them, the hackers, that de facto target the active directory in almost every advanced attack. They look for domain credentials and administrative accounts, they practice domain reconnaissance, privilege elevation, targeted attacks against the domain controller and more. Their motivation is similar to terror. For example: produce widespread fear, obtain recognition and attention of media, steal money, damage facilities and functionalities. This is why it was not surprising to learn about the QakBot Trojan causing a mess. 

Read More

Topics: Active Directory, Credential Compromise, Passwords, Hacking

35% of Users Have Weak Passwords; the Other 65% can be Cracked

Posted by Eran Cohen on Mar 13, 2017 5:00:00 AM

Password leaks from public breaches help us learn how people think, allow us  to identify patterns and build dictionaries of passwords. As password cracking methods evolve, Upper characters, Lower characters, Special characters and Digits (ULSD) recommendations and password complexity mean less.

Read More

Topics: CISO, Credential Compromise, Passwords

The Dangers of Bending the Security Rules to Get Things Done

Posted by Heather Howland on Jan 20, 2017 1:58:56 PM

The other day I was speaking to a good friend of mine. He’s an executive consultant working for a large Fortune 1000 organization. As we are talking I realize that he has access to a lot of highly sensitive information that if exposed could be rather damaging to the company. He was lamenting to me how he needed to get access to some data on one of the servers but IT blocked him from accessing it until he completed a mandatory online “IT Security Awareness” training.

Read More

Topics: User Behavior, Risk, User Risk, Credential Compromise, ueba

How to Thwart an Attacker’s Attempt to Compromise Credentials and Move Around a Network

Posted by Vikas Arya on Jan 12, 2017 3:28:18 PM

In recent years, we have seen hospitals, insurance companies (Aetna), giant corporations (Sony) retailers (Home Depot and Target), and tech companies (Yahoo, LinkedIn, Dropbox) all breached because of some type of insider threat or compromised credentials. So, it’s no surprise that Insider threats are a growing concern for organizations.

Read More

Topics: Insider Threats, Active Directory, Credential Compromise

Enterprise Security in Times of War

Posted by Ajit Sancheti on Sep 8, 2016 7:58:18 AM

Enterprises define security policies that match their business objectives. By setting security policy rules, an organization can better enable the business to achieve its goals while protecting them from advanced threats. They work reasonably well, even allowing for the well publicized breaches and insider threats. Without policies or a set of tools in place for such eventualities, it will be very difficult for the business to operate effectively when under attack.

Read More

Topics: CISO, Behavioral Firewall, Adaptive Response, Insider Threats, User and Entity Behavior Analytics, Credential Compromise, ueba

Password Brute Force Attacks: Denying the Attacker, Not the Legitimate User

Posted by Vikas Arya on Aug 31, 2016 9:30:49 AM

When Mark Zuckerberg’s passwords were hacked from his twitter and other accounts, that news got everyone’s attention . Online articles  suggest that hackers got his password from the 2012 LinkedIn breach where 117 million accounts compromised. Mr Zuckerberg reused his passwords on other services, like Twitter, which got compromised.

This incident along with many other similar hacks proves that cyber-attacks are not isolated events,  they are like a giant wave with long-term effects that can set off a chain of events. 

Read More

Topics: Use Case, password brute force, Credential Compromise, ueba

Could Sage Have Acted More Sagely Before The Insider Breach?

Posted by Heather Howland on Aug 16, 2016 9:00:00 AM

This weekend, Sage Group sent out a warning to its customers about a data breach. According to the BBC, the breach exposed the personal details of employees at close to 300 companies in the UK and Ireland.

Read More

Topics: Insider Threats, User and Entity Behavior Analytics, Credential Compromise

Disrupting an Attacker from Exploiting Domain Credentials

Posted by Avi Kama on Jul 20, 2016 9:57:42 AM

We security professionals are constantly reading over and over: Time is not on our side. In the recent Verizon DBIR 2016 report they illustrate how quickly threat actors go in and out of networks. There are many other similar security data reports that list the possible reasons and detach responsibility which ultimately means “all we can do is our best.” 

Read More

Topics: User Behavior, APT, Credential Compromise