Phishing ranks low on the list of cyberattacks in terms of technological sophistication. Even more sophisticated phishing variants like spear phishing (focused and often personalized phishing attacks) and whaling (phishing attacks focused on high-profile or high-dollar targets) are focused more on social engineering than on technology. Yet phishing remains one of the most effective types…

OSINT, or open source intelligence, is the practice of collecting information from published or otherwise publicly available sources. OSINT operations, whether practiced by IT security pros, malicious hackers, or state-sanctioned intelligence operatives, use advanced techniques to search through the vast haystack of visible data to find the needles they’re looking for to achieve their goals—and…

After a compromise, the first thing investigators will do is review the log files. The default logging on Windows machines, however, does not capture enough information to identify forensic artifacts. You can adjust your logging settings to get enough information to investigate attacks. First, download and install Sysmon on outward-facing machines. Sysmon remains resident across…

77 percent of IT professionals believe they were prepared to manage the rapid shift to remote work during the COVID-19 outbreak, according to TeamViewer. Among those surveyed, the percentage working from home had abruptly jumped from 28 percent prior to the pandemic to 71 percent during the outbreak. The survey included more than 200 IT…

CyberSaint announced new updates to its flagship CyberStrong platform allowing customers to identify, measure, and dynamically manage IT and cybersecurity risks along the risk management lifecycle. These updates reinforce CyberSaint’s mission to enable organizations to manage cybersecurity as a business function by enabling agility, measurement, and automation across risk, compliance, audit, vendor, and governance functions…

Honda’s Customer Service and Financial Services were apparently hit by a ransomware attack recently. Kaspersky found samples in the VirusTotal database that make it appear that the company was targeted by the Snake ransomware. This incident made me think about what we can learn from how Honda was targeted to better protect Windows networks from…

New Open Source Tools Help Find Large Twitter Botnets

Duo Security has created open source tools and disclosed techniques that can be useful in identifying automated Twitter accounts, which are often used for malicious purposes. The trusted access solutions provider, which Cisco recently agreed to acquire for $2.35 billion, has collected and studied 88 million Twitter accounts and over half-a-billion tweets. Based on this…

Leaked docs suggest NSA and CIA behind Equation cyberespionage group

Purported CIA documents leaked Tuesday appear to confirm that the U.S. National Security Agency and one of CIA’s own divisions were responsible for the malware tools and operations attributed to a group that security researchers have dubbed the Equation. The Equation’s cyberespionage activities were documented in February 2015 by researchers from antivirus vendor Kaspersky Lab….

Fileless Powershell malware uses DNS as covert communication channel

Targeted attacks are moving away from traditional malware to stealthier techniques that involve abusing standard system tools and protocols, some of which are not always monitored. The latest example is an attack dubbed DNSMessenger, which was analyzed by researchers from Cisco Systems’ Talos team. The attack starts with a malicious Microsoft Word document distributed through…