Understanding & Detecting Backoff POS Malware
Point of Sale (POS) malware has had its share of headlines this year. Now with the holiday shopping season underway POS systems will certainly be an enticing target for hackers to explore due to the...
View ArticleCoordinating Incident Response at Internet Scale (CARIS)
Coordinating incident response at Internet scale as a concept sounds fabulous, but can we achieve it? What will it take? For those working in incident response and information sharing efforts, we know...
View ArticleClik here to view.
Teaching Analysts to Fish; How to Become Better at Detection and Response –...
Daily the media replays stories of yet another company that is the victim of an intrusion or breach. With all this attention, and sometimes hyperbole, are we as practitioners improving at detecting...
View ArticleClik here to view.
Wolves Among Us: Abusing Trusted Providers for Malware Operations
Within the past year the RSA Incident Response (IR) team has worked multiple APT engagements where they’ve identified the adversary’s malware using a unique method of determining its Command and...
View ArticleCVSS Scoring: Why your Smart Refrigerator does not need to be Patched...
Is a CVSS score of 10, really a 10 in your environment? Vulnerability Risk Management is a work in progress for most organizations. Having dealt with many customers in this space, we have seen it all –...
View ArticleCARIS Workshop Summary and Reflection
The Internet Architecture Board (IAB) and the Internet Society (ISOC) hosted a day-long Coordinating Attack Response at Internet Scale (CARIS) workshop which took place last Friday in coordination with...
View ArticleTerracotta VPN: Enabler of Advanced Threat Anonymity
Today, RSA Research published an in-depth report on a commercial VPN network, originating in China, which we are calling “Terracotta”. It is being used as a launch platform for APT actors including...
View ArticleClik here to view.
Another day. Another Ransomware.
TeslaCrypt is a ransomware trojan that targets computers with user data and specific computer games installed. Once the system is infected, the malware searches for various file types related to...
View ArticleClik here to view.
More Than Meets The Eye (Part 2): Solving the Browser Lock Ransom Page
In the original More than Meets the Eye blog, we discussed attackers’ ability to hide in plain sight. A very successful campaign that utilizes this approach is the fake FBI ransom webpage; a...
View ArticleClik here to view.
Browser Locked? Call This Number.
A new form of browser locker has recently surfaced. Browser-lockers are websites or pop-ups that redirect the browser to a website that locks-up the browser. The user is prevented from continuing any...
View Article