Industrial Control Systems (ICS) attacks have a direct impact on people’s lives. The consequences of these attacks can be unpredictable, which is why ICS protection is a hot topic in security right now. Defining the right protection layer and best approach to secure communications in this environment is crucial. Historically, ICS departments operated independently from the rest of the organization with their own ecosystem often…
In previous posts we have discussed two of the most critical phases in the “The Lifecycle of a Threat Pattern”: analysis and design. In the analysis phase the objective is to fully understand the asset in scope by getting deeper into the context to formulate a…
If you do not fully know the asset, how can you protect it? This is the first challenge security practitioners face during any activity, whether it is a penetration test, code review, risk assessment, or design of a threat pattern. In a previous post, author Davide Veneziano…
Risks come from various sources that are not always possible to identify and subsequently prevent and mitigate in advance. With the growth in cloud, social, mobile and “bring your own device” computing, the size of the attack surface is greater than ever. Many attack scenarios are…
Today RSA is reporting GlassRAT, a previously undetectable Remote Access Tool (RAT) which was discovered by the RSA Incident Response Team and investigated by RSA Research during an engagement with a multi-national enterprise. While the malware was not detectable by endpoint antivirus products, RSA Security Analytics was able to identify and alert on its network…
In the original More than Meets the Eye blog, we discussed attackers’ ability to hide in plain sight. A very successful campaign that utilizes this approach is the fake FBI ransom webpage; a fraudulent website that claims to be an FBI property, but then attempts to extort the victim. Figure 1: Fake FBI website This…
Security products are essential for enterprises, vendors and end users to survive the current network environment. Ideally, which security products are to be deployed should depend on the costs and the benefits. While the cost can be easily quantified by the money spent or the deployment and management effort, how to assess the benefit of…
Innovation is a continual process, building upon the past to improve the future. Often this means small, incremental steps that chip away at a larger problem. Sometimes, by accident or design, those changes aren’t so small. These massive changes are a disruptive innovation that can redefine what is possible. It used to be that the winner…
Rotem Kerner of RSA Research has penned a short paper, Reconnaissance: A Walkthrough of the “APT” Intelligence Gathering Process. It is first in a series that we will publish the follows The Cyber Kill Chain[i]. The Cyber Kill Chain model was developed by Lockheed Martin’s Computer Incident Response Team earlier in the decade. It breaks…
TeslaCrypt is a ransomware trojan that targets computers with user data and specific computer games installed. Once the system is infected, the malware searches for various file types related to personal documents and different games, including Call of Duty series,World of Warcraft, Minecraft and World of Tanks, and then encrypts them. The victim is then prompted with a…
