APT - All Articles - CISO Platform2024-03-29T01:09:08Zhttps://www.cisoplatform.com/profiles/blogs/feed/tag/APTTop 11 Ransomware Prevention Resourceshttps://www.cisoplatform.com/profiles/blogs/top-11-ransomware-resources2016-07-19T09:00:00.000Z2016-07-19T09:00:00.000Zprithahttps://www.cisoplatform.com/members/pritha<div><p><a href="http://www.cisoplatform.com/profiles/blogs/top-11-ransomware-resources" target="_blank"><img width="600" src="{{#staticFileLink}}8669812673,original{{/staticFileLink}}" class="align-center" alt="8669812673?profile=original" /></a></p>
<p></p>
<p>Ransomware is a type of malicious software (malware) when infected with encrypts all the important files such as documents, pictures, movie file etc with a virtually unbreakable encryption key. Here we have compiled some of the Good-reads blogs, articles, freely available Decryptors and removal kits to keep you up-to-date on the latest happenings in the Ransomware space.</p>
<p><br /> 1. (<strong>Free tools)</strong> <a href="http://betanews.com/2016/07/01/avg-announces-6-new-tools-to-free-your-data-from-ransomware/" target="_blank">AVG announces 6 new free decryption tools to retrieve your encrypted files</a> : AVG has come out with six new tools designed to fight this affliction. Each is for a different form of this malware. <br /> According to AVG These new free tools are for the decryption of six current Ransomware strains: Apocalypse, BadBlock, Crypt888, Legion, SZFLocker, and TeslaCrypt.</p>
<p><br /> 2. <a href="http://www.bleepingcomputer.com/forums/t/577861/locker-ransomware-author-allegedly-releases-database-of-private-keys/" target="_blank">Locker Ransomware author dumps database of private keys, apologizes</a> : Allegedly, the author of the "Locker" ransomware has uploaded a dump of the C2 server database, releasing private keys of infected hosts worldwide to the public. The "author" claims that the release was a mistake, that no further keys will be utilized for encryption, and that automatic decryption of all affected hosts will begin on June 2nd 2016</p>
<p><br /> 3. <strong>(Free tool)</strong> <a href="http://www.welivesecurity.com/2016/05/18/eset-releases-decryptor-recent-variants-teslacrypt-ransomware/" target="_blank">ESET releases new free decryptor for TeslaCrypt ransomware</a>: After TeslaCrypt authors announced that they are closing down their operations and made public their Universal master decryptor key, ESET created a free decryptor tool to unlock files affected by all variants between 3.0.0 and 4.2 of this Ransomware.</p>
<p><br /> 4. <a href="http://www.tripwire.com/state-of-security/latest-security-news/ransomware-removal-kit-published-online-helps-streamline-infection-response/" target="_blank">Ransomware removal kit published online, helps streamline infection response</a>: A security researcher has made a Ransomware removal kit available online with the hope that it will help security professionals and system administrators alike in responding to instances of Ransomware infection. Researcher Jada Cyrus has published the <a href="https://bitbucket.org/jadacyrus/ransomwareremovalkit/overview" target="_blank">kit on Atlassian Bitbucket</a>. The kit itself consists of removal tools for common ransomware variants, as well as <a href="http://www.theregister.co.uk/2015/05/21/ransomware_rescue_kit/" target="_blank">guides on how to perform the necessary removal tasks</a>.</p>
<p><br /> 5. <a href="https://heimdalsecurity.com/blog/what-is-ransomware-protection/" target="_blank">What is Ransomware and 15 Easy Steps To Keep Your System Protected [Updated]</a>: A very comprehensive and updated guide on Ransomware. This Blogs outlines target vectors, attack anatomy, Ransomware families and much more.<br /><br /></p>
<p><span id="docs-internal-guid-929b8036-0284-c542-8284-b91fdd2e1ef1"><span>( Read More:</span> <span><a href="http://www.cisoplatform.com/profiles/blogs/checklist-to-evaluate-siem-vendors">Checklist To Evaluate SIEM Vendors</a> )<br /><br /></span></span></p>
<p><br /> 6. <a href="https://deobfs.com/2016/06/14/behaviour-analysis-of-cerber-ransomware/" target="_blank">Behaviour analysis of CERBER ransomware</a>: The Ransomware so called CERBER has been out since early march according to TrendMicro and so far has used different techniques for delivering the payload to the victim. For instance it has been seen to use compressed JavaScript files (.zip) or in other instances using Windows Script Files (WSFs) which had XML content and then executed by Windows’ wscript.exe utility.</p>
<p><br /> 7. <a href="http://blogs.csc.com/2016/04/14/when-the-cryptolocker-strikes-reasons-for-success-of-ransomware/" target="_blank">When the cryptolocker strikes: Reasons for ransomware success and ways to prevent</a> : What factors lead to the high success of cryptolockers, a type of Ransomware that scrambles your files and asks for a ransom to recover them again?</p>
<p><br /> 8. <a href="https://virtuallysober.com/2016/07/07/catching-ransomware-infections-with-a-honeypot-script-integration-into-zerto-virtual-replication/" target="_blank">Catching Ransomware infections with a Honeypot script & integration into Zerto Virtual replication</a>: This script uses the honeypot technique to detect Ransomware infections by comparing 2 files, a honeypot file and a witness file. </p>
<p><br /> 9. <a href="https://cyberattackblog.wordpress.com/2016/07/06/zeptothe-new-threat/" target="_blank">"Zepto" the new threat</a>: Analysis and anatomy of New Ransomware known as "Zepto". The blog talks about how Zepto infects target computer and how to detect for its behaviour.</p>
<p><br /> 10. <a href="https://technologyevaneglist.wordpress.com/2016/06/27/how-to-trade-bitcoins/" target="_blank">How to trade Bitcoins</a>: Practically, all Ransomware attackers demand ransom in Bitcoins. Bitcoin are a relatively new currency which has significantly increased in value over the past few years. Bitcoins are known as a cryptocurrency and can be traded in order to earn money.</p>
<p><br /> 11. <a href="https://nakedsecurity.sophos.com/2016/06/20/ransomware-thats-100-pure-javascript-no-download-required/" target="_blank">Ransomware thats 100% pure Javascript, no download required</a>: By the start of 2016, many crooks were steadily shifting their infection strategy as the world began to realise that enabling macros was a really bad idea. These days, a lot of ransomware arrives in JavaScript attachments and this blogs analyses and presents the challenges associated with the same.</p>
<p></p>
<p><span id="docs-internal-guid-ca67eedd-0284-04df-614b-2327f1bce3a4"><span>( Read More:</span> <span><a href="http://www.cisoplatform.com/profiles/blogs/atp-advanced-threat-protection-technology-stack">ATP( Advanced Threat Protection) Technology Stack</a> )</span></span><br /></p>
<p></p></div>10 questions to ask your APT security vendor?https://www.cisoplatform.com/profiles/blogs/10-questions-to-ask-your-apt-security-vendor2016-07-22T06:00:00.000Z2016-07-22T06:00:00.000ZVaibhav Singhal (CISO Platform)https://www.cisoplatform.com/members/VaibhavSinghalCISOPlatform<div><p>Are you planning to Implement the <strong>Advanced Persistent Threats (APT) Security?</strong>. It's important to know what all questions you need to ask to APT security Vendor and get their views on APTs. Also, be sure whether the solution you are going to buy is capable to detect advanced threats using multiple techniques, and is not just another security solution using a signature based approach branded with fancy terms.</p><p><strong>APT Security is not a single technology/solution but a complex program (people, process and technology). </strong>Sandboxing or any single technology can only provide partial protection against “real” advanced attacks. <br /> So, here is the list of top 10 questions that you need to ask from your APT Security Vendors:-</p><p><br /> <strong>1. What is your definition of APT Security?</strong><br /> You need to understand what is their definition of APT Security. If their definition of APT Security solution is a traditional signature based antivirus or protection against botnets, Trojans and phishing without any intelligence or forensics features, you may want to stop right there.</p><p><br /> <strong>2.Could their solution detect more than the existing security system?</strong><br /> You wouldn't want to buy APT Security solution which doesn't add value to the existing security ecosystem. As, APT security has become a marketing term and many perceive APT Security as traditional signature based antivirus. Therefore, you need to know whether the APT security solution you are going to buy has much capable in detecting malware. You should have a list of possible APT's variants in handy and ask whether they protect from it. Some of the variants of APT can be Insider Threats, Initial attack vectors, Spear- Phishing, Drive-by-download, Online Social Networking, Search engine poisoning and many more</p><p><br /> <strong>3. Do you participate in the industry standard malware protection tests such as those performed by AV-Test or AV-Comparatives or NSS Labs? If not, why?</strong> <br /> What score did you got in these protection tests and did you able to score more than the industry standards.</p><p><br /> <strong>4. Does your APT security solution covers all the channel by which threat might penetrate into the enterprise system?</strong><br /> APT Security solution must provides comprehensive coverage in various channels which are as follows:-<br /> • End Point: These are typically deployed as agents on End Point Devices but there are also some solutions which are agentless<br /> • Network: These are typically deployed as appliances within their network infrastructure & separate solution may be required for detection, response and forensics<br /> • Email: Spear Phishing email is one of the main cause for Advanced Targeted Attacks</p><p><strong>5. What is your false positive rate and how do you measure it?</strong><br /> There has been a times when a system falsely gives "Malware Attacks" and then organization allocate resources to investigate the issue and if it is a false positive, then people tends to ignore the real alarm as well and doesn't take it seriously.</p><p><br /> <strong>6. How much time it will take to fetch reports for the complete system and how much memory your solution will it use?</strong><br /> There are systems in which taking reports are time intensive and may need to be run off-hours. Application containment solutions use CPU and memory and having more containers can lead to higher impact and can result into performance issues.</p><p><br /> <strong>7. How will rate your solution from 1 to 10 in terms of complexity, with 1 as easy and 10 being complex?</strong><br /> There are solutions which are very complex and will require skilled personnel. Therefore, your need to evaluate your workforce expertise and deploying this solution might need some extra workforce and you need to ask whether this cost of extra workforce is manageable.</p><p><br /> <strong>8. How capable is your threat research team in investigating series of attacks?</strong><br /> The Threat Team plays a crucial role and selecting a vendor with strong threat research team is important as sometimes there can be long-standing cyber espionage campaign.</p><p><br /> <strong>9. Which type of technologies does your APT solution leverage?</strong><br /> As APT Security, multiple solutions/technologies may be required and hence you need to understand the techniques vendor APT Security solution leverages. It can leverage Sandboxing, Security Analytics, Application Containerization, Embedded URL Analysis, IOC Detection, Static Code Analysis etc.</p><p><br /> <strong>10. What is your solution capabilities in terms of Prevention, Detection, Response and Prediction?</strong><br /> The multiple APT Security solution should be capable in terms of Prevention, Detection, Response and Prediction. You need to evaluate and understand how much you are going to achieve in terms of these 4 key capabilities.</p></div>Ransomware Attacks: How Prepared Are You?https://www.cisoplatform.com/profiles/blogs/ransomware-attacks-how-prepared-are-you2016-08-01T12:30:00.000Z2016-08-01T12:30:00.000Zprithahttps://www.cisoplatform.com/members/pritha<div><p>RansomWare is a type of malicious software (malware) when infected with encrypts all the important files such as documents, pictures, movie file etc with a virtually unbreakable encryption key. <a href="#_msocom_1">[RM1]</a> The RansomWare arrives via email attachments, insecure downloads, use of outdated browser's, or through Trojans such as Zeus etc. Once executed the malware usually reaches out to its Command & Control server over an internet connection to get the encryption key. The encryption is almost always asymmetric and impossible to crack. The malware is also able to encrypt locally mapped network drives/ cloud storage drives. The main motive of the attacker is to extort money from the victim in return of the private key for decryption. The attacker usually leaves a message in encrypted folders instructing users to pay ransom in Bitcoins or via Moneypak. In most of the cases even paying ransom does not work quite well for the victim as the private key fails to decrypt some of the important documents especially those in mapped drive and locally mapped cloud storage drives. There are RansomWare developed specifically for mobile platforms as well, and have affected thousands of mobile devices worldwide.</p>
<p>Some of the well known RansomWare are CryptoLocker, Cyrptowall, Teslacrypt, Torrentlocker and CTB locker. Frequently attackers release new variants of Ransomware by tweaking and subtly changing lines of codes in most popular ones to avoid detection. According to various research works, India ranks 3rd in the Asia and 9th worldwide among the countries affected by Malware attacks. The most affected being Banking and Pharmaceuticals sectors. A research team at Malwarebytes has identified LeChiffre, whose name means "encryption" in French, which caused millions of dollars of damages after infecting several banks and pharmaceuticals company. According to The Economic times, some companies have paid ransoms in millions of dollars after such attacks.</p>
<p></p>
<p>( <span id="docs-internal-guid-792e131c-4628-cba6-d4df-c8bcf51cdfdd"><span>Read More:</span> <a href="http://www.cisoplatform.com/profiles/blogs/5-major-types-of-hardware-attacks-you-need-to-know"><span>5 Major Types Of Hardware Attacks You Need To Know</span></a></span> )</p>
<p></p>
<p></p>
<p></p>
<p><b>Here are some of the tips that you can put to use to prevent yourself from getting into such situations:</b></p>
<p></p>
<h2><span class="font-size-4">1. Back up your important data at regular intervals</span></h2>
<p>This is the most logical preventive measure that your organization can adopt to thwart any such attacks. Make sure that your Backup solution is up and running as it should. Keep in mind that the back-up should be kept in a separate external drive. If you are using automated backup solution then make sure that your backup drives are connected only during the backup process and are disconnected from the network once the process is complete.</p>
<h2><span class="font-size-4">2. Develop robust vulnerability management and Patch management Program</span></h2>
<p>Vulnerable applications, software's are some of the attack vectors for the attackers. Remember to keep your operating systems, browsers, plug-ins used by your browsers, java and other software's are up to date with the latest patches installed. The best way to accomplish this is by developing robust vulnerability management and patch management program, use of automated vulnerability detection tools and patch management solutions and making sure that the all the patches are installed in a timely manner can ensure you of better protection against such attacks</p>
<h2><span class="font-size-4">3. Fine tune your systems and security solutions to a more secure configuration</span></h2>
<p>Fine tuning your security solutions and systems can give you a great deal of protection against RansomWare attacks. Tweak your anti-spam solution to filter out mails with executable attachments, tweak your IPS and firewall to block any malicious traffic, disable remote access services on systems if not required, deactivate auto-play for devices, disable unused network adapters (Wi-Fi, Bluetooth etc.), Do not map network drives & cloud storage folders to your local system only if not necessary, configuresystems to show hidden file extensions, block unauthorized USB access, uninstall application that you don't use etc.</p>
<p></p>
<p>( <span id="docs-internal-guid-792e131c-462a-11fd-2121-74e6a5922b9f"><span>Read More:</span> <a href="http://www.cisoplatform.com/profiles/blogs/5-reasons-to-consider-security-information-event-management"><span>5 Reasons Why You Should Consider Evaluating Security Information & Event Management (SIEM) Solution</span></a></span> )</p>
<p></p>
<p></p>
<h2><span class="font-size-4">4. Use a good Endpoint security solution to detect any malicious code</span></h2>
<p>A good advance Anti-malware software can help you identify malicious code and possible malware attacks. keep your security software up-to-date with the latest version and malware database. It is also a good idea to run windows firewall or any other host firewall software on your system to detect any unauthorized attempt to connect to internet by any malicious code.</p>
<h2><span class="font-size-4">5. Educate your employees & colleagues</span></h2>
<p>Educate your employees of the safe Internet browsing practices such as not to double click any suspicious links, not to run any suspicious program on their system and not to install any unverified browser plug-ins. Employees should also be educated about social engineered attacks, verifying mail attachments before downloading or opening it etc.</p>
<p> </p>
<p></p>
<p>References:</p>
<ul>
<li><a href="http://www.symantec.com/security_response/publications/threatreport.jsp">http://www.symantec.com/security_response/publications/threatreport.jsp</a></li>
</ul>
<p><a href="https://blog.malwarebytes.org/intelligence/2016/01/lechiffre-a-manually-run-ransomware/">https://blog.malwarebytes.org/intelligence/2016/01/lechiffre-a-manually-run-ransomware/</a></p>
<div><div><p></p>
<p></p>
<p></p>
<p><span class="font-size-4"><a href="http://event.cisoplatform.com/quick-member-sign-up-content/" target="_blank"><img width="750" src="{{#staticFileLink}}8669803085,original{{/staticFileLink}}" class="align-center" alt="8669803085?profile=original" /></a></span></p>
<p></p>
<p></p>
</div>
</div></div>Top Emerging APT Security Company Vendors Globally in 2019https://www.cisoplatform.com/profiles/blogs/top-emerging-apt-security-vendors-globally2016-08-03T08:00:00.000Z2016-08-03T08:00:00.000ZVaibhav Singhal (CISO Platform)https://www.cisoplatform.com/members/VaibhavSinghalCISOPlatform<div><p><strong>Emerging Vendors</strong> are the vendors who have been innovative and has given the fresh perspective to the conventional security methods. In very less time, these start-ups have been able to make their name in the APT space. Here is the list of the Top Emerging vendors in the field of APT Security.</p><p><br /> <span class="font-size-4">1. <a href="https://www.illusivenetworks.com/" target="_blank">Illusive Networks</a> <a href="https://twitter.com/illusivenw" target="_blank">@illusivenw:</a></span> Illusive Networks is a cyber security firm headquartered in Tel Aviv, Israel. It was founded in <strong>2014</strong>. Illusive Networks does not deal with malware, viruses or Trojans: it focuses on hackers who launch cyber attacks. Its modus operandi is to trap hackers by leaving false clues. To shake them off, Illusive Networks will create deceptive zones in a labyrinth with numerous fake endpoints.</p><p><br /> <strong>Channel of APT Security Used:</strong> Network /End-Points<span style="text-decoration:line-through;">/Email</span></p><p><br /> <strong>Funding Raised:</strong> <strong>$30 Million</strong> and <strong>Major Investors are:</strong> Cisco Investments, Citi Ventures, Innovation Endeavors, Bessemer Venture Partners</p><p><br /> Let' s see the approach adopted by <strong>Illusive Networks to counter Advanced attacks:-</strong></p><p><br /> • <strong>Send ransomware the wrong way:</strong> Illusive creates deceptive ransomware targets in the network that distract ransomware and prevent it from attacking real company assets.</p><p>• <strong>Neutralize ransomware before damage is done:</strong> As soon as Ransomware activity starts within your organization, Illusive’s deceptions lead the ransomware to reveal itself before any real data is encrypted, ensuring that no harm is done to real organizational assets and no disruption is caused to business operations.</p><p>• <strong>Real-time alerts & forensics from the ransomware source:</strong> Illusive is the only vendor that neutralizes ransomware activity at its entry point on the source host, enabling early detection and high fidelity alerts that are only triggered by real ransomware activity.</p><p>This video explains their innovative approach against advanced attacks.</p><p><strong>Change it - Illusive Networks: the start-up that traps hackers:</strong> <a href="https://www.youtube.com/watch?v=5pVq5In8VW8" target="_blank">https://www.youtube.com/watch?v=5pVq5In8VW8</a></p><p>{<strong>Source:</strong> <a href="https://www.illusivenetworks.com/advanced-ransomware-guard" target="_blank">https://www.illusivenetworks.com/advanced-ransomware-guard</a>}</p><p></p><p><span class="font-size-4">2. <a href="https://www.menlosecurity.com/how-it-works" target="_blank">Menlo Security</a><a href="https://twitter.com/menlosecurity" target="_blank">@menlosecurity</a><a href="https://www.menlosecurity.com/how-it-works" target="_blank"></a>:</span> Menlo Security is a cyber security firm headquartered in Menlo Park, CA. It was founded in 2015.</p><p><strong>Channel of APT Security Used:</strong> Network /End-Points/<span style="text-decoration:line-through;">Email</span></p><p><strong>Funding Raised: $35 Million</strong> and <strong>Major Investors are:</strong> Engineering Capital, General Catalyst Partners, Osage University Partners, Sutter Hill Ventures</p><p>Let's see the approach adopted by <strong>Menlo Security to counter Advanced attacks:-</strong></p><p><br /> • The <strong>Menlo Security Isolation Platform (MSIP)</strong> brings the benefits of isolation technology to any size enterprise. It deploys as a cloud service (public or private) and requires no software or plug-ins on the endpoint. The MSIP supports any device, OS and browser and delivers a user experience essentially indistinguishable from native Web access.</p><p>• <strong>By leveraging patented Adaptive Clientless Rendering™ (ACR) technologies</strong>, MSIP enables enterprise-wide deployment of isolation security without the need to deploy or manage endpoint software or appliances, dramatically reducing ransomware risks.</p><p>This video explains their innovative approach against advanced attacks.</p><p><br /> <strong>Menlo Security Isolation Platform - Overview</strong><br /> <a href="https://www.youtube.com/watch?v=7ZUwQJPZ3Qg" target="_blank">https://www.youtube.com/watch?v=7ZUwQJPZ3Qg</a></p><p>{<strong>Source:</strong> <a href="https://www.menlosecurity.com/how-it-works" target="_blank">https://www.menlosecurity.com/how-it-works</a>}</p><p></p><p><span class="font-size-4">3.<a href="https://www.cylance.com/" target="_blank">Cylance</a><a href="https://twitter.com/cylanceinc" target="_blank">@cylanceinc</a><a href="https://www.cylance.com/" target="_blank"></a>:</span> Cylance is a cyber security firm headquartered in Irvine, US. It was founded in <strong>2012</strong>. Cylance is revolutionizing cyber-security with products and services that proactively prevent, rather than reactively detect the execution of advanced persistent threats and malware. Their technology is deployed on over four million endpoints and protects hundreds of enterprise clients worldwide including Fortune 100 organizations and government institutions.</p><p><strong>Channel of APT Security Used:</strong> <span style="text-decoration:line-through;">Network</span> /End-Points/<span style="text-decoration:line-through;">Email</span></p><p><strong>Funding Raised: $177Million</strong> and <strong>Major Investors</strong> are: Alex Doll, Blackstone, Capital One Growth Ventures, Dell Ventures, DFJ Growth</p><p>Let's see the approach <strong>adopted by Cylance to counter Advanced attacks:-</strong></p><p><br /> <strong>Cylance’s ThreatZERO Assurance Program</strong> provides:</p><p>• The generation, delivery and full review of the Cylance ThreatZERO Assurance Report, including a policy review showcasing best practices, any modifications suggested, and further recommendations to achieve zero threat status</p><p>• A full malware status review during which identified threats may be reclassified and unclassified threats may be submitted to the <strong>Cylance Threat Analysis Team</strong></p><p>• A <strong>full potentially unwanted program (PUP)</strong> review, including the submission of any unclassified PUPs</p><p>• A thorough review of deployed agent version and update statuses</p><p>This video explains <strong>their innovative approach against advanced attacks:-</strong></p><p><strong>Cylance: Protecting Your Computer Through Mathematics</strong><br /> <a href="https://www.youtube.com/watch?v=-YPbZKl71S8" target="_blank">https://www.youtube.com/watch?v=-YPbZKl71S8</a></p><p>{<strong>Source:</strong> <a href="https://www.cylance.com/" target="_blank">https://www.cylance.com/</a>}</p><p></p><p><span class="font-size-4">4.<a href="http://www.cybereason.com/" target="_blank">Cybereason</a><a href="https://twitter.com/cybereason" target="_blank">@cybereason</a><a href="http://www.cybereason.com/" target="_blank"></a>:</span> Cybereason is a cyber security firm headquartered in Boston, Massachusetts. It was founded in 2012. Cybereason automatically detects malicious activity and presents it in an intuitive way. It deploys easily with minimal organizational impact and provides end-to-end context of an attack campaign. Most organizations deploy Cybereason and start detecting attacks within 24 to 48 hours.</p><p><strong>Channel of APT Security Used:</strong> Network /End-Points/Email</p><p><strong>Funding Raised: $88.6Million</strong> and <strong>Major Investors are:</strong> CRV, Lockheed Martin, Softbank, Spark Capital</p><p>Let's see the approach adopted by <strong>Cyberreason to counter Advanced attacks:-</strong></p><p>• <strong>Endpoint and Server Sensors:</strong> Cybereason Sensors are deployed on endpoints and servers and collect data from across your environment 24/7 in real time. The sensors have no impact on productivity or user experience.</p><p>• The <strong>Hunting Engine</strong> is constantly fed with information received from the endpoint and server sensors. It uses artificial intelligence, machine learning and behavioural techniques to detect cyber attacks.</p><p>• <strong>Cybereason comes preconfigured</strong> with a library of models that look for malicious activities and tools, tactics and procedures attackers use while executing their hacking campaigns.</p><p>This video explains their <strong>innovative approach against advanced attacks:-</strong></p><p><strong>Introducing Cybereason: Real-Time Automated Cyber Hunting</strong><br /> <a href="https://www.youtube.com/watch?v=0I7yF4waLLY" target="_blank">https://www.youtube.com/watch?v=0I7yF4waLLY</a></p><p>{<strong>Source:</strong> <a href="http://www.cybereason.com/" target="_blank">http://www.cybereason.com/</a>}</p><p></p><p><span class="font-size-4">5.<a href="http://www.vectranetworks.com/" target="_blank">Vectranetworks</a> <a href="https://twitter.com/Vectra_Networks" target="_blank">@Vectra_Networks:</a></span> Vectra Networks is a U.S. business headquartered in San Jose, California, It was founded in 2012. Its products monitor internal network traffic to identify in real time cyber-attacks that are in progress.</p><p><strong>Channel of APT Security Used:</strong> Network /End-Points/<span style="text-decoration:line-through;">Email</span></p><p><strong>Funding Raised: $86.54 Million</strong> and <strong>Major Investors are</strong>: Accel, AME Cloud Ventures, DAG Ventures, IA Ventures, Intel Capital, Juniper Networks</p><p>Let's see the approach <strong>adopted by Vectra Networks to counter Advanced attacks:-</strong></p><p>• <strong>Detections based on data science not signatures:</strong> Vectra uses a patent-pending combination of data science, machine learning, and behavioral analysis to reveal the fundamental characteristics of malicious behavior without the need for countless signatures and reputation-based rules</p><p>• <strong>Adaptive Distributed Architecture:</strong> The Vectra Adaptive Distributed Architecture provides a simple and efficient way to extend cybersecurity to all areas of an organization. Security teams can seamlessly monitor remote sites where attackers start as well as internal network segments that contain key assets attackers will try to steal.</p><p>• <strong>Detect all phases of an active attack:</strong> Vectra picks up where perimeter security stops by continuously analyzing all network traffic for malicious behaviors of an ongoing cyber attack. The solution detects all phases of attack including command and control, internal reconnaissance, lateral movement, ransomware activity, data exfiltration, and botnet monetization behaviors -- automatically and in real time</p><p>This video <strong>explains their innovative approach against advanced attacks:-</strong></p><p><strong>VectraNetworks- How It's Different</strong><br /> <a href="https://www.youtube.com/watch?v=uxu7VWJBY5Y" target="_blank">https://www.youtube.com/watch?v=uxu7VWJBY5Y</a></p><p>{<strong>Source:</strong> <a href="http://www.vectranetworks.com/" target="_blank">http://www.vectranetworks.com/</a>}</p><p></p><p><span class="font-size-4">6.<a href="https://www.safebreach.com/how-offensive-security-works" target="_blank">SafeBreach</a><a href="https://www.safebreach.com/how-offensive-security-works" target="_blank">@safebreach:</a><a href="https://www.safebreach.com/how-offensive-security-works" target="_blank"></a> </span>SafeBreach is a business headquartered in Sunnyvale, California. It was founded in 2014. SafeBreach lightweight simulators play the role of the hacker. Deploy them in critical segments of your network, in the cloud or on your endpoint to simulate the entire kill chain- infiltration, lateral movement and exfiltration. Both network and endpoint simulators are available.</p><p><strong>Channel of APT Security Used:</strong> Network /End-Points/<span style="text-decoration:line-through;">Email</span></p><p><strong>Funding Raised: $19 Million</strong> and <strong>Major Investors are:</strong> Deutsche Telekom Capital Partners, Hewlett Packard Pathfinder, Sequoia Capital, Maverick Ventures Israel</p><p>Let's see the <strong>approach adopted by SafeBreach to counter Advanced attacks:-</strong></p><p>• <strong>Deploy simulators to “play the hacker”: SafeBreach lightweight simulators play the role of the hacker.</strong> Deploy them in critical segments of your network, in the cloud or on your endpoint to simulate the entire kill chain- infiltration, lateral movement and exfiltration. Both network and endpoint simulators are available.</p><p>• <strong>Orchestrate and execute breach scenarios:</strong> The Safebreach orchestration platform manages and executes the Hacker's Playbook™ of breach methods on our simulators. Our patent-pending technology simulates breach scenarios without impacting users or infrastructure, but while validating the effectiveness of your security solutions.</p><p>• <strong>Quickly take corrective action:</strong> Our platform correlates and analyzes all breach methods, and presents information useful for both security analysts and security executives. Deep dive into breach scenario building blocks and quickly remediate based on SafeBreach recommendations.</p><p>This video explains their <strong>innovative approach against advanced attacks:-</strong></p><p><strong>SafeBreach - Your ultimate virtual hacker</strong><br /> <a href="https://www.youtube.com/watch?v=n3v96igavfk" target="_blank">https://www.youtube.com/watch?v=n3v96igavfk</a></p><p>{<strong>Source</strong>: <a href="https://www.safebreach.com/how-offensive-security-works" target="_blank">https://www.safebreach.com/how-offensive-security-works</a>}</p><p></p><p><span class="font-size-4">7. <a href="https://sqrrl.com/product/sqrrl-enterprise/" target="_blank">Sqrrl</a><a href="https://twitter.com/SqrrlData" target="_blank">@SqrrlData</a><a href="https://sqrrl.com/product/sqrrl-enterprise/" target="_blank"></a>:</span> Sqrrl is a business headquartered in Sunnyvale, California. It was founded in 2014. Sqrrl is the security analytics company that enables organizations to target, hunt, and disrupt advanced cyber threats. Sqrrl’s industry-leading advanced detection and response platform enables security analysts to uncover malicious behaviour within enterprise networks. Sqrrl reduces attacker dwell time by detecting adversarial behaviour faster and with fewer resources through the use of machine learning, and enables effective threat hunting. As an incident response tool, it enables analysts to investigate the scope, impact, and root cause of an incident more efficiently and thoroughly than ever before.</p><p><strong>Channel of APT Security Used:</strong> Network /End-Points/<span style="text-decoration:line-through;">Email</span></p><p><strong>Funding Raised: $14.2 Million</strong> and <strong>Major Investors are:</strong> Atlas Venture, Matrix Partners, Rally Ventures</p><p>Let's see the <strong>approach adopted by Sqrrl to counter Advanced attacks:-</strong></p><p>Sqrrl Enterprise enables the ingest and analysis of disparate data-sets to facilitate <strong>proactive threat detection</strong>, which is also known as cyber threat hunting.</p><p>• <strong>Target:</strong> Scope the data sets that will be used in your investigation. Hunts can branch from various starting points or “trailheads”. These include indicator-driven structured hunts and hypothesis-driven exploratory hunts, both of which can be optimized with automated analytics and machine learning. </p><p>• <strong>Proactively and iteratively</strong> search through network and endpoint data to detect and isolate advanced threats that evade more traditional security solutions.</p><p>• <strong>Disrupt:</strong> By seamlessly pivoting from hunting to forensic analysis, disrupt adversaries before they fully execute their attacks. These analyses can generate new indicators to feed into complementary security systems, creating an effective security feedback loop.</p><p>This video <strong>explains their innovative approach against advanced attacks:-</strong></p><p><strong>Sqrrl - "Secure. Scale, Adapt"</strong><br /> <a href="https://www.youtube.com/watch?v=Sk-8_jJQ1Nc" target="_blank">https://www.youtube.com/watch?v=Sk-8_jJQ1Nc</a></p><p><br /> {<strong>Source:</strong> <a href="https://sqrrl.com/product/sqrrl-enterprise/" target="_blank">https://sqrrl.com/product/sqrrl-enterprise/</a>}</p></div>Digital Retaliation of Iran - Predicting the Next Evolution of Cyberwarhttps://www.cisoplatform.com/profiles/blogs/digital-retaliation-of-iran-predicting-the-next-evolution-of2020-01-05T05:30:11.000Z2020-01-05T05:30:11.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><p><a href="{{#staticFileLink}}8669830467,original{{/staticFileLink}}" target="_blank"><img src="{{#staticFileLink}}8669830467,original{{/staticFileLink}}" class="align-center" alt="8669830467?profile=original" /></a></p><p>The United States and allies' national cyber response may soon be tested with the latest escalating conflict in the middle east. The U.S. conducted an airstrike that killed a revered Iranian general while in Iraq. This was in retaliation to a number of attacks against U.S. personnel and most recently the U.S. embassy in Iraq that was purported to be orchestrated by Iran and specifically General Qassem Soleimani who was killed in the airstrike. Soleimani, also spelled Suleimani, was the top military official for Iran and a very powerful figure in the region. Iran has vowed to retaliate.</p><p>Iran has significant resources, both traditional kinetic weapons as well as mature cyber warfare capabilities. Direct military attacks could draw both countries into an undesired war. Political condemnation is likely to be seen as insufficient by the Iranian leadership. The other play is to go down the route of cyberattacks. </p><p>Cyber attacks, attributed to Iran, have taken place in the past but most were denied by the government and overall not too severe. Many in the cybersecurity community, including myself, believe that for years Iran has been conducting digital reconnaissance and spoiling attacks to gain footholds in western critical infrastructure that could be used at a later date as beachheads for large-scale attacks.</p><p>This may now be the moment that Iran chooses to use their nation-state supported cyber warriors to directly target the United States government, economy, and critical infrastructure. Unlike the clandestineness and denials of the past, attacks would likely be openly attributed as retaliation by Teheran and intended to cause enough harm to show strength and be a deterrent for future acts. </p><p>Here are my predictions for how Iran will respond with cyberattacks against the United States. These are the six potential attacks that Iran might choose to pursue. Most likely one of the following will occur or be attempted, in the coming weeks.</p><p> </p><p><span style="font-size:14pt;"><strong>Top 6 Likely Cyber Attacks by Iran</strong>:</span></p><ol><li>Cyber attacks disrupting U.S. regional electrical power grids. The goal would be a shut-down for several hours to a few days, in a major urban center.</li><li>Cyber attacks against North American telecommunications and Internet services, to disrupt the availability for several days across a modest region of the country.</li><li>Damaging attacks to U.S. government servers, data, and digital services. Likely targets would be the Pentagon facilities and other Department of Defense (DoD) bases around the world. The objective would be to disrupt intelligence, logistics, communications, planning, and operations.</li><li>Digital attacks against the U.S. Executive branch, including the White House or Embassies around the world. Also with a goal of disrupting communications, logistics, services, and operations.</li><li>Cyber attacks against the financial sectors to temporarily impact the economy. Specific targets might include one or more of the U.S. exchanges, major banking services, and Federal Reserve. Perhaps taking down the stock markets, federal lending functions, disrupting inter-banking transfers, or interfering with financial services (ATMs, deposits, withdraws, bill-payments, etc.) in a limited way for a few days would send shockwaves throughout the public.</li><li>Cyber attacks against U.S. oil production, refining, and distribution capabilities. This has a two-fold impact. It raises the price of global oil and it may force the U.S. to once again rely externally on other nations for petroleum, bringing relevance back to the Persian Gulf and the power that Iran has to control the Strait of Hormuz. </li></ol><p>Most of these attacks would be designed to be temporary and given as a show-of-force as to what Iran can and is willing to do. They would want attacks to be public and potentially inconvenience U.S. citizens. There is a balance, however. Iran will want to convey strength and may also seek to convince Americans that the U.S. government cannot protect their nation's critical infrastructure so as to cause infighting among the voters. I believe Iran would not want to go so far as to cause serious harm to the citizen population as it may unify and embolden Americans and her allies to war. The U.S. has a tremendously formidable military and is willing to deploy it when the country is unified against an enemy. Not many countries want to poke that tiger. </p><p>In another scenario, the United States may not be the direct target. Instead, U.S. allies like Israel, Saudi Arabia, or pro-American leaders in Iraq, might be pursued. </p><p>Lastly, there is a chance that digital attacks might accompany kinetic strikes. Many U.S. allies are well within the range of Iranian missiles, military insurgents, and asymmetric warfare practices. This may include terrorist attacks and the kidnapping of Americans, diplomats or workers, from U.S. companies abroad. It worked as leverage against America during the <a href="https://en.wikipedia.org/wiki/Iran_hostage_crisis">Iran hostage crisis</a>, where diplomats and citizens were held for 444 days in the besieged U.S. Embassy in Teheran (Nov 1979 – Jan 1981).</p><p> </p><p><span style="font-size:14pt;"><strong>Predicting the Next Evolution of Cyberwar</strong></span></p><p>I am concerned that the response to the recent regional conflicts, potentially by both sides, will include cyber-attacks. Any digital attacks by a nation-state inadvertently pushes forward the evolution of cyberwar and sets new standards for what is deemed plausible for future responses. It is an escalation that can impact people across the globe. The world of warfare is about to change again. It will not be limited by geography, distance, or brute military might like in the past. This time, it will include the emergence of the digital battlefield.</p><p><a href="{{#staticFileLink}}8669830467,original{{/staticFileLink}}" target="_blank"></a></p></div>