Adam Moore has joined AttackIQ as Head of R&D for threat emulation content with 16yrs experience doing operational network defense, threat intelligence, incident response and active cyber defense/counter-threat operations, with an overlapping and sizable subset of that time also designing and doing insider threat monitoring and consulting on cyber research projects for government and military customers. He has also led security technology implementation projects, closely supported CISOs for many years by advising, reporting and acting in their places, and much more. He has defended the U.S. Army's networks in Europe, the distributed nuclear weapons complex, the A- and J-root DNS delegation authority and backend registry operator for .com/.net/.gov (and other TLDs) for the Internet, and a non-profit think-tank highly-targeted by espionage operators from multiple countries.
Attack Graph Response to US-CERT AA22-083A: Historical Russia-based Actors Targeting the Energy Sector
AttackIQ has released a new attack graph for organizations to test and validate their cyberdefense effectiveness against the HAVEX strain of malware. This attack graph follows a pair of Department of Justice indictments of Russia-based threat actors and a new joint FBI-CISA Cybersecurity Advisory about HAVEX released last week. An enduring and dangerous threat, HAVEX targeted the energy and power sectors in 135 countries from 2012-2018, and the tactics and techniques within it continue to threaten organizations today.
Attack Graph Response to US CERT AA22-074A: Russia-based actors disabling multi-factor authentication (MFA)
AttackIQ has released a new attack graph to emulate Russia-based threat actors as they exploit multi-factor authentication protocols to disable MFA. This blog describes the scenarios we have included in the new attack graph to emulate the adversary and then, to inform a purple team construct for cyberdefense operations, it provides detection and mitigation recommendations that you can use to improve your security program effectiveness. Read on for more.
Attack Graph Response to US-CERT AA22-011A & AA22-047A: Preparing for Russian State-Sponsored Cyberthreats
In anticipation of escalating cyberattacks by the Russian government against U.S. and allied interests, AttackIQ has developed a new attack graph to help organizations test and validate their cyberdefenses against known Russian adversarial tactics, techniques, and procedures (TTPs).