Blog - Page 5 of 11

Attack Graph Response to US-CERT Alert (AA22-277A): Chinese Threat Actors Steal Sensitive Information from a Defense Industrial Base Organization

AttackIQ has released a new fully featured attack graph that emulates the tactics, techniques, and procedures (TTPs) observed in an attack by Chinese-sponsored adversaries against a Defense Industrial Base organization in the U.S.

Authors: Giovanni López Andres Arrowsmith Ken Towne Jackson Wells October 6, 2022 Read More

Adversary Emulation

Attack Graph Response to US-CERT Alert (AA22-264A): Iranian State Actors Conduct Cyber Operations Against the Government of Albania

AttackIQ has released a new fully featured attack graph that emulates the tactics, techniques, and procedures (TTPs) used by Iranian nation-state adversaries against the government of Albania.

September 23, 2022 Read More

Adversary Emulation

Emulating the Sophisticated Russian Adversary APT28

AttackIQ has released a content bundle including two new attack graphs covering two historical APT28 campaigns involving their SkinnyBoy and Zebrocy malware families and standalone scenarios emulating command-and-control traffic to test boundary controls.

September 21, 2022 Read More

Adversary Emulation

Attack Graph Response to US-CERT Alert (AA22-257A): Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Ransom Operations

AttackIQ has released a new attack graph emulating the techniques used by Iranian actors to compromise and encrypt systems — without the need for malware — to help customers defend against threats that try to operate while living solely off the land.

September 16, 2022 Read More

Most Recent

Breach and Attack Simulation

Purple Hats 2021: It was an Event “Brimming” with Cybersecurity Goodness

This past week, AttackIQ launched its inaugural Purple Hats Conference—where more than 3,000 cybersecurity practitioners, partners, and pros joined to collaborate, share ideas, and learn how to evolve from a reactive to proactive threat informed defense strategy.

June 24, 2021 Read More

Adversary Emulation

Put MITRE ATT&CK® to work through Workbench

For years, users struggled to put MITRE ATT&CK into practice. With the release of ATT&CK Workbench today, defenders can far better ensure that their threat intelligence is continually aligned with the public ATT&CK knowledge base. See how and why.

June 22, 2021 Read More

TTPs

10 Ways to Apply the MITRE ATT&CK Framework in Your Cybersecurity Strategy

There are a number of ways MITRE ATT&CK can be used in your cybersecurity practice. Here are 10 of the most important as laid out in the MITRE ATT&CK for Dummies eBook.

June 22, 2021 Read More

Cybersecurity Education

Building a Stronger Community for Threat Informed Defense

AttackIQ Launches Partner Academy Understanding attacker behavior while simultaneously becoming proactive defenders is critical in…

May 25, 2021 Read More

Breach and Attack Simulation

Risky Business #624 — AttackIQ’s Mark Bagley and Jonathan Reiber talk with Patrick Gray of Risky Biz about how to solve the ransomware problem

May 19, 2021 Read More

Breach and Attack Simulation

Join CSAA Insurance Group CISO Marlys Rodgers for a conversation about the strategic benefits of automated Breach and Attack Simulation (BAS) and security optimization.

May 5, 2021 Read More

Breach and Attack Simulation

Cyber Criminals Target “Weakest Link” in the Supply Chain as European Firms Accelerate Digitisation Strategies

April 30, 2021 Read More

Breach and Attack Simulation

AttackIQ and MITRE Engenuity’s Center for Threat Informed Defense are “sighting” ATT&CK techniques in the wild. Come and help.

The goal is greater visibility and effectiveness.

April 26, 2021 Read More

Security Controls

The U.S. Government Needs to Overhaul Cybersecurity. Here’s How.

In advance of the new Biden administration cybersecurity executive order, it’s time for the federal government to get proactive about cybersecurity. Deploying a validated zero trust architecture for the U.S. government's most critical high-value assets is an aggressive but achievable goal.

April 9, 2021 Read More

Breach and Attack Simulation

Breach and Attack Simulation, Unlike Shoulder Pads, Mullets, and Parachute Pants, is a Trend That is Here to Stay

A year ago, I joined AttackIQ and spent my first few weeks on a listening…

April 6, 2021 Read More

Cyberattack

A Next Step “On The Road” (to Security Optimization)

AttackIQ's new architecture upgrade makes it possible for customers to emulate comprehensive, multi-stage adversary cyberattack campaigns with realism and specificity, at every step in the kill chain. Check it out.

March 23, 2021 Read More

Cybersecurity

AttackIQ Now Supports Atomic Red Team

AttackIQ has added Atomic Red Team to our assessment library, bolstering our testing capabilities to further improve our customers' security effectiveness.

March 17, 2021 Read More

Center for Threat-Informed Defense

In partnership with MITRE Engenuity’s Center for Threat-Informed Defense, AttackIQ launches new automated adversary emulation plan for menuPass

After SolarWinds, organizations need visibility into their security program effectiveness against real world threats. Automated adversary emulations can help meet that need. By generating real data about how your security program performs against menuPass, you can see security failures, make data-informed adjustments, and plan smart investments to optimize your security. Check out the new emulation plan from MITRE Engenuity's Center for Threat-Informed Defense and AttackIQ.

February 23, 2021 Read More

Command and Control

Data Obfuscation: An Image Is Worth a Thousand Lines of Malware

Adversaries love to hide malware in images, a tactic called data obfuscation. To help you solve this problem, at AttackIQ we have built scenarios to test your defensive capabilities' ability to detect and prevent image-based malware. Read on to learn how it works – and how you can obfuscate data on your own to test your defenses.

February 16, 2021 Read More