Tracking Image
Background image

Blog

Stay updated on recent news and the latest industry trends, and read expert commentary written by the AttackIQ team.

Indicators of Compromise

I am sure that every one of you has heard of IoCs, or Indicators of Compromise. They are the forensics that security investigators look for so they can identify the characteristics of the malicious activity that has already occurred. Some examples of IoCs are:

  • Hash values of files
  • IP addresses used by the attacker
  • Domain names associated with the attack
  • Network/host artifacts 
     

Read More

Attack Paths and Kill Chains - AttackIQ Contributions to the Verizon 2019 DBIR Report

For the second year in a row, AttackIQ’s observations and analytics have provided the Verizon DBIR team a redacted dataset from our cloud analytics to help find common patterns and observations from emulated attack behavior. Last year, we contributed to a section of the Verizon 2018 Data Breach Investigations Report called “Beaten paths,” where we provided redacted data on what phase in the attack chain most security controls stop the attacker. This year our contributions were again related to attacker paths, but this year the section is called “Unbroken chains,” related to observations of attack paths and event chaining. This is a relatively new section in the DBIR report, and new support has been added to the Verizon VERIS schema that now helps describe this behavior.

Read More

Improving the Maturity of your Security Program

CIOs, CISOs, SecOps, and IT teams of many organizations are often asked about their specific defensive capabilities. “How well would we handle Locky Ransomware or EternalBlue?”

 

Most are unable to reliably and objectively provide data-driven answers. Evaluating your own security maturity can help you understand your current capabilities and drive towards a more mature security program, providing your organization with further capabilities.

 

In this blog post, I’ll review a simplified set of maturity levels that can help you evaluate your security program and discuss how AttackIQ can enable your organization to grow more mature at each level.

Read More

Why Is Container Security Important

Unless you have been living under a rock somewhere, you would have heard about docker containers. Just like in 1956, the advent of the shipping containers that revolutionized freight transport, docker containers have changed the way modern software is packaged and deployed. Unlike a virtual machine, which abstracts out the entire software including the operating system, containerized applications and their related components run on top of a single operating system. Since it doesn't
need to replicate the operating system for each application, containers are lightweight but still retain all the benefits of process isolation and more. Each containerized application has a private namespace with private network interfaces and IP addresses, and it can mount its own file systems. The picture below is a simplified view of how a dockerized container sits on top of a host operating system.

Read More

Securing Your Supply Chain

I woke up on Saturday morning with a Wired Article on my doorstep titled “A Mysterious Hacker Group is on a Supply Chain Hijacking Spree”. Well, it wasn't literally on my doorstep, but rather it popped up on my phone up and came in the form of an email from Carl Wright, our CSO. A few minutes later, I see comments from Brett Galloway, our CEO.

Read More

"Locker Goga" The 2019 Addition To The Ransomware Family

Earlier this week, as I was scanning the Wall Street Journal, this headline caught my eye: “Norsk Hydro Repairs Systems and Investigates After Ransomware Attack.” Norsk Hydro is one of the world’s largest aluminum makers, headquartered in Oslo with more than 35,000 employees in 40 different countries. On March 19, they were hit by a ransomware attack that disrupted most of their production and forced them to switch to manual operations.  
 

Read More

MITRE ATT&CK Evaluations Of Cyber Security Products

Like many of you, I was excited to see the Mitre Evaluations posted. I quickly navigated to attackevals.mitre.org and started to click on the cards to check out how the different security vendors fared. I expected to see different areas of the Mitre ATT&CK matrix light up based on the detection by a given security vendor. To my surprise, the matrix looked the same for all of the vendor cards. On further reflection, I realized that this is to be expected, as the ATT&CK matrix displayed the tactics, techniques, and procedures (TTP) exercised by the APT3 group, and, obviously, the same emulation was run on all the different vendor products.
 

Read More

The Evolution Of Malware Fileless Exploits

I may be showing my age as I recall the days when malware was primarily spread by depositing infected files on a computer system. This spawned the antivirus software industry, whose basic technique was to scan your disks and sniff around your system for files containing signatures identifying them as malicious entities. Analogous to our living world, antivirus software became the predators hunting down malware like prey before they could cause lasting damage to our systems, our networks, our companies, and even our countries.  
 

Read More