Security Controls Archives

Testing Network Security Controls against Russian Malware

Following an up-tick in the activity of Russia-based cyberthreat actors, this blog discusses the practical steps you can take to validate your network security controls against known Russian tactics, techniques, and procedures to improve your security readiness. It walks readers through Russia-specific emulations included in the AttackIQ Network Control Validation module.

March 29, 2022 Read More

Ransomware

The Kaseya VSA REvil Ransomware Supply Chain Attack: How It Happened, How It Could Have Been Avoided

On July 2, 2021, the REvil ransomware group successfully exploited a zero-day vulnerability in the on-premise Kaseya VSA server, enabling a wide-scale supply chain cyber attack. Let’s dig in and see how the attack happened, how attack emulation could have helped, and what you can do to implement a threat-informed defense strategy to prepare yourself for similar threat actor behavior.

July 13, 2021 Read More

Cyberattack

How to Pitch Your CFO on Automated Security Control Validation

CFOs are often perceived as gatekeepers to the company’s cash coffers. With different functional leaders vying for project investments, it is true that the role of the CFO is to help prioritize the company’s spend, based on the business growth plan and trajectory.

July 9, 2021 Read More

Breach and Attack Simulation

AttackIQ and MITRE Engenuity’s Center for Threat Informed Defense are “sighting” ATT&CK techniques in the wild. Come and help.

The goal is greater visibility and effectiveness.

April 26, 2021 Read More

Security Controls

The U.S. Government Needs to Overhaul Cybersecurity. Here’s How.

In advance of the new Biden administration cybersecurity executive order, it’s time for the federal government to get proactive about cybersecurity. Deploying a validated zero trust architecture for the U.S. government's most critical high-value assets is an aggressive but achievable goal.

April 9, 2021 Read More

Command and Control

Data Obfuscation: An Image Is Worth a Thousand Lines of Malware

Adversaries love to hide malware in images, a tactic called data obfuscation. To help you solve this problem, at AttackIQ we have built scenarios to test your defensive capabilities' ability to detect and prevent image-based malware. Read on to learn how it works – and how you can obfuscate data on your own to test your defenses.

February 16, 2021 Read More

Breach and Attack Simulation

GAO Finds Gaps in DoD Cyberdefenses, Highlights Importance of Breach and Attack Simulation Tools

AttackIQ’s Security Optimization Platform gives an agency a proactive—rather than a reactive—security posture. It enables continuous validation of security controls to definitively establish the effectiveness of key initiatives, to include zero-trust controls that prevent adversaries from moving laterally across a network, as in the case of SolarWinds.

February 8, 2021 Read More