So far in this series, we have looked at what ransomware is, what it does after it has compromised a system, and what organizations can do to detect and prevent ransomware. (Catch up with Part 1 & Part 2 before continuing!) However, that is only half the story. Organizations need to assume that they will…
Read
Opening In part one of this blog post series, we provided an introduction into what ransomware is and how it works. We also provided examples of different types of ransomware, variation of ransomware tactics, and identified that ransomware delivery is traditionally accompanied by other malware to assist in lateral movement and deployment. If you haven’t…
Read
In this three-part blog post series, we will provide an introduction into what ransomware is, how it works, and how it spreads to systems within an organization. We will also provide examples of different types of ransomware and variation of ransomware tactics. In part two, we will go in-depth to understand the various attack vectors…
Read
Office 365 is the most popular line of digital services for businesses for a reason, but when it comes to cyberattacks, its ubiquity is creating challenges. If it seems like every week there’s a new headline about a large-scale hacking incident, it’s not a case of rampant fake news. According to the 2018 Symantec Internet Security…
Read
Organizations are losing thousands—and sometimes millions—of dollars from invoice fraud, which is also known as Business Email Compromise (BEC). At TrustedSec, we have seen a marked uptick in panicked, embarrassed, and/or angry folks reaching out to us for Incident Response and forensics work following a scam. Sometimes, organizations are able to recover some or all…
Read
In part one of this blog post series, we briefly looked at why IoC threat data enrichment is important, the value of knowing who your enemy is, and the process of turning threat data into threat intelligence. If you haven’t had a chance to read the first part of this series, take a few minutes…
Read
By the time an Incident Response consultant is contacted, the security event in question is already in motion. So, the goals become: rapid triage, assist in identifying the related threat risks, and make every effort to identify the threat actors involved. Attribution is very difficult when dealing with seasoned and well-funded threat actors, but it…
Read
Welcome to the third and final part of the blog series on the RDP honeypot that I set up. The first part took a look at RDP and how it can be better secured, while the second post analyzed what the attackers did once they got into the honeypot. In this post I’ll talk about…
Read
Welcome to part two of the three-part series on the Remote Desktop Protocol (RDP) honeypot I set up. In the first post, I discussed ways that RDP can be configured to be more secure (and how you should NEVER put it on the Internet). In this part, I’ll talk about what happened when my honeypot…
Read
Over the last several months, TrustedSec has noticed a common thread in the root cause of incidents we’ve investigated: Microsoft Remote Desktop Protocol (RDP) open to the Internet. RDP on the Internet is a very bad idea. Attackers are constantly searching for, and breaking into, systems set up in this way. Once in, they can…
Read