<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=725552337608854&amp;ev=PageView&amp;noscript=1">

Spreading Technique used by Retadup Worm.

Posted by Abhishek Singh on Oct 2, 2017 8:42:45 PM

Acalvio Threat Research Lab

Read More

Topics: deception, worm, distributed deception, crypto

Can We Automate Threat Hunting?

Posted by Satnam Singh on Sep 21, 2017 8:35:12 AM

Threat hunting has been primarily a playground for security experts to surface unknown threats. It is a proactive security approach where the hunt starts with a hypothesis about a hidden threat that may be already in the enterprise network. According to 2017 survey on threat hunting by the SANS Institute, nearly 45% of organizations hunt on an ad hoc basis. The ad hoc approach is ineffective and does not yield sufficient results to cover the cost of threat hunting. Considering a limited number of security analysts, the ad hoc threat hunting becomes a costly and expensive process. Also, threat hunting is typically performed by doing outlier detection of the data. For example, analysts typically do outlier detection to find suspicious processes out of Windows process logs. The outlier detection can be done using simple box plots, control charts or using more sophisticated unsupervised machine learning techniques. However, the output of all the outlier detection techniques is outliers/anomalies that still need to be audited/investigated by the security analysts. This adds more workload to the already overwhelmed security analyst.

Read More

Deception Centric Defense Against Ransomware

Posted by Abhishek Singh on Aug 7, 2017 2:32:19 PM

Team Acalvio

Read More

Topics: deception, ransomware

Meeting HIPAA Requirements with Acalvio’s Deception 2.0 Solution, ShadowPlex

Posted by Admin on Jul 31, 2017 9:41:35 AM

The recent ransomware attacks such as Wannacry have highlighted the need for robust security controls in healthcare firms.  These organizations are subject to HIPAA/HITECH compliance requirements, but unfortunately many firms just seem them as a distraction.  This is a big mistake: The controls typically implemented for HIPAA/HITECH shouldn’t be regarded as useless “check the boxes” distractions.  Done right, they go a long way toward true risk management for covered entities.

Read More

Topics: deception, healthcare, HIPAA

Don’t be a sitting duck. Make your BreadCrumbs & Lures Dynamic!

Posted by Abhishek Singh on Jul 10, 2017 12:45:11 PM

BreadCrumbs and Lures are very critical components of any deception based architecture. As the name suggests, breadcrumbs and lures aid to divert a threat a threat actor (an individual or malware) to deception sensors. The moment the deception sensor gets tripped, instead of blocking the multi-stage threat, the threat actor is allowed to execute its weaponry in a monitored network. This execution of all the stages of an attack can help gather pertinent indicators of compromise that can be fed back to the inline or endpoint detection devices for timely and effective prevention. This was discussed in our previous blog looking deep into a multi-stage attack.

Read More

Topics: deception, ransomware, dynamic

Reflections on a conference…

Posted by Chris Roberts on Jul 1, 2017 1:14:45 AM

This past week I’ve spent 30 hours in planes and countless more hanging around in security lines, I’ve been heated to the point of melting, tired to the point of sleeping while standing and stressed to the point of immobility (mostly my fault due to not getting all the slides finished until the last minute)…and you know what…I wouldn’t change it for a damm thing. I consider myself ridiculously fortunate to be in a position where I am accepted to talk at conferences, and even more so when those conferences are not on home ground.

Read More

Topics: conference, infosec

Technical Analysis of Petya Ransomware Propagation

Posted by Abhishek Singh on Jun 28, 2017 12:28:35 PM

Acalvio Threat Research Labs.

Read More

Topics: lateral movement, ransomware, propagation techniques, technical analysis

Ransomware: Catch me if you can.

Posted by Abhishek Singh on Jun 20, 2017 1:53:58 PM

Ransomware demand in 2016 was around a billion dollars[1].  WannaCry[3] was the recent ransomware campaign that spread across 150 countries affecting 200,000 users. It is estimated that in 2017[2], damages due to ransomware will exceed $5 billion. Modern defenses make use of virtualized environments or machine learning algorithms to ensnare the threat actor. This blog will detail some of the evasion techniques that modern ransomware uses to bypass such defenses.

Read More

Topics: deception, detection, evasion, ransomware

The Industry’s First “Deception 2.0 for Dummies” Book

Posted by Acalvio on May 18, 2017 5:49:00 AM

Since the dawn of time, deception has been used in nature in various forms as a successful survival strategy and has played an important role in the physical and behavioral adaptations of all organisms. Humankind, with its higher cognitive ability, has successfully adapted deception to warfare, as a powerful mechanism to draw an enemy into weak position and to defeat or completely rout. Sun Tzu’s famous aphorism “All warfare is Deception” sums it up succinctly! In the Computer Security industry, Cliff Stoll’s uncanny use of Deception depicted in his book, Cuckoo’s Egg, would put most spy thrillers to shame. Stoll’s success led to a number of Open Source Deception projects - Honeyd, Honeynet, Kippo, Dionaea, and industry specific honeypots - Gaspot, Conpot, etc. All these projects proved the efficacy of Deception technologies through low false positives detection signals. This led to a number of startups offering commercial solutions, typically focused at a certain niche aspect of Deception - Low Interaction Honeypots, High Interaction Honeypots, Breadcrumbs, etc. Despite some innovative approaches, these Deception 1.0 solutions did not address the key aspects of what a modern distributed enterprise needed; namely, to deploy deception at scale, deploy it automatically, deploy it cost-effectively, deploy it from the cloud or on-prem, and deploy it to on-prem or cloud workloads. At Acalvio, we have addressed these fundamental issues in our Deception 2.0 solution, ShadowPlex. In our travels, we heard from Cybersecurity professionals that they would benefit from a simple and succinct explanation of the key aspects of advanced deception techniques using a simple, non-technical jargon approach. This  was the primary motivation behind this book.

Read More

Topics: deception, detection, multistage attack, lateral movement

WannaCry Ransomware Analysis: Lateral Movement Propagation

Posted by Abhishek Singh on May 16, 2017 9:50:06 AM

Acalvio Threat Research Labs

Read More

Topics: detection

Subscribe to Email Updates