Resources
Three Minutes Until the Apocalypse
This blog covers three main topics: Three Key Questions Needing Answers Within Three Minutes When You Suspect a Breach Using Deception and Endpoint Logs to Backtrack Command and Control Improving SOC Triage Workflow with Prevention Failure Detection An adversary has...
Spreading Technique used by Retadup Worm.
Acalvio Threat Research Lab Retadup worm has been in the news recently. It was first observered infecting Israeli Hospitals [1] and recently it was observered active in South America mining for Crypto Currency[2]. The details of the worm have been published by Trend...
Deception Centric Defense Against Ransomware
Team Acalvio It is estimated that in 2017, damages due to the ransomware will exceed $5 billion.[8] When successful, ransomware can not only infect the endpoint, it can also spread across the network extending its exploit. The initial versions of ransomware like...
HIPAA Compliance via Acalvio’s ShadowPlex Deception 2.0
The recent ransomware attacks such as Wannacry have highlighted the need for robust security controls in healthcare firms. These organizations are subject to HIPAA/HITECH compliance requirements, but unfortunately many firms just seem them as a distraction. This is...
Don’t be a sitting duck. Make your BreadCrumbs & Lures Dynamic!
BreadCrumbs and Lures are very critical components of any deception based architecture. As the name suggests, breadcrumbs and lures aid to divert a threat a threat actor (an individual or malware) to deception sensors. The moment the deception sensor gets tripped,...
Reflections on a conference…
This past week I’ve spent 30 hours in planes and countless more hanging around in security lines, I’ve been heated to the point of melting, tired to the point of sleeping while standing and stressed to the point of immobility (mostly my fault due to not getting all...
Technical Analysis of Petya
Acalvio Threat Research Labs Petya is the most recent ransomware strain. It originated in Ukraine [1] and is spreading across Europe. This blog summarizes our technical analysis of Petya. Technical Analysis In addition to the encryption and ransomware functionality,...
Ransomware: Catch me if you can.
Ransomware demand in 2016 was around a billion dollars[1]. WannaCry[3] was the recent ransomware campaign that spread across 150 countries affecting 200,000 users. It is estimated that in 2017[2], damages due to ransomware will exceed $5 billion. Modern defenses make...
The Industry’s First “Deception 2.0 for Dummies” Book
Since the dawn of time, deception has been used in nature in various forms as a successful survival strategy and has played an important role in the physical and behavioral adaptations of all organisms. Humankind, with its higher cognitive ability, has successfully...
How to outfox Shamoon? Put Deception to work!
Acalvio Threat Labs Shamoon is one of the critical threats that has been able to penetrate traditional defenses successfully not once, twice, but thrice - in 2012, 2016 and 2017. The main purpose of Shamoon Threat Actor was the destruction of the endpoint computers...
Honeypots are dead! Long live Honeypots (Part4…The Crystal Ball)
Self healing system capabilities, specifically analysis and intelligence shared between Acalvio instances so you end up with a worst case scenario of only company1 getting hit, companies 2,3,4 have automatically learned from company1. IoT, V2V, V2X etc. This...
2017 Predictions AND “wants”
Going to do this one a little differently, part of it is going to be the typical “throw the crystal ball over the shoulder” stuff that we all do…although honestly JUST going to 2017 is not far enough for some of the stuff we are working on…and the other part of this...