Resources
Deception-Based Architecture to Guard WebServer – Acalvio
Web Server is becoming one of the critical vector which have been exploited by a threat actor to breach an organization. Breach at Equifax is one such example, affecting 143 million customers. In this breach, a threat actor could access the internal network and...
Beyond the Hype: AI in Information Security
In the next few years, Artificial Intelligence (AI) will transform and expand as a decision engine across every enterprise business layer from product development to operations to finance to sales. While, internet biggies like Google, Facebook, Microsoft and Saleforce...
Lateral Movement of Emotet
Acalvio Threat Research Labs. Introduction Emotet is one of many information stealer malware families which have been active in the recent months. The initial delivery vector of the malware is via phishing campaign. The blog by TrendMicro[1] and Microsoft[2] discusses...
Three Minutes Until the Apocalypse
This blog covers three main topics: Three Key Questions Needing Answers Within Three Minutes When You Suspect a Breach Using Deception and Endpoint Logs to Backtrack Command and Control Improving SOC Triage Workflow with Prevention Failure Detection An adversary has...
Spreading Technique used by Retadup Worm.
Acalvio Threat Research Lab Retadup worm has been in the news recently. It was first observered infecting Israeli Hospitals [1] and recently it was observered active in South America mining for Crypto Currency[2]. The details of the worm have been published by Trend...
Deception Centric Defense Against Ransomware
Team Acalvio It is estimated that in 2017, damages due to the ransomware will exceed $5 billion.[8] When successful, ransomware can not only infect the endpoint, it can also spread across the network extending its exploit. The initial versions of ransomware like...
HIPAA Compliance via Acalvio’s ShadowPlex Deception 2.0
The recent ransomware attacks such as Wannacry have highlighted the need for robust security controls in healthcare firms. These organizations are subject to HIPAA/HITECH compliance requirements, but unfortunately many firms just seem them as a distraction. This is...
Don’t be a sitting duck. Make your BreadCrumbs & Lures Dynamic!
BreadCrumbs and Lures are very critical components of any deception based architecture. As the name suggests, breadcrumbs and lures aid to divert a threat a threat actor (an individual or malware) to deception sensors. The moment the deception sensor gets tripped,...
Reflections on a conference…
This past week I’ve spent 30 hours in planes and countless more hanging around in security lines, I’ve been heated to the point of melting, tired to the point of sleeping while standing and stressed to the point of immobility (mostly my fault due to not getting all...
Technical Analysis of Petya
Acalvio Threat Research Labs Petya is the most recent ransomware strain. It originated in Ukraine [1] and is spreading across Europe. This blog summarizes our technical analysis of Petya. Technical Analysis In addition to the encryption and ransomware functionality,...
Ransomware: Catch me if you can.
Ransomware demand in 2016 was around a billion dollars[1]. WannaCry[3] was the recent ransomware campaign that spread across 150 countries affecting 200,000 users. It is estimated that in 2017[2], damages due to ransomware will exceed $5 billion. Modern defenses make...
The Industry’s First “Deception 2.0 for Dummies” Book
Since the dawn of time, deception has been used in nature in various forms as a successful survival strategy and has played an important role in the physical and behavioral adaptations of all organisms. Humankind, with its higher cognitive ability, has successfully...