Aggregator

额外奖励！新人福利！免费出国游！三重好礼在OSRC等你哦！

This blog entry aims to highlight the dangers of internet-facing routers and elaborate on Pawn Storm's exploitation of EdgeRouters, complementing the FBI's advisory from February 27, 2024.

定义的对齐，开启了共同标准的大门

技术交流群，欢迎加入。

某天早上上班，刚打开态感平台，就发现有一条VenomRAT木马的告警，一下子困意全无。。。

Written by: Matthew McWhirt, Omar ElAhdan, Glenn Staniforth, Brian Meyer 

Multi-faceted extortion via ransomware and/or data theft is a popular end goal for attackers, representing a global threat targeting organizations in all industries. The impact of a successful ransomware event can be material to an organization, including the loss of access to data, systems, and prolonged operational outages. The potential downtime, coupled with unforeseen expenses for restoration, recovery, and implementation of new security processes and controls can be overwhelming.

Since the initial launch of our report in 2019, data theft and ransomware deployment tactics have continued to evolve and escalate. This evolution marks a shift from manual or script-based ransomware deployment to sophisticated, large-scale operations, including:

• Weaponizing Trusted Service Infrastructure (TSI): Adversaries are increasingly abusing legitimate infrastructure and security tools (TSI) to rapidly propagate malware or ransomware across entire networks.

• Targeting Virtualization Platforms: Attackers are actively focusing on the virtualization layer, aiming to mass-encrypt virtual machines (VMs) and other critical systems at scale.

• Targeting Backup Data / Platforms: Threat actors are exploiting misconfigurations or security gaps in backup systems to either erase or corrupt data backups, severely hindering recovery efforts.

Based upon these newer techniques, it is critical that organizations identify the span of the attack surface, and align proper security controls and visibility that includes coverage for protecting:

• Identities

• Endpoints

• Network Architectures

• Remote Access Platforms

• Trusted Service Infrastructure (TSI)

Cascading weaknesses across these layers create opportunities for attackers to breach an organization's perimeter, gain initial access, and maintain a persistent foothold within the compromised network.

In our updated report, Ransomware Protection and Containment Strategies, we have expanded the strategies organizations can proactively take to identify gaps and harden their environment(s)to prevent the downstream impact of a ransomware event. The strategies represent practical and scalable methods to protecting organizations, and are the same strategies  that are leveraged by Mandiant when working with clients across the globe.  

The report covers several areas to help organizations mitigate the risk of and contain ransomware events including:

• Attack Surface Identification and Reduction

• Endpoint Hardening

• Credential Protections

• Domain Controller Protections

• Group Policy Objects (GPOs) 

• Virtualization Infrastructure Protections

• Backup Infrastructure Protections

If you are reading this report to aid your organization’s response to an existing ransomware event, it is important to understand how the ransomware was deployed through the environment and design your ransomware response appropriately. This guide should help organizations in that process.

Download the report today.

*Note: The recommendations in this report can help organizations mitigate the risk of and contain ransomware events. However, this report does not cover all aspects of a ransomware incident response. We do not discuss investigative techniques to identify and remove backdoors (ransomware operators often have multiple backdoors into victim environments), communicating and negotiating with threat actors, or recovering data once a decryptor is provided.

NETSCOUT’s biannual DDoS Threat Intelligence Report dissects trends and attack methodologies adversaries use against service providers, enterprises, and end users. The information cited in the report is gathered from NETSCOUT’s unparalleled internet visibility at a global scale, collecting, analyzing, prioritizing, and...

Web3 安全事件每月盘点。

Faced with expanding attack surfaces and a barrage of threats, businesses of all sizes are increasingly looking to unlock the manifold capabilities of enterprise-grade security

TP-Link Archer AX21 Wifi Router targeting, plus a handful of new CVEs! See what mass scanning looks like in March 2024.

如何有效地评估待用于微调的样本质量

​TideInspire(潮启)是由新潮信息Tide安全团队自研推出的一款移动端安全管控平台。通过利用该平台获取的数据，进而对山东省移动应用数量、恶意仿冒应用分布情况，安全漏洞数量等九个方面进行总结与展示。

回顾一下接触安全工作的过程，也是很纠结迷茫的时期。第一份工作是接触Web安全内容，当时是审核漏洞。