Understanding Ransomware: An Overview
February 8, 2017
Author: Stephen Gates, Chief Research Intelligence Analyst Ransomware: The Human Touch As a security professional, I often get asked about the latest threats. Most consumers don’t understand the difference between viruses, worms, Trojans, spyware, adware, scareware, malvertising, phishing, etc. Sometimes, even those of us in the field see it all as malware. Basically, it’s all malicious […]
JTB Breach Leaks 7.93 Million Customer Related Records
February 8, 2017
Executive Summary JTB Corp. (JTB), a well-known travel agency in Japan announced on June 14, 2016 that it had experienced a massive data leak upon an attack targeting its servers. Initial reports indicate that 7.93 million people using JTB to book trips may have had their personal booking data exposed. The leaked data contained sensitive […]
Threat Intelligence 2017 Predictions Report
February 7, 2017
Authors: Stephen Gates, Chief Research Intelligence Analyst & Cody Mercer, Senior Intelligence Threat Researcher Executive Summary Looking back on 2016, there were a few key predictions that ended up becoming a reality. While many organizations have been reassuring themselves for years, saying: “Who would launch a DDoS attack against us?” – they ended up falling victim […]
2016 Q3 Report on DDoS Situation and Trends
February 7, 2017
Sources of Data NSFOCUS collects data from all of their DDoS Protection Solutions deployed worldwide that are being managed by their managed service offering. The botnets that are used across the world can be tracked by NSFOCUS, and those details are used to formulate many of the attack trends shown in this report. NSFOCUS is […]
Overview & Analysis of a Threat Intelligence Ecosystem
February 6, 2017
Authors: Richard Zhao, CTO & Cody Mercer, Senior Intelligence Threat Researcher Security Event Investigation and Threat Intelligence Over a year ago I purposed the three main tenants encompassing a successful Threat Intelligence framework: Define a system infrastructure for security event disclosure and case analysis. Clearly delineate security disclosure responsibilities to respective parties. Cultivate a security data […]
Thwarting 100,000+ Attacks on the G20 Summit, The NSFOCUS Experience
February 6, 2017
In September 2016, prominent world leaders representing the top 20 global economies gathered together in Hangzhou, China to kick off the 11th meeting of Group of Twenty (G20). This year marked the first time that the event was hosted in China and as a result, securing the Summit’s cyber assets and associated networks quickly became […]
“Shifu” Banking Trojan – Technical Analysis and Recommendations
February 6, 2017
Overview The banking Trojan “Shifu” was discovered by the IBM counter fraud platform in April, 2015. Built on the Shiz source code, this Trojan employs techniques adopted by multiple notorious Trojans such as Zeus, Gozi, and Dridex. This particular Trojan targeted 14 banks in Japan and re-emerged in Britain compromising 10 banks on September 22, […]
ElasticSearch Hit by Ransom Attack
January 24, 2017
ElasticSearch Hit by Ransom Attack Overview Last week, over 34,000 vulnerable MongoDB databases fell victim to a recent ransom attack. Data residing on these databases was erased or encrypted and bitcoin payment was demanded in lieu for data return. Moreover, on Jan 18th 2017, several hundred ElasticSearch servers were hit by a ransom attack within […]
Threat Intelligence – You’re Purchasing the Process
February 6, 2017
By: Stephen Gates, Chief Research Intelligence Analyst, NSFOCUS
Over the past year, the cyber security industry has changed significantly in the light of an innovative tool called “Threat Intelligence” (TI). Organizations of all sizes are beginning to gain understanding of the value of TI; however, there is some confusion concerning what organizations believe they are receiving for their money. Organizations are beginning to learn about the notions of strategic and tactical TI. One provides longer-term, pragmatic analysis, alerts, and reports; while the other provides short-term, more-actionable data and informational feeds. Both have tremendous value to organizations who want to gain more insight into the cyber-threat landscape they face daily. However, is TI more than just data? (more…)
Advanced Persistent Threats – A Simple Analogy
August 1, 2016
Author: Stephen Gates, Chief Research Intelligence Analyst, NSFOCUS One of the things that amazes me the most is how the general population lacks a firm understanding of the cyber threats they face daily. Since few people outside of security circles have actually been trained in cyber security, the general lack of knowledge pertaining to cyber-attacks […]
