Authors: Richard Zhao, CTO & Cody Mercer, Senior Intelligence Threat Researcher Security Event Investigation and Threat Intelligence Over a year ago I purposed the three main tenants encompassing a successful Threat Intelligence framework: Define a system infrastructure for security event disclosure and case analysis. Clearly delineate security disclosure responsibilities to respective...
Categoria: Blog
Threat Intelligence – You’re Purchasing the Process
By: Stephen Gates, Chief Research Intelligence Analyst, NSFOCUS Over the past year, the cyber security industry has changed significantly in the light of an innovative tool called “Threat Intelligence” (TI). Organizations of all sizes are beginning to gain understanding of the value of TI; however, there is some confusion concerning what...
“Shifu” Banking Trojan – Technical Analysis and Recommendations
By: NSFOCUS Security Labs Overview The banking Trojan "Shifu" was discovered by the IBM counter fraud platform in April, 2015. Built on the Shiz source code, this Trojan employs techniques adopted by multiple notorious Trojans such as Zeus, Gozi, and Dridex. This particular Trojan targeted 14 banks in Japan and...
ElasticSearch Hit by Ransom Attack
By: Dr. Richard Zhao, SVP of Global Threat Research, NSFOCUS Overview During the week of January 21, 2017, over 34,000 vulnerable MongoDB databases fell victim to a ransom attack. Data residing on these databases was erased or encrypted and bitcoin payment was demanded in lieu for return of the data....
ElasticSearch Hit by Ransom Attack
ElasticSearch Hit by Ransom Attack Overview Last week, over 34,000 vulnerable MongoDB databases fell victim to a recent ransom attack. Data residing on these databases was erased or encrypted and bitcoin payment was demanded in lieu for data return. Moreover, on Jan 18th 2017, several hundred ElasticSearch servers were hit...
Gazing into our Crystal Ball – 2017 Cybersecurity Predictions
By: Stephen Gates, Chief Research Intelligence Analyst, NSFOCUS Cyber extortion and attacks can take many forms – from ransomware to DDoS shakedowns and data-dump blackmail, organizations all over the globe have been directly impacted by these campaigns in 2016. This year we saw the first DDoS attack exceeding 1Tbps in size...
