Red Canary Threat Response

How an IT Service Provider and Red Canary Stopped a Malware Outbreak

Eric Groce

A technical account manager recounts how Red Canary partnered with an IT service provider to help one of their customers stop a rapidly spreading network worm. The article goes behind the scenes of the incident response effort and shares best practices to avoid a breach. Most IT service providers can relate to the following scenario: It’s an idle Thursday. You … Read More

When Web Servers Go Cryptocurrency Mining

Tony Lambert

Miners and canaries have had a long and storied history, but Red Canaries aren’t too fond of miners. Cryptocurrency miners, that is. Recent booms in cryptocurrency values have made cryptocurrency mining an attractive way for anyone with a computer to earn some extra money. The trouble is, the average user would spend more money performing mining activities and paying for … Read More

Cryptocurrency Trends

Cryptocurrency Trends: Will Ransomware Be Overtaken by Miners?

Joe Moles

This last year you couldn’t turn on the TV, look at social media, or visit your favorite internet news source without being faced with another story of a ransomware compromise. These attacks are highly destructive and largely driven by financial gain. Threat trends and methods to “make a quick buck” will continue, while new methodologies rise to the forefront. Based … Read More

A Bird’s Eye View: Behind the Scenes of Beastmode

Dave Epperly

There’s a thing we do at Red Canary called BEASTMODE. No beating around the bush here; it’s a corporate all-hands. On a quarterly basis, the remote teams come to the Denver office and we spend three intense days together. The reason it’s called BEASTMODE is that in the very early days of the company, we’d spend endless hours in a single … Read More

Threat Hunting With Entropy

Using Entropy in Threat Hunting: a Mathematical Search for the Unknown

Ben Downing

“Antivirus is dead” is a common refrain in the information security space, but if you look below the surface, what it really means is “atomic indicators are dead.” While there is value in static indicators, they are the bare minimum standard for detection these days and suffer from numerous drawbacks. Behavioral indicators are the next level, which use knowledge of … Read More

Call to Arms: 4 Things Everyone in InfoSec Should Stop Doing Right Now

Joe Moles

While I’ve always been passionate about working in InfoSec, I can’t help but feel jaded about the way our industry approaches some things. We run around pointing fingers at each other with slander marketing, we use Twitter as an intel sharing platform, and we cry out that the sky is falling every time a researcher posts a new post exploit … Read More

Credential Access

Damage from Malicious Admins and Credential Access

Tony Lambert

Good security sometimes requires us to get back to basics on a number of things, including how we use and secure administrative credentials. Admin accounts enable us to configure all sorts of technologies, from software installations and Windows network controls to WordPress servers. If you can administer it, odds are good that there’s a special account for it. Because these … Read More