Ransomware is not going away: Prepare or pay up

Phil Hagen

In case you’ve been fortunate enough to avoid it, Ransomware is a security plague that encrypts victims’ files, requiring a complex and expensive payment to free those files.  There is no denying that ransomware schemes have become one of the most popular means of criminal revenue generation. The reason ransomware and related threats are becoming more common is for one … Read More

Know Where You Need Help to Use Threat Intelligence Effectively

Robert M. Lee

Today’s guest post was written by Robert M Lee, Founder and CEO of Dragos Security.  Robert is a renowned expert in Cyber Threat Intelligence and Industrial Control Systems. One of the keys to effectively using threat intelligence is knowing what you want out of it and what your organization can reasonably do on its own. As an example, if you want … Read More

Applying the National Intelligence Process to Information Security

Cory Bowline

The “Intelligence” approach to information security is growing in popularity, but many are still struggling to define what this means to their own processes. Red Canary has drawn upon the time-tested and well-defined procedures followed by practitioners of secret intelligence – spies, satellites, drones, etc. – in order to explain how to build and manage an intelligence process that will … Read More

What Red Canary Detects, Part II: Suspicious Activity

Keith McCammon, Chief Security Officer

At the risk of oversimplifying the threats and threat actors that organizations face, I’m going to assume for purposes of this article that they fall into one of two broad categories: opportunistic and targeted. Opportunistic Attacks Opportunistic attackers land where they land and attempt to extract as much value from each victim as they can in a ruthlessly efficient manner. … Read More

“Operation Cleaver” Blade Dulled

Phil Hagen

“Operation Cleaver” is an attack campaign Cylance details in a new report.  They contend an Iran-based attack group has compromised hundreds of targets in multiple countries and industries.  Regardless of the claims of attribution, the message is clear: well-financed, strategically focused attack groups continue to digitally plunder their targets.  As a community, our decades-old approach to network and information security simply … Read More

Are Rogue Code Signing Keys in Your Environment?

Phil Hagen

Although this specific example has been exposed as part of a joke, the threat is real – code signing keys are often targeted by advanced attackers.  Keys stolen during other breach operations have been used to sign malicious software. Perhaps this was inevitable – it appears the attackers behind the Sony breach are using stolen code signing keys to sign the latest variants … Read More

Slandering Andre Maginot

Red Canary

FireEye recently came out with a new report: Cybersecurity’s Maginot Line. It is an excellent report that documents findings from over 1,600 FireEye customers. Some key findings: Nearly all (97 percent) organizations had been breached, meaning at least one attacker had bypassed all layers of their defense-in-depth architecture. More than a fourth of all organizations experienced events known to be … Read More