Improving Threat Detection

Improve Your Threat Detection: Inspect All of the New Everythings

Keith McCammon, Chief Security Officer

When asked to describe the potential threats that Red Canary detects and confirms, we tend to frame the discussion around several big buckets: Bad things – the most obvious: malware and unwanted software, primarily. Good things gone bad – legitimate applications and services leveraged by a malicious actor . . . think PowerShell, WMIC, MSHTA, etc. Unusual things – why does your CEO … Read More

Threat Investigation 5207

Shutting Down a Hands-on Keyboard Attack: Two Joes vs One Threat Actor

Suzanne Moore

It was a Friday afternoon when the alert came in. One of Red Canary’s customers had experienced a breach. The compromise occurred on an unsecured endpoint—an isolation development box that was used for testing. The customer had deployed Red Canary Managed Endpoint Detection & Response (MEDR) across its most critical endpoints: domain controllers, front-facing web server, executive endpoints, databases, and … Read More

How to Mitigate Phishing Risk

You Will Be Phished. Three Ways to Mitigate Your Phishing Risk.

Phil Hagen

Phishing remains one of the most common and effective means for an attacker to gain initial access to their victims’ environments. Verizon’s 2017 Data Breach Investigation Report (DBIR) indicated that for two years running, phishing was the top variety of social attack, used in more than 90% of incidents and breaches. A more focused variant is “spearfishing,” which differs in … Read More

Using Cb Response to Mitigate ETERNALBLUE

Keith McCammon, Chief Security Officer

In case you’ve been under a rock: There’s a wee problem with ransomware, fueled by the public release of a handful of high quality access (exploit) and persistence (backdoor) utilities. Most recently, these have manifested in the form of the WannaCry and Petya epidemics. While good intelligence on Petya infection vectors and lateral movement techniques are in a state of … Read More

Detecting Snake Malware

Detecting Snake Malware Using Cb Response

Keith McCammon, Chief Security Officer

Several days ago, researchers at Fox-IT announced the porting of the Snake malware framework from Windows to the Mac platform. Detecting Snake malware may be difficult as Snake is a relatively complex framework that includes persistence, information stealing, and communications modules among other capabilities. Given this information, we had a need to look retrospectively across our customer base to identify … Read More

Ransomware Epidemic

The Ransomware Epidemic: Why It’s Only Just Begun

Jamison Utter

Ransomware (or more accurately cybercrime) is a well-oiled, well-funded industry. I recently joined Michael Haag and Ben Johnson on a webinar to take a deep dive into the ransomware epidemic—discussing its origins, inner workings, and practical prevention techniques and tools. One of the top questions we received from attendees was “What can organizations expect in the future?” With changes in commoditization … Read More

How to Prevent Ransomware

How to Prevent Ransomware: 5 Practical Techniques and Countermeasures

Michael Haag

Just about every security vendor has researched, blogged, and webcasted about how their product can and will prevent ransomware. Additionally, in my conversations with the security community, people always ask me: “What is the best product to prevent ransomware?” If you have read my Security Architect Lessons post, you know by now that I am not a fan of a single … Read More