Blog

Category: Botnets

Doing Threat Intel the Hard Way - Part 1: Manual IOC Management

Part #1:  Introduction to Manual IOC Management for Threat IntelligenceThis is the first post of a series on manual management of IOCs for threat intelligence.Threat Intelligence is a popular topic in security circles these days. Many organizations are now utilizing a threat feed that comes bundled with some...

Read More

Targeted Ransomware Activity

OverviewSince late 2013 there has been a growing trend of Ransomware activity. In these attacks actors encrypt files on hard drives, and request that a ransom be paid in order to decrypt the files. Many of these attacks have focused on client side vulnerabilities using phishing messages as a delivery...

Read More

Three Month FrameworkPOS Malware Campaign Nabs ~43,000 Credit Cards from Point of Sale Systems

Threatstream Labs came across an interesting FrameworkPOS sample that given it is two months old, its digitally signed and its certificate hasn't been revoked. FrameworkPOS is a malware family that targets POS (Point of Sale) terminals and its main objective is to steal credit card data from them in...

Read More

How To Prevent Threats From Slipping Through the Big Data Cracks

When it comes to data breaches, the risk for organizations is high – from the easily calculable costs of notification and business loss to the less tangible effects on a company's brand and customer loyalty. In recent years, many businesses have been increasing their budget allocations for security –...

Read More

Evasive Maneuvers by the Wekby group with custom ROP-packing and DNS covert channels

ThreatStream Labs recently became aware of a campaign beginning on 30 June 2015 by the omniprescent Wekby threat actors (a/k/a TG-0416, APT-18, Dynamite Panda). The Wekby actors have recently been observed compromising organizations in the Manufacturing, Technology and Utilities verticals, but have had a long standing interest in the...

Read More

The Blind Spot

In cyber security ignorance is never blissful.  It is down-right scary.  Many security operation teams have yet to develop an internal threat intelligence strategy and are currently operating with large blind spots when it comes to threats.  Let's walk through a simple scenario to help you...

Read More

Digging into ShellShock Exploitation attempts using ShockPot Data

Late last week we developed and relasesed a new open source honeypot, Shockpot, designed to mimic servers vulnerable to ShellShock (CVE-2014-6271) and automatically download payloads from exploitation attempts.  In this blog post we characterize the attacks our global deployment of Shockpot honeypots saw as well as the payloads...

Read More

Introducing ShockPot: The intelligence driven defense against ShellShock

While the security community is still recovering from the Heartbleed exploit disclosed this past April, here comes another game changing vulnerability: ShellShock.  The simple but severe vulnerability is one of the most commonly deployed command line software shells and puts millions of systems at risk to local and...

Read More

The Security Operations Holy Grail

Responding to a data-breach is hard.  But understanding how you got there is key to moving an effective defense towards reality.  In security operation centers (SOC), it's often said you have to crawl before you walk. Most enterprise firms are just now capable of walking. To us,...

Read More

Latest Security Trends - Blackhat, Defcon and B-Sides wrap-up

Blackhat, Defcon and B-Sides wrap-upHow are we advancing security?  As the annual conferences have come to a wrap there are some exciting trends to come out of the industry's most exciting annual conferences.  Some of the key take-aways align directly with the vision and products of...

Read More
Register for a Free Anomali Account Register now