Facebook Tracking
Background image

Blog

Stay updated on recent news and the latest industry trends, and read expert commentary written by the AttackIQ team.

Before the Election, States Need to Test their Cybersecurity Continuously

States have invested in cybersecurity for the election - but do they test it effectively?

Read More

Purple Teaming Chronicles Part 1

This is the first post in a series about the tactics, techniques, and behaviors that “purple teams” can use to defend their data. In this series we will depict how the AttackIQ Platform can be used as a purple teaming resource to enhance the capabilities and the collaboration between blue and red teams to improve the company's overall security posture.

Read More

2020 Verizon Data Breach Investigations Report: Analysis, Findings, and AttackIQ Commentary

This week, Verizon released it’s highly anticipated annual Data Breach Investigations Report (DBIR), now in its 13th year of publication. AttackIQ is honored to be an ongoing contributor and to help the cybersecurity industry make better decisions around a threat informed defense strategy.

Read More

Why I joined AttackIQ: Compelling Mission, Amazing Team

Julie O'Brien joins AttackIQ as CMO. Learn why the company excited her and read her views about how AttackIQ helps leaders solve complex cybersecurity challenges.

Read More

Threat-Informed Defense and Purple Teaming: Lessons from U.S. Cyber Command

Two national security professionals offer lessons on how the U.S. military has developed a threat-informed defense strategy for operations and purple teaming.

Read More

Fingerprinting FIN7

This is a new blog post on the work we are doing at AttackIQ to help our customers to emulate known threats and test the performance of their security controls against them, this time focusing on FIN7.

Read More

Defeating a Cloud Breach Part 3

Do you believe you are monitoring and identifying any unexpected access to the information stored in the Cloud? If the answer is no, don’t be worried about it! In this blog post we are going to give you some solutions.

Read More

Defeating a Cloud Breach Part 2

Are you protecting well your instance profile credentials in AWS? Learn how to protect your Access Keys stored in the Metadata Service, to ensure that you can detect and prevent any unintended access to them. 

Read More

Defeating a Cloud Breach Part 1

Do you want to know how to identify a security breach in your Cloud infrastructure? In this blog post series we present how to carry out a breach simulation in Cloud based on a real threat and how to set up the security controls needed to prevent and detect them.

Read More

Component Object Model Hijacking

Learn how to carry out a Component Object Model Hijacking attack in the same way as our scenarios do. In this blog post you will discover all the intricacies to ensure that you can detect such a malicious activity.

Read More

Emulating APT29 with AttackIQ

Do you want to test the efficacy of your security tools against a full attack chain of a known threat actor? In this blog post we present an Assessment Template designed to emulate APT29 tactics, techniques and procedures (TTPs).

Read More

Where to Find AttackIQ at RSA 2020

Heading to the RSA Conference this year?

AttackIQ is excited to announce we will have an expanded presence at RSA 2020 this February.

Here’s where you can find us throughout the week! 

Read More

The Hornet’s Nest was just Kicked… What’s Your Move?

Read More

AttackIQ’s Extreme Ownership – Giving back to our community through research

I am pleased to announce that AttackIQ has been selected as one of the ten founding members of the MITRE Engenuity Center for Threat Informed Defense (CTID). 

Read More

Predicting Attack Behavior - Ransomware Patterns Strategic Leaders Need to be Aware of

This is a new series of blogs where I’m going to be writing about “Predicting Attack Behavior”, discussing the anatomy of specific attack categories like ransomware and discussing past and current behavior of such attack categories for the purpose of predicting future behavior and building defensive strategies. 

Read More

Emulating Attacker Activities and The Pyramid of Pain

Some of you might be familiar with “The Pyramid of Pain”, first introduced in 2013 by security professional David J Bianco when he was focused on incident response and threat hunting for the purpose of improving the applicability of attack indicators.

Read More

Case Study - When Threat Intelligence and Red Team Get Married

As the Cybersecurity industry and the talent pool within it is in such high demand, AttackIQ has had a number of customers that have moved from one company to the next, and, as they have moved, have brought AttackIQ as a platform to their new teams as a fundamental decision system to accelerate and improve the security program. In this blog, I talk to one of our customers to review their use case of AttackIQ.

Read More

NASA JPL breaches - A Reminder of Basic Cyber Security Hygiene

The recent audit report detailing numerous breaches of NASA’s Jet Propulsion Laboratory in the last 10 years was released this month. It’s interesting for a few reasons that I’ll go over in this blog but is also a reminder of the importance of basic cyber security hygiene. What we learned about NASA’s JPL network from the audit report exposed many security practices that in all honesty, many organizations also lack. From AttackIQ’s observations, many security organizations focus on adding more mature security technologies and capabilities before they have ensured basic security hygiene is in place and as a result attackers don’t need to use sophisticated methods to breach the network and move laterally.  Because basic defensive capabilities are missing, basic attack techniques are successful.

Read More

Indicators of Compromise

I am sure that every one of you has heard of IoCs, or Indicators of Compromise. They are the forensics that security investigators look for so they can identify the characteristics of the malicious activity that has already occurred. Some examples of IoCs are:

  • Hash values of files
  • IP addresses used by the attacker
  • Domain names associated with the attack
  • Network/host artifacts 
     

Read More

Attack Paths and Kill Chains - AttackIQ Contributions to the Verizon 2019 DBIR Report

For the second year in a row, AttackIQ’s observations and analytics have provided the Verizon DBIR team a redacted dataset from our cloud analytics to help find common patterns and observations from emulated attack behavior. Last year, we contributed to a section of the Verizon 2018 Data Breach Investigations Report called “Beaten paths,” where we provided redacted data on what phase in the attack chain most security controls stop the attacker. This year our contributions were again related to attacker paths, but this year the section is called “Unbroken chains,” related to observations of attack paths and event chaining. This is a relatively new section in the DBIR report, and new support has been added to the Verizon VERIS schema that now helps describe this behavior.

Read More