Facebook Tracking
Background image

Blog

Stay updated on recent news and the latest industry trends, and read expert commentary written by the AttackIQ team.

Emulating Attacker Activities and The Pyramid of Pain

Some of you might be familiar with “The Pyramid of Pain”, first introduced in 2013 by security professional David J Bianco when he was focused on incident response and threat hunting for the purpose of improving the applicability of attack indicators.

Read More

Case Study - When Threat Intelligence and Red Team Get Married

As the Cybersecurity industry and the talent pool within it is in such high demand, AttackIQ has had a number of customers that have moved from one company to the next, and, as they have moved, have brought AttackIQ as a platform to their new teams as a fundamental decision system to accelerate and improve the security program. In this blog, I talk to one of our customers to review their use case of AttackIQ.

Read More

NASA JPL breaches - A Reminder of Basic Cyber Security Hygiene

The recent audit report detailing numerous breaches of NASA’s Jet Propulsion Laboratory in the last 10 years was released this month. It’s interesting for a few reasons that I’ll go over in this blog but is also a reminder of the importance of basic cyber security hygiene. What we learned about NASA’s JPL network from the audit report exposed many security practices that in all honesty, many organizations also lack. From AttackIQ’s observations, many security organizations focus on adding more mature security technologies and capabilities before they have ensured basic security hygiene is in place and as a result attackers don’t need to use sophisticated methods to breach the network and move laterally.  Because basic defensive capabilities are missing, basic attack techniques are successful.

Read More

Indicators of Compromise

I am sure that every one of you has heard of IoCs, or Indicators of Compromise. They are the forensics that security investigators look for so they can identify the characteristics of the malicious activity that has already occurred. Some examples of IoCs are:

  • Hash values of files
  • IP addresses used by the attacker
  • Domain names associated with the attack
  • Network/host artifacts 
     

Read More

Attack Paths and Kill Chains - AttackIQ Contributions to the Verizon 2019 DBIR Report

For the second year in a row, AttackIQ’s observations and analytics have provided the Verizon DBIR team a redacted dataset from our cloud analytics to help find common patterns and observations from emulated attack behavior. Last year, we contributed to a section of the Verizon 2018 Data Breach Investigations Report called “Beaten paths,” where we provided redacted data on what phase in the attack chain most security controls stop the attacker. This year our contributions were again related to attacker paths, but this year the section is called “Unbroken chains,” related to observations of attack paths and event chaining. This is a relatively new section in the DBIR report, and new support has been added to the Verizon VERIS schema that now helps describe this behavior.

Read More

All vulnerabilities are not created equal

Last week, I came across an interesting paper from the Workshop on the Economics of Information Security (WEIS), held in Boston on June 3 and 4, 2019. It examined the cost of the different strategies that organizations use to patch software vulnerabilities across their enterprise.

Read More

Improving the Maturity of your Security Program

CIOs, CISOs, SecOps, and IT teams of many organizations are often asked about their specific defensive capabilities. “How well would we handle Locky Ransomware or EternalBlue?”

 

Most are unable to reliably and objectively provide data-driven answers. Evaluating your own security maturity can help you understand your current capabilities and drive towards a more mature security program, providing your organization with further capabilities.

 

In this blog post, I’ll review a simplified set of maturity levels that can help you evaluate your security program and discuss how AttackIQ can enable your organization to grow more mature at each level.

Read More

Why Is Container Security Important

Unless you have been living under a rock somewhere, you would have heard about docker containers. Just like in 1956, the advent of the shipping containers that revolutionized freight transport, docker containers have changed the way modern software is packaged and deployed. Unlike a virtual machine, which abstracts out the entire software including the operating system, containerized applications and their related components run on top of a single operating system. Since it doesn't
need to replicate the operating system for each application, containers are lightweight but still retain all the benefits of process isolation and more. Each containerized application has a private namespace with private network interfaces and IP addresses, and it can mount its own file systems. The picture below is a simplified view of how a dockerized container sits on top of a host operating system.

Read More

Securing Your Supply Chain

I woke up on Saturday morning with a Wired Article on my doorstep titled “A Mysterious Hacker Group is on a Supply Chain Hijacking Spree”. Well, it wasn't literally on my doorstep, but rather it popped up on my phone up and came in the form of an email from Carl Wright, our CSO. A few minutes later, I see comments from Brett Galloway, our CEO.

Read More

"Locker Goga" The 2019 Addition To The Ransomware Family

Earlier this week, as I was scanning the Wall Street Journal, this headline caught my eye: “Norsk Hydro Repairs Systems and Investigates After Ransomware Attack.” Norsk Hydro is one of the world’s largest aluminum makers, headquartered in Oslo with more than 35,000 employees in 40 different countries. On March 19, they were hit by a ransomware attack that disrupted most of their production and forced them to switch to manual operations.  
 

Read More