Luke Richards
Threat Intelligence Lead
Luke is the Threat Intel Lead for Vectra. He has been with the company for 4 years, joining as a consultant analyst and working with customers and high level incident response directly. Before joining Vectra, Luke was a senior Security Analyst for an international Engineering and Defence contractor where he developed SOC toolsets, processes and incident response playbooks.
Posts from
Luke Richards
What If there was a Supply Chain Compromise of an IDP? The recent security incident at Okta represents yet another perspective on supply chain compromises. While this attack appears to not have been fully realized, resulting in an apparently limited number of businesses affected, it poses an interesting set of questions to think about in terms of what a supply chain attack against an IDP would look like when fully realized. The result of any IDP compromise, or that of any similar pervasive use technology could be an attack group with access to millions of users and thousands of businesses. This blog provides perspective on the current situation and mitigation and defense strategies to manage such an event.
Updated perspective on cyberthreats as a result of ongoing Ukrainian/Russian conflict, including specific custom recall queries, and aggregation of common Russian state actor TTPs.
Vectra customers should be aware that current global events related to Russian recognition of separatist regions of the Ukraine carry with them the risk of increased cyber activity conducted by Russian state level actors. This includes evidence that the FSB, the main Intelligence Organization in Russia, is responsible for the DDoS against Ukrainian systems in February 2022. [1] Credible concern exists that target selection may expand past regional targets to include, for example, politically or economically useful targets in NATO countries.
A few days after the Log4Shell vulnerability was discovered, we now have more observations about how the exploit is being leveraged. Here’s what we know, today.
A new 0day was discovered in the log4j application on December 10, 2021. This vulnerability impacts a widely used logging solution spanning an incredibly large attack surface.
A new remote code execution vulnerability in Windows Print Spooler, now known as CVE-2021-1675, or PrintNightmare can be exploited by attackers to take control of affected systems. Find out how to detect and stop this exploit with Vectra.
Discover what you need to know about the SolarWinds Orions compromise, how it unfolded and why monitoring users in the cloud is imperative to protect your enterprise.
