Luke Richards

Threat Intelligence Lead

Luke is the Threat Intel Lead for Vectra. He has been with the company for 4 years, joining as a consultant analyst and working with customers and high level incident response directly. Before joining Vectra, Luke was a senior Security Analyst for an international Engineering and Defence contractor where he developed SOC toolsets, processes and incident response playbooks.

Posts from

Luke Richards

March 25, 2022
|
By
Luke Richards
What If there was a Supply Chain Compromise of an IDP like Okta?

What If there was a Supply Chain Compromise of an IDP?  The recent security incident at Okta represents yet another perspective on supply chain compromises. While this attack appears to not have been fully realized, resulting in an apparently limited number of businesses affected, it poses an interesting set of questions to think about in terms of what a supply chain attack against an IDP would look like when fully realized. The result of any IDP compromise, or that of any similar pervasive use technology could be an attack group with access to millions of users and thousands of businesses.  This blog provides perspective on the current situation and mitigation and defense strategies to manage such an event.

Read More
March 9, 2022
|
By
Luke Richards
Russian Cyber Attacks: What We Know so far

Updated perspective on cyberthreats as a result of ongoing Ukrainian/Russian conflict, including specific custom recall queries, and aggregation of common Russian state actor TTPs.

Read More
February 23, 2022
|
By
Luke Richards
Customer Advisory Bulletin: Mitigating, Detecting, and Responding to Russian Cyberactivity

Vectra customers should be aware that current global events related to Russian recognition of separatist regions of the Ukraine carry with them the risk of increased cyber activity conducted by Russian state level actors.  This includes evidence that the FSB, the main Intelligence Organization in Russia, is responsible for the DDoS against Ukrainian systems in February 2022. [1] Credible concern exists that target selection may expand past regional targets to include, for example, politically or economically useful targets in NATO countries.

Read More
December 15, 2021
|
By
Luke Richards
Log4Shell - The Evolution of an Exploit

A few days after the Log4Shell vulnerability was discovered, we now have more observations about how the exploit is being leveraged. Here’s what we know, today.

Read More
December 10, 2021
|
By
Luke Richards
CVE-2021-44228 Log4J Zero Day Affecting… The Internet

A new 0day was discovered in the log4j application on December 10, 2021. This vulnerability impacts a widely used logging solution spanning an incredibly large attack surface.

Read More
July 2, 2021
|
By
Luke Richards
Putting CVE-2021-1675 PrintNightmare to Rest

A new remote code execution vulnerability in Windows Print Spooler, now known as CVE-2021-1675, or PrintNightmare can be exploited by attackers to take control of affected systems. Find out how to detect and stop this exploit with Vectra.

Read More
December 15, 2020
|
By
Luke Richards
SolarWinds Orion Hack: What To Know and How to Protect Your Network

Discover what you need to know about the SolarWinds Orions compromise, how it unfolded and why monitoring users in the cloud is imperative to protect your enterprise.

Read More