As cloud use grows, agencies must refocus cyber efforts on network detection, response
It’s no surprise to anyone that the recent SolarWinds breach is requiring agencies to rethink their approach to cybersecurity. In many ways, it’s forcing all organizations—public and private sector—to reconsider how they perform network detection and response. Modern attackers, like those who are responsible for the SolarWinds attack, aren’t relying on these former practices of trying to inject malware or get users to click on links.
How Bad Actors Are Now Using Vishing
The FBI has released a private industry notification detailing how cybercriminals have been exploiting network access and escalating network privilege. As remote work has become the norm during the pandemic, many companies have adapted to changing environments and technologies. Due to this, network access and privilege escalation may not be monitored as closely.
What could the Biden presidency mean for cybersecurity?
The Biden administration begins at a time when cyberattacks against the US public and private sector are at an all-time high, meaning those in the cybersecurity community and beyond will be keenly watching to see what changes are brought about by the change of leadership and its strategy for protecting against nation-state attacks.
New Malware Discovered in SolarWinds Investigation
The malware, Raindrop is a loader which delivers a payload of Cobalt Strike. Raindrop is very similar to the already documented Teardrop tool, but there are some key differences between the two. Our head of security analytics, Chris Morales, shares that we are now getting into the semantics of minutia of how different malware worked so they can be named and detected with a signature. This is all great after the fact once we already know the attack occurred, however, it did not help when it mattered most.
#Inauguration2021: Cyber-Experts React as Joe Biden Set to Become 46th US President
Experts in the cybersecurity field have commented on the key cybersecurity matters that are likely to play pivotal roles in the Biden/Harris administration over the next four years. Biden therefore has a huge amount of work to do in the cybersecurity area, with attacks at an all-time high against the US public and private sector, says Chris Morales, our head of security analytics.
Researchers Find New Form of Malware Used in the SolarWinds Attack
Detailed Monday by researchers at Symantec, the malware, dubbed “Raindrop,” is a loader designed to deliver a payload of Cobalt Strike. That’s a form of penetration testing software favored by hackers which leaked online in November.
SolarWinds Attack Underscores 'New Dimension' in Cyber-Espionage Tactics
The complex cyberattack campaign against major US government agencies and corporations including Microsoft and FireEye has driven home the reality of how attackers are setting their sights on targets' cloud-based services such as Microsoft 365 and Azure Active Directory to access user credentials — and ultimately the organizations' most valuable and timely information.
FBI Warns of Increase in Vishing Attacks
The FBI is warning that hackers are increasingly using voice phishing, or vishing, to target remote workers as a way of harvesting VPN and other credentials to gain initial access to corporate networks.
Incoming Biden administration looks to shake up US cybersecurity policy
With cyber-attacks against the US public and private sector at an all-time high, as evidenced by the recent SolarWinds supply chain hack, the incoming Biden administration has a huge amount of work to do in the cybersecurity arena.
2020’s biggest AI stories
Unlike prior decades, the penetration of AI into society and the promise of attainable pragmatic solutions seems likely to sustain AI progress for the foreseeable future. The predictions focus primarily on key learnings from the past year, as well as anticipated trends and areas of clear business necessity.
CISA Aware of Several Cyberattacks Against Various Organizations’ Cloud Services
The Cybersecurity and Infrastructure Security Agency (CISA) announced that it is aware of several recent successful cyberattacks against various organizations’ cloud services. Threat actors are using phishing and other vectors to exploit poor cyber hygiene practices within a victims’ cloud services configuration.
CISA Says Multiple Attacks on Cloud Services Bypassed Multifactor Authentication
The Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday said it discovered several recent successful cyberattacks against the cloud services of multiple organizations, offering guidance on how security teams can bolster associated security. CISA said in its report that threat actors have used a variety of tactics and techniques—including phishing, brute force login attempts, and possibly a so-called “pass-the-cookie” attack that bypassed multifactor authentication to exploit cloud security weaknesses.
CISA Warns of Surge in Attacks Targeting Cloud Services
CISA reports in an alert issued Wednesday that attacks targeting cloud services have steadily increased since many organizations switched to a largely remote workforce as a result of the COVID-19 pandemic, with employees using a mix of corporate-owned and personal devices to access these services. Attackers are taking advantage of lax security practices, such as weak passwords and workers accessing data from unsecured laptops.
US Government Warns of Cyberattacks Targeting Cloud Services
Organizations with remote workers who use cloud-based services are being warned of several recent successful cyberattacks against those services. Vectra's Tim Wade discusses an organization's ability to quickly zero in on an active risk and then take appropriate action to reduce the impact.
CISA: Hackers Bypassed MFA to Access Cloud Service Accounts
In a new alert, the Cybersecurity and Infrastructure Security Agency (CISA) announced that it is aware of several recent successful cyberattacks against various organizations’ cloud services. Threat actors are using phishing and other vectors to exploit poor cyber hygiene practices within a victims’ cloud services configuration.
Google: Attacker ‘Likely’ Had Access to Android Zero-Day Vulnerabilities
Google’s Project Zero on Tuesday introduced a six-part series that offers an analysis of four zero-day vulnerabilities on Windows and Chrome, and known-day Android exploits it found during the team’s extensive research last year.
US Issues Warning Over Recent Cyberattacks Targeting Cloud Services
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency today issued a warning concerning several recent cyberattacks targeting various cloud services.
Sunspot Malware Scoured Servers for SolarWinds Builds That it Could Weaponize
Forensic investigators have discovered a novel malware program used in the SolarWinds supply-chain attack – one designed specifically to seek out developers’ builds of the SolarWinds Orion IT management platform and then replace a source file with the Sunburst backdoor.
Mimecast certificate compromised by a threat actor
A Mimecast-issued certificate provided to certain customers to authenticate Mimecast Sync and Recover, Continuity Monitor, and IEP products to Microsoft 365 Exchange Web Services has been compromised by a sophisticated threat actor. Oliver Tavakoli, CTO, says that all of the organization’s digital certificates (ones the organization owns and has private keys for) should be destroyed and recreated in this instance.
Breadth vs Depth: Attacker behaviour detection
Any piece of cloud service, software or hardware could represent a way into the system if a new vulnerability is discovered by hackers. Cyber criminals are continually looking for new exploits, producing new strains of malware or tinkering with existing strains just enough to alter their threat profile and evade signature-based detection solutions. Tactics have also evolved at a rapid pace, from the use of social engineering techniques in the initial attack to methods for evading detection once a network is compromised.
Hackers Compromise Mimecast Certificate Used to Connect to Microsoft 365
A security certificate issued by Mimecast Services Ltd. that’s used to authenticate some of the company’s products with Microsoft Corp. 365 Exchange Web Services has been hacked. Oliver Tavakoli, our CTO, shared his thoughts about how attackers can use the private key to perform any actions that the certificate entitles.
Researchers See Links Between SolarWinds Sunburst Malware and Russian Turla APT Group
Researchers at Kaspersky said they found code similarities between the Sunburst malware deployed on SolarWinds Orion servers and known versions of Kazuar backdoors linked to the Russian APT group Turla. Oliver Tavakoli, chief technology officer at Vectra, added that these types of findings reinforce the fact that attackers don’t reinvent their attack methodologies and tools from scratch.
2020’s Biggest Stories in AI
2020 provided a glimpse of just how much AI is beginning to penetrate everyday life. It seems likely that in the next few years we’ll regularly (and unknowingly) see AI-generated text in our social media feeds, advertisements, and news outlets. The implications of AI being used in the real world raise important questions about the ethical use of AI as well. Christopher Thissen, Ben Wiener, and Sohrob Kazerounian from Vectra share their insights.
US intelligence agencies say Russian threat actors are likely behind SolarWinds hack
The National Security Council (NSC) staff released an update regarding its investigative and mitigation efforts of the recent cybersecurity incident involving federal government and private companies. The NSC stood up a task force known as the Cyber Unified Coordination Group (UCG), composed of the FBI, CISA, and ODNI with support from NSA to coordinate the investigation and remediation of this cyber incident.
Vectra: What the cybersecurity industry can expect in 2021
Oliver Tavakoli, our CTO, looks back to the year that was and shares insights into the year to come for the cybersecurity landscape.