Data breach

The recent Microsoft announcement on “Volt Typhoon” activity brings the reality of persistent threat actors back into the spotlight.

Recently, CISA released a new open-source tool named the Untitled Goose Tool that helps organizations investigate threats to Azure AD, M365 and Azure.

After detecting an event in the detection phase of an incident response and analyzing it in the analysis phase — you can use the automated solution for containment of the four supported AWS services.

This blog outlines the intel in the LastPass communiques and enumerates the attacker indicators while framing the discussion around the "Pyramid of Pain".

Recently, we investigated suspicious behavior in an environment where Azure passwordless authentication was set up. Prompting the investigations was several users were hit with unexpected Authenticator app prompts. To their credit, none of the users fell for the ruse or let the attacker in.

Security teams need the right tools to test cloud security controls in ways that emulate real attacker behavior to understand the gaps and ensure they have the proper visibility to stop an attacker.

When a physical threat presents itself, most people will implement protection mechanisms. When warned of an impending hurricane, people will naturally board up their property and take cover. This behavior is conditioned, but why doesn't that conditioning extend to enterprise security programs?

On November 1st 2022, after teasing the main show the week before, OpenSSL released their advisory describing two risks to OpenSSL 3.0.0 - 3.0.6. This was originally teased as a Critical level alert, which would have been the first Critical since 2015, however this was downgraded to a High owing to what OpenSSL describe as "mitigating factors".

Vectra SaaS CTO, Aaron Turner shares how to fix overwhelming security alerts that can cause your SOC team to miss critical threats. See how.

A comprehensive backup strategy is a cornerstone of any DR plan. But how would you distinguish between legitimate backup activity and malicious data exfiltration?

Vectra's latest report on cybersecurity shows: Traditional approaches won't work anymore. Key findings are listed here.

What If there was a Supply Chain Compromise of an IDP? The recent security incident at Okta represents yet another perspective on supply chain compromises. This blog provides perspective on the current situation and mitigation and defense strategies to manage such an event.

Vectra customers should be aware that current global events related to Russian recognition of separatist regions of the Ukraine carry with them the risk of increased cyber activity conducted by Russian state level actors. This includes evidence that the FSB, the main Intelligence Organization in Russia, is responsible for the DDoS against Ukrainian systems in February 2022.

Software attacks with an extortionist background are unfortunately becoming the norm for many companies. But what if automated anti ransomware tools could unmask malware at an early stage and combat them effectively - even before they can cause harm?<br>

A threat-led approach is key to an organisation's security strategy. CISOs should measure security based on their ability to discover if they've been breached, mean time to breach when testing security, or the mean time to detect unknown threats.

When it comes to cyber security, the old adage of "doing the simple things well' is more relevant today than ever before. Three simple principles have been around for decades but they hold true now more than ever because we live in an increasingly cloud-orientated environment where we need to be vigilant at all times.

Ransomware. It is the new digital bogeyman. In the UAE, an industry survey from June 2021showed the extent to which the country (and by implication, the wider region)has been subjected to ransomware. Some 37% of respondents said they had beenvictims in the previous two years. A staggering 84% elected to pay the ransom, only for most of them - 90% of those who paid - to suffer from second attacksthat often came from the same bad actors.

Vectra Detect cybersecurity solution is purpose-built to detect and stop ransomware attacks. The agentless and AI-driven Cognito Platform sees and stops ransomware before it can encrypt files and exfiltrate data by automatically detecting attacker behavior.

T-Mobile investigates a hacker who claims to breach data of 100 million customers. See what possible outcomes this could result in for the telecoms company.

There should be fresh scrutiny of SaaS subscription relationships, and the security policies of managed service providers; you're only as secure as your provider.

Supply chain attacks represent an appealing opportunity for attackers. See why this type of attack is gaining in popularity and what defenders need to know to keep their organization safe.

Cyberattacks are hitting the headlines around the world and there seems to be no end to the noise the attacks are making. We dive into what an organisation should do to stay breached.

The Hafnium campaign is targeting Microsoft Exchange Servers by leveraging several zero-day exploits and allows attackers to bypass authentication, including MFA to access e-mail accounts. Read more about hot to detect and stop the attack with Vectra Cognito.

Vectra researchers have dissected the SolarWinds supply chain compromise from the initial backdoor to the establishment of persistent access in the data center and cloud environments. A specific focus is provided for Microsoft Office 365, which appears to have been a key target.

Learn from Vectra CRO, Marc Gemassmer, what makes the SolarWinds hack unique from other breaches and how network detection and response can help remediate similar attacks in the future.

Discover what you need to know about the SolarWinds Orions compromise, how it unfolded and why monitoring users in the cloud is imperative to protect your enterprise.

Discover new learnings from the FireEye breach, including the objectives of the stolen tools, how those tools would present on the network, and how behavior-based detection can identify their use in an attack.

Learn how to mitigate online shopping threats and keep your personal data safe this holiday season.

With more than 200 million monthly subscribers, Office 365 is a rich target for cybercriminals. Learn why MFA no longer stops attackers in this new cybersecurity landscape but network detection and response can.

The problem of detecting an insider threatbeforeit happens is difficult to solve as the prediction of human behavior itself. Discover how applying a data science approach to detection can reveal clues to catch know and unknown attackers across your enterprise.

Privileged access is a key part of lateral movement in cyberattacks because privileged accounts have the widest range of access to critical information, making them the most valuable assets for attackers. The recent Twitter Hack compromising several high-profile accounts becomes another stark example.

OAuth has become a critical standard for access delegation in apps. However, the increasing incidents involving malicious OAuth apps, particularly in platforms like Office 365, underscore a significant vulnerability. This vulnerability persists even with multi-factor authentication (MFA) measures in place.

Over the past decade, cyber operations have become intertwined with geopolitical conflict. In recent asymmetric campaigns, state-sponsored threat groups have mapped critical infrastructure, disrupted systems, held information hostage, and stolen state secrets as a form of warfare.

Cybersecurity analysts are overwhelmed with security events that need to be triaged, analyzed, correlated and prioritized. If you're an analyst, you probably have some incredible skills but are being held back by tedious, manual work.

Vectra Threat Labs analyzed the WannaCry ransomware to understand its inner workings. They learned that while the way it infects computers is new, the behaviors it performs are business as usual.

Enterprises have a strategy to encrypt everything. With this encryption however, attempts to perform SSL decryption mean there will be large volumes of encrypted data to process.

Security researchers with Vectra Threat Labs recently uncovered a critical vulnerability affecting all versions of <a href="https://www.vectra.ai/news/vectra-networks-discovers-critical-microsoft-windows-vulnerability-that-allows-printer-watering-hole-attacks-to-spread-malware">Microsoft Windows</a> reaching all the way back to Windows 95. The vulnerability allows an attacker to execute code at system level either over a local network or the Internet. As a result, attackers could use this vulnerability both to infect an end-user from the Internet, and then spread through the internal network.

Ransomware is clearly the scourge of 2016. Every week there is a new and notable enterprise-level outbreak of this insidious class of malware-crippling and extorting an ever widening array of organizations.

Security breaches did not stop making headlines in recent months, and while hackers still go after credit card data, the trends goes towards richer data records and exploiting various key assets inside an organization. As a consequence, organizations need to develop new schemes to identify and track key information assets.The biggest recent breach in the financial industry occurred at JP Morgan Chase, with an estimated 76 million customer records and another 8 million records belonging to businesses stolen from several internal servers. At Morgan Stanley, an employee of the company's wealth management group was fired after information from up to 10% of Morgan Stanley's wealthiest clientele was leaked. Even more sensitive was the largest health-care breach thus far: at Anthem, over 80 million records containing personally identifiable information (PII) including social security numbers were exposed. Less well-known, but potentially more costly in terms of damage and litigation is the alleged theft of trade secrets by the former CEO of Chesapeake's Energy (NYSE: CHK).

Keeping data from getting out into the wild or being damaged by cyber attackers is what keeps CISOs, the executive team and boards of directors up at night. To protect organizations, cybersecurity needs to be automated and real-time, it needs to learn contextually like we do and it needs to monitor for threats at every corner of the network in a way that organizations can afford without sacrificing coverage.

Learn why Heartbleed can have longer term implications and why it may be just a matter of time before we see targeted attacks that utilize Heartbleed as one of the weapons in the attackers' arsenal to acquire key account credentials and use those credentials to get to the crown jewels.