Threat Insights

The State of Security

• VelvetSweatshop Technique Used by Attack Campaign to Deliver LimeRAT April 1, 2020
  An attack campaign leveraged the Excel VelvetSweatshop encryption technique to deliver samples of the LimeRAT malware family. According to Mimecast, those responsible for this attack campaign turned to VelvetSweatshop to enhance the efficacy of their efforts. Nefarious individuals have a history of using a password to encrypt malicious Excel spreadsheets. Doing so helps their attack […]
• The MITRE ATT&CK Framework: Execution March 31, 2020
  Of all the tactics that an adversary will take on in their campaign, none will be more widely abused than Execution (https://attack.mitre.org/wiki/Execution). When taking into consideration off-the-shelf malware, traditional ransomware, or state-of-the-art advanced persistent threat actors, all of them have execution in common. There’s a great quote from Alissa Torres which says, “Malware can hide, […]
• Are You Ready for the Remote Work’s Toll on Corporate Security? March 31, 2020
  Given the situation that many companies, organizations and government agencies have been forced into working remotely due to COVID-19, it is imperative to give some thought about corporate security. Using a VPN for New Stay-at-Home Workers Millions of employees are now working from the confines of their own homes in an effort to keep businesses […]
• COVID-19 Scam Roundup – March 30, 2020 March 30, 2020
  Many in the digital security community are coming together to combat malicious actors during the coronavirus disease 2019 (COVID-19) global outbreak. One of the most visible of these new efforts is the COVID-19 CTI League. Made up of approximately 400 volunteers living in approximately 40 countries, the COVID-19 CTI League is working to block attackers […]
• Mr and Mrs CISO: Security in the Age of the Lockdown March 30, 2020
  With so many of us frantically learning to juggle our roles as parents, workers and most recently teachers; is it just my wife and I who feel it necessary to monitor the online activity of our teenagers during this lockdown? Sure, there’s rich educational content out there, but it sits amongst social networks, streaming services, […]
• Now Is the Time to Get up to Speed with CMMC and SP 800-171 Rev 2 March 30, 2020
  At the beginning of March 2020, Fifth Domain reported that Colorado-based aerospace, automotive and industrial parts manufacturer Visser Precision LLC had suffered a DoppelPaymer ransomware infection. Those behind this attack ultimately published information stolen from some of Visser’s customers. Those organizations included defense contractors Lockheed Martin, General Dynamics, Boeing and SpaceX. As the attack discussed […]
• Tupperware Website Compromised with Credit Card Skimmer March 27, 2020
  Digital attackers compromised the website of kitchen and household products manufacturer Tupperware with a credit card skimmer. On March 20, researchers at Malwarebytes observed that attackers had compromised tupperware[.]com by hiding malicious code within an image file. This code activated when a user attempted to check out and complete their purchase on Tupperware’s online store. […]
• Third-party data breach exposes GE employees’ personal information March 26, 2020
  Past and present employees of General Electric (GE) are learning that their sensitive information has been exposed by a data breach at a third-party service provider. Fortune 500 company GE says it was recently informed of a security breach at one of its partners, Canon Business Process Services. According to GE, between approximately February 3 […]
• Industrial Entities in Middle East Targeted by WildPressure APT Operation March 26, 2020
  A newly detected advanced persistent threat (APT) operation called “WildPressure” targeted industrial organizations and other entities in the Middle East. Researchers at Kaspersky Lab observed WildPressue distributing samples of a fully operation trojan written in C++ called “Milum.” With timestamps dating back to March 2019, these samples didn’t share code or targets with any known […]
• The Future is Hybrid: Practicing Security in the Hybrid Cloud March 26, 2020
  By now, many organizations have adopted the cloud in some way. We saw organizations moving whole servers over to the cloud at the beginning, but now we see small parts of a system being moved to the cloud and new cloud native offerings. We’ll use the analogies of Lincoln Logs and Legos to describe these […]