Topic
Threat Intelligence
Threat Hunting: DNS Queries Use Case
First published December 2020 In one of our previous Threat Hunting Use Case blogs, Firewall Targeting DNS, we focused on using firewall data to observe outbound DNS (Domain Name System) traffic in an environment to identify threats and potential security hygiene issues. One specific objective involved identifying potential endpoints bypassing internal DNS forwarders, in order to […]
Breaking: How the Conti Ransomware Gang Orchestrates Their Attacks
At ReliaQuest, we constantly monitor the internet for anything that can be used to help our customers make security possible. When the recent “Conti Lessons” leak appeared from what is presumably a disgruntled operator working for the Conti ransomware gang, we quickly grabbed a copy, translated it (big thanks to Oksana!), and got to work […]
Verizon 2021 DBIR: Ransomware Attacks Doubled
If there is one lesson we can take away from 2020 is that we all need to be prepared for the worst. Resilience has emerged as the top skill that people and businesses need to possess not only to survive but also to thrive in a changing and challenging world. Rapid changes require businesses to make rapid but well-informed […]
What Is Ransomware? A Definition and Some History
Ransomware is a piece of malicious software that locks your data until you pay the hacker behind the attack. This is sometimes the creator of the software, but not always. There are off-the-shelf ransomware programs floating around the dark web that even low-skilled bad guys can customize for their own uses. Ransomware can enter your […]
What Is Phishing?
Phishing is the practice of stealing credentials by masking malicious intent behind the appearance of something innocuous. An email that looks like it’s from a social network asking you to reset your password is one of the most common versions. Once a user submits their credentials, attackers then use the victim’s account to spread the […]
Hafnium Zero-day Exploit: Threat Advisory Report
What is Zero-day Exploit? The term “zero day exploit” is defined as an unknown cyber attack that exposes a window of vulnerability, typically on the same day a weakness is discovered in a computer software. A zero day exploit can be difficult to detect and called “zero day” due to the number of days until […]
Detect Solorigate and SUNBURST Attacker Techniques with the MITRE ATT&CK Framework—We’ll Get You Started
As folks are continuing to work to address the Solorigate/ SUNBURST compromise, our team has been mapping the tactics and techniques used by the attackers to the MITRE ATT&CK framework, and building detection content to deploy for our customers. If you haven’t already, please read this blog first to get the basics. What follows is […]
Solorigate, SUNBURST aka FireEye and SolarWinds Compromise – Recommended Actions to Limit Your Exposure
Threat Advisory On December 13th, a disclosure was made for a compromise in the SolarWinds IT Management software suite code base that made a supply chain attack possible for all SolarWinds customers. Attackers implanted backdoors in legitimate, signed DLL files contained in update packages for SolarWinds Orion in March and June of 2020 that were then used to breach customers who upgraded to the affected versions (versions 2019.4 HF 5 […]
Credential Dumping Part 2: Credential Theft Prevention in Windows
Credential theft is part of almost all attacks within a network, and one of the most widely known forms of credential stealing is surrounding clear-text credentials by accessing lsass.exe. However, this is only a piece of the bigger picture of the Windows credential model. In Part 1 of the Credential Dumping Series, I took a closer […]
No results
