The most fundamental truth in information security is that we need smart people to do the most important parts of the job. Regardless of how many racks of servers, gazillions of dollars of software, or dozens of threat intel “feeds” we invest in, they won’t provide the slightest impediment to adversaries without real live humans to run the show. This … Read More
How an IT Service Provider and Red Canary Stopped a Malware Outbreak
A technical account manager recounts how Red Canary partnered with an IT service provider to help one of their customers stop a rapidly spreading network worm. The article goes behind the scenes of the incident response effort and shares best practices to avoid a breach. Most IT service providers can relate to the following scenario: It’s an idle Thursday. You … Read More
When Web Servers Go Cryptocurrency Mining
Miners and canaries have had a long and storied history, but Red Canaries aren’t too fond of miners. Cryptocurrency miners, that is. Recent booms in cryptocurrency values have made cryptocurrency mining an attractive way for anyone with a computer to earn some extra money. The trouble is, the average user would spend more money performing mining activities and paying for … Read More
Cryptocurrency Trends: Will Ransomware Be Overtaken by Miners?
This last year you couldn’t turn on the TV, look at social media, or visit your favorite internet news source without being faced with another story of a ransomware compromise. These attacks are highly destructive and largely driven by financial gain. Threat trends and methods to “make a quick buck” will continue, while new methodologies rise to the forefront. Based … Read More
A Bird’s Eye View: Behind the Scenes of Beastmode
There’s a thing we do at Red Canary called BEASTMODE. No beating around the bush here; it’s a corporate all-hands. On a quarterly basis, the remote teams come to the Denver office and we spend three intense days together. The reason it’s called BEASTMODE is that in the very early days of the company, we’d spend endless hours in a single … Read More
Using Entropy in Threat Hunting: a Mathematical Search for the Unknown
“Antivirus is dead” is a common refrain in the information security space, but if you look below the surface, what it really means is “atomic indicators are dead.” While there is value in static indicators, they are the bare minimum standard for detection these days and suffer from numerous drawbacks. Behavioral indicators are the next level, which use knowledge of … Read More
Call to Arms: 4 Things Everyone in InfoSec Should Stop Doing Right Now
While I’ve always been passionate about working in InfoSec, I can’t help but feel jaded about the way our industry approaches some things. We run around pointing fingers at each other with slander marketing, we use Twitter as an intel sharing platform, and we cry out that the sky is falling every time a researcher posts a new post exploit … Read More