Detection Profile: Silent Periodic Activity

One hallmark for many malware events is the regular periodic behavior they present when rallying for and checking in with their command and control servers.  The check-in interval can be a very useful metadata point in hunting an adversary.  However, the constant state of change that attackers can use for their own infrastructure makes this […]

Respond to an Endpoint Threat in 90 Seconds

At Red Canary, we’re always looking to simplify our customers’ security operations. Responding to the confirmed threats you receive from Red Canary is simple: isolate the endpoint, craft a response plan, and execute. Ready? Start the clock. Your Red Canary detections include the buttons: “Isolate Endpoint” and “Respond.” Isolating the endpoint disables all network communication […]

What Red Canary Detects, Part III: Unwanted Software

We produce unwanted software detections primarily because they are indicators of vulnerable system or network configurations. Further, unwanted software almost always arrives as a result of improperly sourced software installed by an end user, and thus its presence indicates that end users have both the technical means and the willingness to execute untrusted code. Why […]

Medical Records are an Attractive Data Theft Target

While news about data breaches is growing disturbingly common, coverage is often focused on financial data – especially credit cards.  An event with direct impact to a large group of victims makes for a popular news topic, of course.  However, another major theft is gaining attention as well.  Personal data – notably medical records – has become […]

“Operation Cleaver” Blade Dulled

“Operation Cleaver” is an attack campaign Cylance details in a new report.  They contend an Iran-based attack group has compromised hundreds of targets in multiple countries and industries.  Regardless of the claims of attribution, the message is clear: well-financed, strategically focused attack groups continue to digitally plunder their targets.  As a community, our decades-old approach to […]

Rapid Detection – CVE-2014-4114, “Sandworm”

This week, iSight Partners and Microsoft announced CVE-2014-4114 – “Sandworm”. While Microsoft has released a patch, exploit activity has already been identified in the wild. Red Canary customers will be pleased to know that within 24 hours of the CVE-2014-4114/Sandworm vulnerability’s announcement, we were successfully detecting the threat on their systems. Our team quickly identified the endpoint observations […]

Point of Sale Compromises: Security at the Speed of Business

Getting your credit card data pilfered at a point-of-sale system (e.g. cash register) is something that happens to someone else. YOU don’t go to dingy restaurants staffed with shifty wait staff and dodgy card-swipe machines; you go to reputable establishments that use systems built by people who know what they’re doing, right?  Consider this: A remote-access attack […]

Endpoint security, or lack thereof

Increasingly you’re hearing more and more folks say this out loud:  Infosec Professionals Don’t Trust Endpoint Security When it comes to endpoint protection, the overwhelming majority of information security professionals believe that their existing security solutions are unable to prevent all endpoint infections, and that anti-virus solutions are ineffective against advanced targeted attacks. Overall, end-users […]

Is cyberinsurance the answer? Don’t count on it

The issue of cyberattack insurance was recently covered in the New York Times. It’s a great read on a number of levels, not the least of which is what a disaster the market is going to be as long as people keep adhering to the status quo. Insurance works because premiums paid by the insured […]

Slandering Andre Maginot

FireEye recently came out with a new report: Cybersecurity’s Maginot Line. It is an excellent report that documents findings from over 1,600 FireEye customers. Some key findings: Nearly all (97 percent) organizations had been breached, meaning at least one attacker had bypassed all layers of their defense-in-depth architecture. More than a fourth of all organizations […]