Cryptolocker has been in the news so frequently recently that it has become a household name, but this is just one variant of a type of malware that has existed for a while now and dubbed ransomware. Encrypting a user’s data and holding it for ransom until money is sent via Bitcoin or other difficult-to-trace methods, this software preys on the average home user as well as businesses. Data such as photos, PDF files, and text documents are taken hostage and a countdown is provided; if money is not sent in time, the information may be gone forever. What can you do to protect yourself?
In open environments, such as those within Higher Education, the balance of security and a culture of accessibility becomes very difficult to master. As demonstrated in the recent incident at Case Western Reserve University, students who were studying in a common area that was open to the public during the day, were robbed at gunpoint. This raised concern for many and posed the question: How can organizations create an open culture, while maintaining a strong security governance program?
Begin blog: 16:10 EST, Restarting Windows Server 2012
For whatever reason, I used to always manage to click the wrong option when I was asked to do something in FTK Imager at my college internship. Somehow the person I was working under did not completely give up on me, but it did inspire me to do a quick rundown of your various options if you are trying to get started with something in the program.
In a recent whitepaper released on June 30 by Symantec, they report a new on-going, sophisticated cyber espionage campaign targeting the Western Energy sector. This campaign targets energy grid operators, major electricity generation firms, petroleum pipeline operators and energy Industrial Control Systems (ICS) equipment manufacturers located in the United States, Spain, France, Italy, Germany, Turkey, and Poland. The group of hackers launching this campaign have dubbed themselves as “Energetic Bear” and “Dragonfly”. It is assumed by some that Energetic Bear is state-sponsored by Russia, but this is still an allegation. If these allegations are correct, it would be the first report of Russia cyber espionage against U.S. and European energy companies.
Begin Blog: 1:44pm EST, Shutting down Windows 7 Professional Edition
Step with me into Bizarro World for a moment, because we are going to pretend that for some reason you have a physical memory image from a system. Someone wants you to identify if there is anything fishy going on with it and what it is. On top of that, you have to find it before a laptop reboots. It is best not to ask questions, let us roll.
Welcome to the new series-based blog that provides our consultants something to do when powering up lab and analysis systems running *certain versions of operating systems. These are quick-hitting blogs that provide insight to current things we’re investigation or analyzing, or neat tricks and solutions we have come up with to answer sometimes crazy problems, or really any musings that are appropriate. Our goal: is it really possible to finish a blog before a system reboots? So, when you are waiting on your system to cycle, jump on a Linux box and read a blog!
Begin Blog: 2:44pm EST, Shutting down Windows Server 2008, R2
I was asked today, “How can Data Classification help?”; hmm, this is such a broad question so I decided to approach how this program can help with the incident response processes.
Each year SecureState’s Attack and Defense Team conducts hundreds of Penetration Tests in a wide variety of industries, ranging from Healthcare to Retail, Finance to Manufacturing, and many more. Our team analyzed data collected from each of our penetration tests since 2011 and found common themes in the methods of compromise utilized by SecureState to break into organizations and compromise sensitive information. As a result, SecureState has issued a new report that expands on the attack vectors identified and suggests ways organizations can defend themselves against such attack vectors.
Begin Blog: 13:20 EST; Shutting down Windows 7 Professional Edition
The reason for today’s restart is that I was attempting to backup data to one of our network drives when I discovered that I could not connect to any of them. On any networks. Given that I had not restarted my box for a while, I figured I would restart and see what happens next. On that topic – I think we all know by now that we should be backing up our data regularly but not everyone knows where to start.
As with dieting, the best backup routine is one that you will stick to: I’d rather you have something that’s maybe not as ironclad (no carbs EVER), but that you will do on a regular basis (eat mostly good things, with occasional ice cream and cookies and cake and why did I write this hungry.) Basically, we are going to do a quick rundown of how to decide what backup solution might be right for you.
Begin Blog: 10:54am EST
I cannot remember the last time I actually reviewed FTP logs…. The layout of the ISS FTP log format (W3C) is well documented, but that was not the issue today. We are reviewing about two months’ worth of logs to try to organize and understand what happened, which was not intuitive at first. Here are my notes on how I went about parsing and presenting these logs: