Articles by category

Handling Ransomware Attacks to Minimize Disaster

Ransomware attacks take place in two phases: access development, then monetization. Stopping cyber attacks while they are still intrusions, and not ransomed data, can prevent data privacy disasters.  Cyber Crime Requires a Division of Labor Cyber attackers take a specialized approach to ransomware development. First, the attacker develops access to a target. Second, the attacker passes the access to ransomware [...]

By |August 16, 2021|Categories: Blog, Technical|Tags: , , |

Cyber Threat Research: Nuclear Power Plant Cyber Attack

In early September 2019, the Kudankulam Nuclear Power Plant in Tamil Nadu,  India suffered a cyber intrusion. On September 3, a local security expert and former member of the Indian signals intelligence agency received a tip that there had been a malware attack and informed the Indian CERT on September 4. Mission Critical Systems Effected by Cyberattack The attack was [...]

By |July 28, 2021|Categories: Blog, Technical|Tags: , , |

2021 Mid-Year Threat Review

As the first half of 2021 comes to a close, I decided to look back at the top 5 threats we detected during this 6-month period.  Every quarter, we produce trend reports for some clients. To do so, we dig back in our incident database to generate reports.  One of our clients (who doesn’t receive a lot of alerts; they [...]

By |July 15, 2021|Categories: Blog, Technical|Tags: , , , , |

Check Your {User} Privileges

User privileges settings in commercial software frequently (and inadvertently) expose your business to privilege escalation attacks. Monitoring for access rights changes can help to proactively mitigate the risks.  The team at CYDEF advocates for the principle of minimum privileges; according to which users should have only the minimal access rights to perform their jobs. A big part of the goal of minimum privileges is to ensure that users do not casually operate their machines with administrator privileges. After all, [...]

By |June 29, 2021|Categories: Blog, Technical|Tags: , , |

ROI of PuP Detection

The security impact of detecting potentially unwanted programs is sometimes fuzzy, but in our experience, it helps reduces help desk costs.  Small Victories: The ROI of PuP Detection  Potentially Unwanted Programs (PuPs) generally have no real security impact. In most cases, they are more of an annoyance than a real threat (even if the threat can be real, as described in [...]

By |June 15, 2021|Categories: Blog, Technical|Tags: , , |

Moral Hazard of Cyber Insurance 

Cyber insurance is not a replacement for harm prevention measures. The prices are high and will continue to go up. Here’s why. While doing research for a customer about trends you can expect for 2021, I found  a number of outlets warning that the cyber insurance market was hardening with rises in premiums. Should we expect this trend to continue or will premiums stabilize? If [...]

By |April 28, 2021|Categories: Blog, Technical|Tags: , , , |

macOS Coverage: Is It Worth It?

With CYDEF’s recent coverage expansion to the macOS platform, we need to address the value of cybersecurity protection for Macs. After all, aren’t Macs completely impervious to security threats? The answer is no of course. So why is the question "Do I need Malware Protection for Mac?" so popular? This post will start by covering the security advantages of the [...]

By |April 12, 2021|Categories: Blog, Technical|Tags: , , , , |

Phishing Campaigns Bypass Reputation Engine

The team at CYDEF observed an increasing proportion of phishing attempts that leverage trusted sites to bypass filtering resources. The following post addresses some of the detected campaigns and addresses security awareness programs.  Phishing Off the River  In recent posts we took an in-depth look at anti-virus bypass, especially living-off-the-land techniques.   The general concept of these techniques is that, by abusing trusted resources, an attacker can capitalize on the trusted resource’s good reputation to execute malicious code.   [...]

By |March 16, 2021|Categories: Blog, Technical|Tags: , , |

Living-Off-The Land Attacks: The Democratization of Cyber Threats

Cyber attacks are not the exclusive realm of sophisticated attackers. These attacks get democratized very quickly.   To illustrate this point, we’ll review a potentially unwanted program (PuP) that uses a clever living-off-the-land attack chain to avoid getting blocked.  Living-Off-the-What-Now?  A living-off-the-land (LoL) attack uses the resources that are already present on a computer to perform malicious actions. Rather than loading additional software on the victim device, LoL attacks craftily repurpose resources to launch an [...]

By |March 2, 2021|Categories: Blog, Technical|Tags: , , |

AV vs EDR: An Introduction to Antivirus Bypass 

Cyber attackers use sneaky tricks to evade detection. This post reviews the classes of attacks that bypass detection. We often interact with customers that are a bit puzzled by what we do.  They already have a cybersecurity software on their endpoint, an AV and a firewall. Why would they need anything more? Preventive vs Detective Security Controls  While AV detects [...]

By |February 16, 2021|Categories: Blog, Technical|Tags: , , , |
Go to Top