In July 2015, following weeks of research, we identified a trend in ransomware attacks. The question we then posed was “Is it a possible scenario that ransomware campaigns become a significant threat to enterprises, and take control over large Data Centers?” You can read more about it in Misha’s blog regarding Data Center Ransomware. Unfortunately, less than a year later, our prophecy is becoming a reality. No, Israel’s power grid wasn’t hacked, but ransomware hit Israel’s Electric Authority. No, Los Angeles County health department wasn’t closed but it was targeted in ransomware attack. Yes, other ransomware attacks are able to shut down the network and Data Centers, “forcing the hospital to return to pen and paper for its record-keeping”. Read more
“The big question you need to think about is if you have an intrusion somewhere in your network, can you then defend against this lateral movement?” – Rob Joyce, Chief of the TAO
Rob Joyce, head of the NSA’s Tailored Access Operations (TAO) elite division, recently spoke to a large audience at the Usenix Enigma security conference in San Francisco. Joyce talked about TAO’s process for exploiting victim networks. This was the first public talk made by any member of the NSA’s team which is considered among the best cyber-warfare intelligence gathering organization in the world.
Illegal mining is a serious problem in the real world. Lately, it has also become popular with cyber attackers who manage to mine digital currency through untargeted attacks. Untargeted attacks are a common problem, not as attention grabbing as APTs, but still responsible for a large percentage of attacks. In this post, using Guardicore’s Data Center Security Suite, we’ll take a look at yet another type of untargeted attacks, as we first reported with Alex. Our attacker “galaden666” is a Ukrainian gamer who makes money by mining a new digital currency called Litecoins (a variant of Bitcoins) on compromised servers by stealing their CPU cycles.
On December 17th, 2015 Juniper issued an advisory indicating that they had discovered unauthorized code in the ScreenOS software that powers their Netscreen firewalls. This advisory covered two distinct issues; a backdoor in the VPN implementation that allows a passive eavesdropper to decrypt traffic and a second backdoor that allows an attacker to bypass authentication in the SSH and Telnet daemons. There are speculations that the backdoor was installed by “State Sponsored” actors. Shortly after Juniper posted the advisory, an employee of Fox-IT stated that they were able to identify the backdoor password in six hours. (So much for Government efficiency hiding their actions)
How do you detect a security breach inside your network? How do you collect the necessary intelligence to protect your assets properly? Sun Tzu, author of The Art of War, said that convincing your opponents to unveil their identity without knowing that they are being watched is one of the most important keys to winning a war. Attack deception is one of the best techniques to make attackers unveil their identity and gain valuable intelligence. While it is not new, advanced attack deception methods take advantage of Sun Tzu’s strategy.
Opportunistic hackers are far from the limelight these days but they still exist and can cause large amounts of damage if they manage to break into your systems. We’ve recently observed our Data Center Security Suite catch such a hacker, an “Alex” from Romania who has kindly enough supplied his own name and private domain for publicity.
So, VMworld Europe just concluded last week and certainly there was a lot to talk about, from hybrid clouds, VMware’s acquisition of Boxer, Dell’s acquisition of EMC and how this affects VMware (it doesn’t according to Dell CEO Michael Dell), VMware CEO Pat Gelsinger’s keynote where he highlighted the five imperatives of the digital business and also called out of some enterprises for lack of agility (“Elephants must learn to dance”) and of course, security, which seemed to be integrated into almost every topic at the event.
Today we announced the general availability of the GuardiCore Data Center Security suite.
We are very excited to bring our solution to market, and feel we will be able to provide much needed help for organizations that are struggling to withstand the onslaught of cyber attacks.
Last week our team, myself included, participated in the CloudStack Collaboration Conference ( CSCC) that took place in Dublin, Ireland. About 200 attendees enjoyed a well-organized event during a non-typical Irish weather (sunny, no rain).
As a bonus, the local team won the UEFA EURO soccer match against the strong German team.