IResponse to IEncrypt
Guardicore Labs provided assistance in a ransomware investigation. We analysed the decryption process of the IEncrypt ransomware and provided a safe-to-use version of the attackers’ decryptor.
Posts
SambaCry, the Seven Year Old Samba Vulnerability, is the Next Big Threat (for now)
The Samba team released a patch on May 24 for a critical remote code execution vulnerability in Samba, the most popular file sharing service for all Linux systems. Samba is commonly included as a basic system service on other Unix-based operating systems as well.
This vulnerability, indexed CVE-2017-7494, enables a malicious attacker with valid write access to a file share to upload and execute an arbitrary binary file which will run with Samba permissions.
Musing on Ransomware and Other Sophisticated Attacks
Everyone has something to write about ransomware. One can not open a mobile device or a news site without getting notification about some new ransomware-related content. There’s a good reason: The recent events, media attention and to a certain degree, the public’s panic around the WannaCry ransomware attack are driving a lot of interest and even increase the […]
Ransomware Attacks Targeted Hundreds of MySQL Databases
Hundreds of MySQL databases were hit in ransomware attacks, which were described as “an evolution of the MongoDB ransomware attacks” in January, there were tens of thousands of MongoDB installs erased and replaced with ransom demands. In the new attacks, targeted MySQL databases are erased and replaced with a ransom demand for 0.2 bitcoin, which is currently equal to about $234.
0.2 BTC Strikes Back, Now Attacking MySQL Databases
Last week we first tweeted that the GuardiCore Global Sensor Network (GGSN) has detected a wide ransomware attack targeting MySQL databases. The attacks look like an evolution of the MongoDB ransomware attacks first reported earlier this year by Victor Gevers. Similarly to the MongoDB attacks, owners are instructed to pay a 0.2 Bitcoin ransom (approx. $200) to regain access to their content. We saw two very similar variations of the attack using two bitcoin wallets. In this post we will describe in detail the attack flow and provide some recommendations on how to protect your databases from similar attacks along with attack IoCs. Read more
GuardiCore Expands Threat Detection and Response Capabilities to Cover More Attack Types Aimed at Data Centers and Clouds
Adds Reputation Services, Ransomware Mitigation and Intuitive Segmentation Policy Creation to Award-Winning GuardiCore Centra™ Security Platform
San Francisco, CA and Tel Aviv, Israel – GuardiCore, a leader in data center and cloud security, today announced it has expanded the threat detection capabilities of its Centra Security Platform to now include reputation analysis and ransomware mitigation, enabling its customers to more quickly detect active breaches, including ransomware attacks and dormant or hidden threats lurking in modern data centers and clouds.
Four Good Reasons to Visit GuardiCore at RSA Conference 2017
GuardiCore is changing the way organizations secure their internal data centers and clouds, with cutting edge technology that helps our customers rapidly detect and respond to active breaches. We would love the opportunity to show you how. Yes, we know everyone at RSA is busy. An overwhelming number of vendors. Too many meetings. Late night after-hour parties. But while you are there, we encourage you to take 15 minutes to visit us in booth #N4321. Here are four good reasons why.
Advanced Data Centre Security the Key for Under Fire Transport Sector
Cyber attacks against the transport sector are nothing new. Those of you with long memories will recall how the SoBig virus caused major disruption to the US rail network all the way back in 2003. But the sheer breadth and persistence of threats facing the industry today is largely unprecedented. Just recently San Francisco’s “Muni” transport agency was on the receiving end of a ransomware infection which caused Muni to take its payment systems offline for two days, allowing Muni riders to travel for free, costing the transportation system a few days of lost revenue.
It’s yet another reminder that when it comes to transportation, attacks on the data centre must be detected and remediated as quickly as possible to minimise their impact.
What’s Behind the Continuous Increase in Breaches?
This is part 3 of a 4-part series examining data breaches, what they cost, why they are increasing in frequency, and what you can do about them.
In our September 6, 2016 post, we broke down the issue of dwell time, and its impact on the financial impact of a breach. In this blog we look at what’s behind the continuous increase in breaches.
Centra Celebration
East West traffic at a glance
The first week of July provides a great opportunity to celebrate.
At GuardiCore we like to celebrate, especially with new releases and product achievements. Several weeks ago we started deploying the latest version of our flagship product Centra, with first controlled upgrades taking place for our SaaS customers. The new Centra 2.0 release 16 is loaded with great and many enhancements, including important Reveal features. For those of you who were unable to review the upgrade or read the entire release notes, here’s a very short list:
We introduced major enhancements to Reveal to better handle large data center scale flow analysis and advanced queries (check this cool video here).
Reveal now includes numerous new filtering methods to allow you to quickly get to what matters most: Detect applications, find anomalies or make sure that only allowed connections are made between servers. Reveal data center process level flows can be filtered by applications, asset names, port numbers, ESX folders, inbound and outbound Internet connections, user-defined labels and more.