Acalvio Staging

Category: Blog

  • WannaCry Ransomware Analysis: Lateral Movement Propagation

    WannaCry Ransomware Analysis: Lateral Movement Propagation

    Acalvio Threat Research Labs The WannaCry ransomware attack has made front page news around the world, with at least 150 countries and 200,000 customers affected [2]. Because WannaCry makes use of a largely unpatched Windows exploit for lateral movement, it is able to spread rapidly once it penetrates an organizationbs network. In this blog we […]

  • How to outfox Shamoon? Put Deception to work!

    How to outfox Shamoon? Put Deception to work!

    Acalvio Threat Labs Shamoon is one of the critical threats that has been able to penetrate traditional defenses successfully not once, twice, but thrice – in 2012, 2016 and 2017. B The main purpose of Shamoon Threat Actor was the destruction of the endpoint computers by wiping the Master Boot Record (MBR), rendering them unusable. […]

  • If Deception is so Great, Why Isn’t Everyone Doing it?

    Using deception as a threat detection solution would seem to be a no-brainer: B It can detect malware at multiple points in the kill chain, with no false positives and no modifications or impact to production systems. B Everyone must be doing it you would think. B However, the reality is that deception isnbt widely […]

  • Deception in Depth: A Novel, Effective Way to Mitigate Attacks from the Inside

    Recently, an interesting survey pointed out that malware attacks are goingB fileless.B In some cases, this means even using an internal employee to help with the process. For example, the attack on the Bank of Bangladesh and you quickly realize that advanced attackers continue their rapid evolution from amateur to professional.B What can enterprises do? […]

  • Hiding in Plain Sight: How to Operationalize Deception for Security Teams

    Honeypots. Just those three syllables are enough to cause instant nausea with a cyber security professional. Why? Honeypots are hard to operationalize into an effective, easy to use and consistent defense. But times are changing with the proliferation of deception technologies (Gartner tracked 16 vendors in a September 2016B report). Can deception be easily rolled […]

  • Honeypots are dead! Long live Honeypots (Part4b&The Crystal Ball)

    Self healing system capabilities, specifically analysis and intelligence shared between Acalvio instances so you end up with a worst case scenario of only company1 getting hit, companies 2,3,4 have automatically learned from company1. IoT, V2V, V2X etc. This technology, unlike traditional honeypots is NOT contained solely to the standard enterprise environments. Your data is NOT, […]

  • 2017 Predictions AND bwantsb

    2017 Predictions AND bwantsb

    Going to do this one a little differently, part of it is going to be the typical bthrow the crystal ball over the shoulderb stuff that we all dob&although honestly JUST going to 2017 is not far enough for some of the stuff we are working onb&and the other part of this is simply a […]

  • Honeypots are dead! Long live Honeypots (Part3b&The Futurebs Just Changed)

    In days gone past (and arguable in the current timeline we occupy) I would simply launch from the existing machine like an Olympic diver off the high board and go about my merry way for an bindustrial averageb of 200 days or thereabouts before ANYONE even knows or detects my presence. Thatbs 200 days of […]

  • Looking Deeper into a Multi Stage Attack

    Looking Deeper into a Multi Stage Attack

    The majority of todaybs breaches are comprised of sophisticated multi-stage attacks. B The stages of such attacks can best be described by a bCyber Kill Chainb, which breaks down cyber intrusions into the following steps: B Recon B b Weaponize b Deliver b Exploit b Install b Command & Control b Action. B B Most […]

  • Honeypots are dead! Long live Honeypots (Part2b&Landed, Now What?)

    Quick Recap: Initial Reconnaissance – Complete Initial Compromise – Complete Establish Footholds – Now Escalate Privileges Additional Reconnaissance where we will move laterally and continue to maintain presence Complete   We now need to maintain presence on the initial system through one of several methods listed below (we have taken the favorite ones from the […]