Blog Archives - Acalvio

Detection of Prevalent Threats by Distributed Deception

by Abhishek Singh | Apr 2, 2018

Today’s breaches are overwhelmingly carried out in a series of sophisticated, multi-stage attacks. The stages of such attacks can best be described by a “Cyber Kill Chain,” which as per MITRE ATT&CK Adversary Tactic Model [1] breaks down cyber intrusions into the...

A Game Between Adversary and Defender

by Satnam Singh | Mar 1, 2018

The motivation for this blog is a question that has been circling in my head for a long time, and I have asked this question to many security analysts: Have they played a game with an adversary? or in other words – Have they engaged with an adversary? I got...

WannMine – Lateral Movement Techniques

by Abhishek Singh | Feb 23, 2018

Acalvio Threat Research Labs Introduction: Cryptominer is quickly becoming one of the greatest threats that is facing our industry. Similar to ransomware, it provides an easy avenue for a threat actor to monetize his/her skills. In one of the earlier blogs, we...

Technical Analysis of Samsam Ransomware.

by Abhishek Singh | Jan 24, 2018

Ransomware continues to represent the most critical threat facing organizations in 2018. In the latest breaches at Hancock Memorial Hospital, Adams Memorial Hospital, and Allscripts, SamSam ransomware was used to encrypt the files. In this blog, we dive into the...

Ransomware Command and Control Detection using Machine Learning

by Satnam Singh | Jan 15, 2018

Authors: Deepak Gujraniya, Mohammad Waseem, Balamurali AR, and Satnam Singh Since the first attack in 1989 [1], ransomware attacks have gained popularity. Especially in 2017, it has created havoc in every possible industry, including the government offices,...

Lateral Movement analysis of Zealot Campaign and its detection by Distributed Deception Architecture.

by Abhishek Singh | Jan 12, 2018

Acalvio Threat Research Labs Web Servers are becoming one of the entry vectors in breaches. In the last blog, I had shared the details of deception based architecture to prevent breaches involving web server as an entry vector. In this blog, we take Zealot campaign...