Deception Deployment Strategies : Threat Agnostic vs. Service Agnostic

Deception Deployment Strategies : Threat Agnostic vs. Service Agnostic

 In our previous blogs[1][2], we have shared details of detection of breach campaigns and worms by using Deception. A  Distributed Deception Platform (DDP) consists of the breadcrumbs and lures at the endpoint pointing to the honey services in the network. The DDP can...
Detection of  Breach Campaigns by using Distributed Deception

Detection of Breach Campaigns by using Distributed Deception

Today’s breaches are predominantly carried out in a series of sophisticated, multi-stage attacks. The stages involved in such an attack can best be described by a “Cyber Kill Chain”. This, as per MITRE ATT&CK Adversary Tactic Model [11] breaks down cyber...
Detection of Prevalent Threats by Distributed Deception

Detection of Prevalent Threats by Distributed Deception

Today’s breaches are overwhelmingly carried out in a series of sophisticated, multi-stage attacks. The stages of such attacks can best be described by a “Cyber Kill Chain,” which as per MITRE ATT&CK Adversary Tactic Model [1] breaks down cyber intrusions into the...
A Game Between Adversary and Defender

A Game Between Adversary and Defender

The motivation for this blog is a question that has been circling in my head for a long time, and I have asked this question to many security analysts: Have they played a game with an adversary? or in other words – Have they engaged with an adversary? I got...
WannMine – Lateral Movement Techniques

WannMine – Lateral Movement Techniques

Acalvio Threat Research Labs Introduction: Cryptominer is quickly becoming one of the greatest threats that is facing our industry. Similar to ransomware, it provides an easy avenue for a threat actor to monetize his/her skills. In one of the earlier blogs, we...
Technical Analysis of Samsam Ransomware.

Technical Analysis of Samsam Ransomware.

Ransomware continues to represent the most critical threat facing organizations in 2018. In the latest breaches at Hancock Memorial Hospital, Adams Memorial Hospital, and Allscripts, SamSam ransomware was used to encrypt the files. In this blog, we dive into the...