Blog
Ransomware: Catch me if you can.
Ransomware demand in 2016 was around a billion dollars[1]. WannaCry[3] was the recent ransomware campaign that spread across 150 countries affecting 200,000 users. It is estimated that in 2017[2], damages due to ransomware will exceed $5 billion. Modern defenses make...
The Industry’s First “Deception 2.0 for Dummies” Book
Since the dawn of time, deception has been used in nature in various forms as a successful survival strategy and has played an important role in the physical and behavioral adaptations of all organisms. Humankind, with its higher cognitive ability, has successfully...
WannaCry Ransomware Analysis: Lateral Movement Propagation
Acalvio Threat Research Labs The WannaCry ransomware attack has made front page news around the world, with at least 150 countries and 200,000 customers affected [2]. Because WannaCry makes use of a largely unpatched Windows exploit for lateral movement, it is able to...
How to outfox Shamoon? Put Deception to work!
Acalvio Threat Labs Shamoon is one of the critical threats that has been able to penetrate traditional defenses successfully not once, twice, but thrice - in 2012, 2016 and 2017. The main purpose of Shamoon Threat Actor was the destruction of the endpoint computers...
If Deception is so Great, Why Isn’t Everyone Doing it?
Using deception as a threat detection solution would seem to be a no-brainer: It can detect malware at multiple points in the kill chain, with no false positives and no modifications or impact to production systems. Everyone must be doing it you would think....
Deception in Depth: A Novel, Effective Way to Mitigate Attacks from the Inside
Recently, an interesting survey pointed out that malware attacks are going fileless. In some cases, this means even using an internal employee to help with the process. For example, the attack on the Bank of Bangladesh and you quickly realize that advanced attackers...
Hiding in Plain Sight: How to Operationalize Deception for Security Teams
Honeypots. Just those three syllables are enough to cause instant nausea with a cyber security professional. Why? Honeypots are hard to operationalize into an effective, easy to use and consistent defense. But times are changing with the proliferation of deception...
Honeypots are dead! Long live Honeypots (Part4…The Crystal Ball)
Self healing system capabilities, specifically analysis and intelligence shared between Acalvio instances so you end up with a worst case scenario of only company1 getting hit, companies 2,3,4 have automatically learned from company1. IoT, V2V, V2X etc. This...
2017 Predictions AND “wants”
Going to do this one a little differently, part of it is going to be the typical “throw the crystal ball over the shoulder” stuff that we all do…although honestly JUST going to 2017 is not far enough for some of the stuff we are working on…and the other part of this...