A new study conducted by Uptycs has uncovered a stark increase in the distribution of information stealing (a.k.a. infostealer or stealer) malware. Incidents have more than doubled in Q1 2023, indicating an alarming trend that threatens global organizations. According to the new Uptycs' whitepaper, Stealers are Organization Killers, a variety of new info stealers have emerged … [Read more...] about How to Detect this Silent Threat
Detect
How to Detect and Prevent impacket’s Wmiexec
Impacket, an open source collection of Python modules for manipulating network protocols, contains several tools for remote service execution, Windows credential dumping, packet sniffing and Kerberos manipulation. CrowdStrike Services has seen an increased use of Impacket’s wmiexec module, primarily by ransomware and eCrime groups. Wmiexec leaves behind valuable forensic … [Read more...] about How to Detect and Prevent impacket’s Wmiexec
Detect domain generation algorithm (DGA) activity with new Kibana integration
Searching for a way to help protect your network from potential domain generation algorithm (DGA) attacks? Look no further — a DGA detection package is now available in the Integrations app in Kibana. In a single click, users can install and start using the DGA model and associated assets, including ingest pipeline configurations, anomaly detection jobs, and detection rules. … [Read more...] about Detect domain generation algorithm (DGA) activity with new Kibana integration
Detect Credential Access with Elastic Security
Within our Elastic Security research group, a strong area of focus is implementing detection mechanisms for capabilities we understand adversaries are currently exploiting within environments. We’ll often wait to see the impact that bringing these capabilities to market will have from a detection standpoint. This allows our researchers to explore different detection strategies … [Read more...] about Detect Credential Access with Elastic Security
New Features of the Botnet and How to Detect it
One of the most dangerous and infamous threats is back again. In January 2021, global officials took down the botnet. Law enforcement sent a destructive update to the Emotet's executables. And it looked like the end of the trojan's story. But the malware never ceased to surprise. November 2021, it was reported that TrickBot no longer works alone and delivers Emotet. And … [Read more...] about New Features of the Botnet and How to Detect it
Detect What Others Miss with CESA
With the executive order signed by the US government in the wake of recent cybersecurity attacks like SolarWinds, Colonial Pipeline, Microsoft Exchange server breach that have plagued high-value government entities and private organizations, it is very important to have security ammunition ready that can detect such attacks – one that can provide deep forensic details and … [Read more...] about Detect What Others Miss with CESA
Cisco Email Security Expands, Simplified to Detect More Threats, Stop More Attacks
SecureX integration offers customers greater visibility to threats across technology silos Email threats continue to rise rapidly in volume and complexity. With email being the number one threat vector, it’s no surprise that 94 percent of malware is delivered via email, and it remains the easiest way for attackers to breach an organization. Email security is complex and of … [Read more...] about Cisco Email Security Expands, Simplified to Detect More Threats, Stop More Attacks
Detect even the sneakiest insider threats with Cisco Stealthwatch
The modern network has all of the tools needed to batten down the hatches on even the most sophisticated of threats. Your perimeter-based security tools are preventing breaches from malicious actors while your endpoint tools are protecting individual devices from compromise. But what happens when threats don’t look like threats? What happens when a threat actor already has a … [Read more...] about Detect even the sneakiest insider threats with Cisco Stealthwatch