Cyber Attack

Thu
29
Jun

Petya Ransomware - TCS Prevention and Recovery Advisory

Petya Ransomware - TCS Prevention and Recovery Advisory
On 27th June, 2017, a new worm like ransomware called Petya / NotPetya has affected organizations around the world. After the infection the malware, using the password harvesting utility, ETERNALBLUE exploit and ETERNALROMANCE exploit, infects all computers on the local network. Despite the fact that Petya / NotPetya virus actively uses these two exploits to infect as many computers as possible, it does not spread through the Internet, it hits computers only on the local network (where the virus first penetrated).
 
Petya / NotPetya encrypts entire hard drive, by encrypting the system volume, Master File Table and Master Boot Record, Petya / NotPetya prevents the system from booting normally and hooks it into Petya's own bootloader with the ransom note displayed on the screen. This prevents attempts at file recovery using standard forensic techniques such as booting to a LiveCD or other OS.
 
Thu
27
Oct

Need of defensive rebalancing to combat the Cyber Attacks

Need of defensive rebalancing to combat the Cyber Attacks
Cyber breaches are repeatedly making headlines and affecting the organizations regardless of preventive measures deployed to counter the cyber threats. It is mostly happening due to ever-diminishing perimeter boundaries and data becoming new perimeter for organizations, increasing reliance on business partners for delivering the services and adoption of commoditized IT services to accelerate the go to market efforts of the business. Cyber perpetrators are taking advantage of these extended ecosystems and launching the attack by exploiting the weaknesses present in the systems of the overall supply chain of the organization. As these breaches proving inevitable, it is becoming critical for an organization to improve the incident detection and response capabilities, and accelerate the efforts towards becoming resilient to cyber-attacks. 
 
Mon
14
Mar

Man in the Cloud attack scenario - Persistent Double Switch

Man in the Cloud attack scenario -  Persistent Double Switch

This attack is very similar to the Quick Double Switch, but only difference is that the attacker maintains remote access to the victim's machine. This access allows the attacker to interact with the victim’s machine from time to time, execute arbitrary code, and collect that code’s output.

Attack Execution Phase:

Sun
28
Feb

Some APT talks – Part 2 – Detect the Undetected

Some APT talks – Part 2 – Detect the Undetected

We have discussed about APT and its attack vectors in Part 1. Now it is important how we plan the mitigation strategies? There are multiple solutions in the market that offers different tools to effectively mitigate APT’s.  It would be boring and repetitive if I go through the best practices and the technologies I have already discussed in this forum such as User Awareness, Password policies, Patching etc. We will have a look at something new- Deception, a proactive way of dealing with these sorts of cyber attacks.

Sun
21
Feb

Some APT talks – Part 1 – Expect the Unexpected

Some APT talks – Part 1 – Expect the Unexpected

In our forum, we have discussed about Advanced Persistent Threat (APT) before.

Who and What it is?

Thu
14
Jan

Peek into Tallinn Manual - Analyzing Estonia, Georgia & Stuxnet Cyber Attacks against this background

Peek into Tallinn Manual - Analyzing Estonia, Georgia & Stuxnet Cyber Attacks against this background

The Tallinn manual (not an official document) was drafted by group of experts, and was a comprehensive effort undertaken by NATO Cooperative Cyber Defence - Centre of Excellence between 2009 and 2012 to interpret and bring clarity on international laws in the context of cyber operations. While the manual does not denote the views of NATO, but is the first respected re-statement of international law in cyber operation context. It defines a cyber-attack as a “cyber operation, whether offensive or defensive, that is reasonably expected to cause injury or death to persons or damage or destruction to objects” and cyber operation that qualifies an ‘armed attack’ triggers the right of individual or collective self-defense (Schmitt, et al., 2013). The foundation is the effects or consequence that are caused by cyber operations as per the six criteria for evaluating cyber-attacks on any nation i.e.

Wed
13
May

How Mature is Your Data Security?

The biggest challenge faced by organisation's in today's environment is protecting their Data. We have seen in recent times numerous successful attacks happening across various industries to steal or leak the data. Some of the know data breaches includes :

Pages

Subscribe to RSS - Cyber Attack