Events

NSAccess Control Lists

Last week, I attended the International Conference on Cyber Security at Fordham University in NYC. This event brought together participants from government, the private sector and academia. The closing session was a panel featuring the directors of the CIA, FBI and NSA which drew a lot of attention.

9169

FBI Director Robert Mueller speaking at the closing panel

Throughout the conference, there was a strong push for more cooperation internationally and between different sectors. While cooperation has come a long way, we still have a long way to go.

The topic of cyber-espionage didn’t come up as much as I’ve been used to in recent times. Instead, there was more talk on cyber-sabotage with several presentations talking about this problem.

Some talks centered on disruptive attacks – i.e. DDoS. However both General Alexander and Sean Kanuck, National Intelligence Officer for Cyber Issues, also touched on destructive attacks. Their main concern was around data-wiping/altering malware such as Shamoon. We’ve been vocal about the potential of this type of attack and I’m glad this is being recognized by government.

General Alexander also announced that 90% of his network admins will be replaced by automation of some sort. It’s a move that makes a lot of sense. However, the more important part of the announcement is getting improved access controls to classified information to better prevent data leakage.

Data integrity and access controls are on the minds of the US government. It should be on yours too.

NSAccess Control Lists

Your email address will not be published. Required fields are marked *

 

Reports

Lyceum group reborn

According to older public researches, Lyceum conducted operations against organizations in the energy and telecommunications sectors across the Middle East. In 2021, we have been able to identify a new cluster of the group’s activity, focused on two entities in Tunisia.

GhostEmperor: From ProxyLogon to kernel mode

While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to dub the cluster GhostEmperor.

APT trends report Q2 2021

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.

Subscribe to our weekly e-mails

The hottest research right in your inbox