Events

NSAccess Control Lists

Last week, I attended the International Conference on Cyber Security at Fordham University in NYC. This event brought together participants from government, the private sector and academia. The closing session was a panel featuring the directors of the CIA, FBI and NSA which drew a lot of attention.

9169

FBI Director Robert Mueller speaking at the closing panel

Throughout the conference, there was a strong push for more cooperation internationally and between different sectors. While cooperation has come a long way, we still have a long way to go.

The topic of cyber-espionage didn’t come up as much as I’ve been used to in recent times. Instead, there was more talk on cyber-sabotage with several presentations talking about this problem.

Some talks centered on disruptive attacks – i.e. DDoS. However both General Alexander and Sean Kanuck, National Intelligence Officer for Cyber Issues, also touched on destructive attacks. Their main concern was around data-wiping/altering malware such as Shamoon. We’ve been vocal about the potential of this type of attack and I’m glad this is being recognized by government.

General Alexander also announced that 90% of his network admins will be replaced by automation of some sort. It’s a move that makes a lot of sense. However, the more important part of the announcement is getting improved access controls to classified information to better prevent data leakage.

Data integrity and access controls are on the minds of the US government. It should be on yours too.

NSAccess Control Lists

Your email address will not be published. Required fields are marked *

 

Reports

Operation TunnelSnake

A newly discovered rootkit that we dub ‘Moriya’ is used by an unknown actor to deploy passive backdoors on public facing servers, facilitating the creation of a covert C&C communication channel through which they can be silently controlled. The victims are located in Africa, South and South-East Asia.

APT trends report Q1 2021

This report highlights significant events related to advanced persistent threat (APT) activity observed in Q1 2021. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports.

The leap of a Cycldek-related threat actor

The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector.

Subscribe to our weekly e-mails

The hottest research right in your inbox