Video Screencast Help
Cyber Security Group
Showing posts in English
Jeannie Warner | 03 Aug 2014 | 0 comments

We have decided to combine two of the blogs populated by the security analysts from various disciplines within Symantec’s Cyber Security portfolio to create a single location, with the intent to make it easy for readers to keep in touch with interesting ideas and topics. Prior to this re-organization, we had separate blogs for our Managed Security Services analysts and Cyber Readiness researchers as well as individual Symantec analyst blogs in other locations, as well as and various product-specific blogs within our Symantec Connect communities. This made for too many places to check to stay on top of relevant information coming out of the Cyber security group. It’s time for some streamlining.

So who is the Cyber Security Group? We’re a collection of security professionals that support the following security challenges:


Our objective for this change is to both introduce...

Robert Shaker | 01 Aug 2014 | 0 comments

I’ve been involved in incident response for a long time; whether as a client, consultant or working for Symantec, and have seen something that has been pretty consistent over these many years: the time between a customer experiencing an incident versus when they finally call for assistance. When I talk to our Global Partners and our Symantec Incident Response Services team, they find the same thing; they usually get a call on Friday, late afternoon, local time zone, and the client has been working the case for anywhere between a week or months. When I ask my peers about this, the thing that bothers me is that we all chuckle about it: “Oh yeah, Friday, at 3PM, that phone is going to ring.” I hear it from all of them. But it’s not funny.

When I went from owning my own IT consulting business to leading the IT department for a consulting company I was no different from my current peers. I would spend hours, days, and weeks, working an incident with my team, and, whether it was...

Tim G. | 29 Jul 2014 | 1 comment

Symantec’s Cyber Security Group has updated the intelligence available in the DeepSight Global Incidents widget on the MSS and DeepSight portal.  We have added a completely interactive environment, that will allow you to search for events by city, or by threat name this will allow you see at a glance hotspots in the threat landscape as well as search for global distributions of specific threats. 


Additionally you can expand this widget to full screen and more completely interact with the information.  There is an information button on the widget, and updates to the documentation have been made.

This Feature goes live on July 30th at 6:30AM EDT.

Attached is an FAQ which should help answer any questions regaridng this new feature.

Linda Smith Munyan | 23 Jul 2014 | 1 comment

hack.jpegThe number of data breaches rose 62 percent in 2013, according to the Symantec Internet Security Threat Report, and the tactics and techniques of cybercriminals exponentially exploded. Motives of these cyber intruders vary: financial gain, network infiltration, “hacktivism”, cyber espionage/sabotage, or just simple harassment. As this underground economy grows, so does our awareness, as more and more businesses become targets.

Symantec dives deeper into the underground economy, with a series of blogs that will shed light on the darkest mysteries of this online world. Check out Part 1 of this series ...

MSS Global Threat Response | 30 Jun 2014 | 0 comments

Emerging Threat:  Dragonfly / Energetic Bear – APT Group



On June 30th 2014, Symantec Security Response released a whitepaper detailing an ongoing cyber espionage campaign dubbed Dragonfly (aka Energetic Bear).  The attackers appear to have been in operation since at least 2011.  They managed to compromise a number of strategically important organizations for spying purposes and could have caused damage or disruption to energy supplies in affected countries.  The two primary tools the group uses are Remote Access Trojans (RAT) named Backdoor.Oldrea and Trojan.Karagany.


Dragonfly initially targeted defence and aviation companies in...

MSS Global Threat Response | 13 Jun 2014 | 0 comments

Emerging Threat - Anonymous - Operation Petrol (June 20 2014)


Who:     Anonymous, a politically motivated group of hacktivists (mostly Middle East based).  Specifically the AnonGhost group and Mauritanian Hackers group will likely host this operation.

What:   Cyber-attacks against oil, gas, and energy companies, but specifically the Petroleum industry in the Middle East.

When:  Before, during, and after June 20, 2014.  Attackers may attack across different time zones.

Why:     Anonymous disagrees with the U.S. Dollar being used as the currency to buy and sell oil.

Note:    Denial of Service attacks may be a diversion from the real attacks:  fraudulent/illegal wire transfers.


MSS Global Threat Response | 11 Jun 2014 | 0 comments

Emerging Threat - Anonymous - Operation World Cup/Hacking Cup



Who:  Anonymous - a politically motivated group of hacktivists (mostly Brazil based).

What:  Cyber-attacks against sponsors of the World Cup, mostly DDoS based.

When:  Circa June 12th 2014, the beginning of the World Cup in Brazil.

Why:  The hacker group Anonymous is preparing cyber-attacks on corporate sponsors of the World Cup in Brazil to protest the spending of money on soccer games instead of public services.



“The [hack] attacks will be directed against official websites and those of companies sponsoring the cup…these attacks will most likely take the form of DDoS attacks.”

“We have a plan of attack…We have already conducted late-night...

MSS Global Threat Response | 03 Jun 2014 | 0 comments

Symantec MSS Threat Landscape Update – Gameover Zeus/Cryptolocker Takedown




Today, June 2nd 2014, Symantec’s Security Response team released a blog detailing the takedown of two of the most notorious financial fraud malware to date; Cryptolocker and the Gameover Zeus variant. The takedown was an international collaboration between agencies such as the FBI, UK’s National Crime Agency and other law enforcement agencies. Symantec, among other private sector companies, assisted the FBI in seizing a large portion of the malicious infrastructure.


Matt Sherman | 29 May 2014 | 0 comments

Without digging too far into the works of Shakespeare and by horrendously over-simplifying matters, there is a pair of characters from “Hamlet” that I would like to use as a tortured analogy. They are Rosencrantz and Guildenstern, and things do not go well for them at all.

These two characters are old college friends of the Prince Hamlet and are summoned by the King and Queen to come and look in on their friend who is having a bad time as of late. This, being a Royal summons, they show up because that’s what you do. After meeting up with Hamlet, these two characters note that Hamlet is a bit out of sorts (perhaps this has to do with his father dying recently and his mother marrying his uncle?). After Hamlet kills somebody, Rosencrantz and Guildenstern are requested to embark on a road-trip with the Prince and a note. It’s a request they honor because that’s what you do at the request of the Royals. The Prince makes some small changes to the note because Princes do that type...

James Hanlon | 16 May 2014 | 1 comment

For enterprises, these are testing times in the extreme. Never have IT departments – and the businesses that they support – been more exposed than they are today.

IT departments are challenged at every turn – with pressure from business leaders asking “is the business safe from cyber attacks?”; rapidly evolving IT estate complexity, including mobile rollouts, new cloud deployments and emerging software-defined data centres. IT relies heavily on its security teams, who are left to deal with disconnected security architectures and struggle with underfunding, and often a lack of incident investigation resources to be able to deal effectively with the waves of security incidents.

The thing is that attackers know this and are constantly seeking to extend their reach into the very fabric of the IT operations. As a result, many organisations are left vulnerable and at risk.

And it’s the nature of the attacks that are causing most consternation. Today’s assailants are...