On this week’s Cyber Security Brief, we discuss “living off the land”, where attackers use legitimate tools on your device or network for malicious purposes. Dick O’Brien is joined by Candid Wueest, who wrote a whitepaper on this very topic just before the holidays, to discuss the tools that are most commonly exploited by attackers using living off the land techniques, the prevalence of this kind of activity, and what organizations can do to protect themselves. As well as this, we give an overview of CVE-2020-0601, the vulnerability in the Windows CryptoAPI that was patched by Microsoft on Tuesday.
On this week’s Cyber Security Brief, we decide to take a look at an issue that is very topical at the moment – Iranian cyber espionage activity. Dick O’Brien and Gavin O’Gorman discuss some past campaigns we have seen carried out by Iranian actors, and the kind of cyber capabilities the country has. Threat researcher Gavin gives his opinion on what is likely to happen next when it comes to cyber activity, and if we are likely to see any cyber attacks by Iranian actors targeting U.S. organisations.
This week’s episode of the Cyber Security Brief is the last one of 2019, so we are taking a look back at some of the big stories of the year in the world of infosec. Brigid O’Gorman, Dick O’Brien and Candid Wueest discuss a range of topics, including targeted ransomware, living off the land, supply chain attacks, extortion scams, and formjacking. We are taking a short break for the holidays but will be back in January 2020 with lots more chat about the world of cyber security.
On this week’s Cyber Security Brief, we turn the spotlight onto targeted ransomware – one of the most active threats we observed in 2019. Targeted ransomware has seen huge growth since the start of 2018, with 2019, in particular, seeing a big rise in the number of targeted ransomware families operating. We take a look at the reasons for this growth, outline the activities of some of the most interesting targeted ransomware families that have emerged in 2019, take you through how an attack like this works, and provider some essential tips to help you keep your business safe from targeted ransomware.
On this week’s Cyber Security Brief podcast we are introducing a new feature – Attack Group of the Month. Every month we will bring in one of our expert threat researchers for a deep dive into the history, tactics, and techniques of notable attack groups, and discuss what you should do to keep your company safe from these sophisticated attackers. This week we look at Shamoon, an attack group that first appeared in 2012, causing waves when it wiped the disks on thousands of computers in two companies in Saudi Arabia. Threat researcher Gavin O’Gorman brings us through the history of the group, what makes it so interesting, and why he thinks we haven’t seen the last of Shamoon yet.