The recent Kaseya VSA cyberattack is an important reminder of how security works best when we approach it as a community. The adversarial pivot to supply chain-based attacks for delivering ransomware underscore the role we all must play in helping to keep each other protected.
When Splunk told me we would have a “breach holiday” theme for the summer, I didn’t think it would be quite so on the nose… For those of you who have been working on this Kaseya REvil Ransomware incident over the weekend, I salute you. We’ve been doing the same. As usual, my team here at Splunk likes to make sure that we have some actionable material before posting a blog, and this time is no different.
The ongoing news of massive cyberattacks on manufacturing and energy companies has been a wake-up call. Operational Technology (OT) Security had not been on the radar of many CISOs and plant managers until they got hit. After reacting in a defensive mode last year it is time to step up with a proactive security strategy including OT. Secure Factory by Splunk helps manufacturing companies better understand and address their unique security challenges.
Security teams defending Windows environments often rely on anti-malware products as a first line of defense against malicious executables. Microsoft provides security vendors with the ability to register callbacks that will be invoked upon the creation of processes on the system. Driver developers can call APIs such as PsSetCreateProcessNotifyRoutineEx to receive such events.
The Splunk Threat Research team recently developed a new analytic story to help security operations center (SOC) analysts detect adversaries executing password spraying attacks against Active Directory environments. In this blog, we’ll walk you through this analytic story, demonstrate how we can simulate these attacks using PurpleSharp, collect and analyze the Windows event logs, and highlight a few detections from the May 2021 releases.
In early 2020, threat actors breached the build systems of Solarwinds and used this access to add malicious code into one of SolarWinds products. The product, called “Orion”, is very widely used and deployed by tens of thousands of companies, including many Fortune 500 companies.
For a long time, the Internet has been an easily accessible place for most people around the world, full of information, fun, and in general, it is an almost indispensable tool for most companies, if not all, and very useful in many other areas, such as education, administration, etc. But, since evil is a latent quality in the human being, this useful tool has also become a double-edged sword.
