When it comes to malware attacks, one of the more common techniques is “living off the land” (LOtL). Utilizing standard tools or features that already exist in the target environment allows these attacks to blend into the environment and avoid detection. While these techniques can appear normal in isolation, they start looking suspicious when observed in the parent-child context. This is where the ProblemChild framework can help.
SQL injection is one of the most destructive ways an application can be attacked. This kind of attack is targeted toward the application database, which can result in consequences that are irreversible, lead to loss of money, and reduce user trust in your company. There are far too many application data breaches happening every day, usually when a malicious agent attacks the database.
Last year, during the Magecart attacks saga, I was constantly flooded by calls from e-entrepreneurs – all sounding worried and anxious. The attacks were brazen, and the digital trust was taking a beating. After the initial shock waned, the entire conversation shifted gears. I still remember having long discussions with my clients about eCommerce security threats and their solutions. It now focused solely on building a reliable security system.
Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. In this edition, we’ll learn about the worst data breaches that happened recently, their impact, and the cost of data breaches for companies. The COVID-19 pandemic has not only had an impact on the mental and physical health of employees, but on the digital health of organizations around the world.
Lateral Movement describes techniques that adversaries use to pivot through multiple systems and accounts to improve access to an environment and subsequently get closer to their objective. Adversaries might install their own remote access tools to accomplish Lateral Movement, or use stolen credentials with native network and operating system tools that may be stealthier in blending in with normal systems administration activity.
In the last 90 days, the news of cyberattacks on critical infrastructure has been stunning. From the unprecedented breach represented by Sunburst to the more recent bone-chilling attack at the Oldsmar water facility, the urgency to secure critical infrastructure in transportation, utilities, energy, water, critical manufacturing, telecommunications, healthcare, government facilities and the defense sector has never been higher.
The SolarWinds exploits have been widely reported, fully covered, and basically as we would say in Aussie – Done to Death Mate. But some of the info got me thinking, especially this article from my buddies at Microsoft which gives some great background and flows for that how the attacks were actually working. I’ve been working with Ivanti Application Control – formerly AppSense Application Manager for over 17 years.
