Blog
Your Enemy Can Be Your Best Teacher
This quote attributed to the Dalai Lama inspired our analysts to take a thoughtful approach to monitoring our external nodes. We wanted to answer the question – what are the top 20 ports the top 3 cyber threat actor countries are hitting? Could the targeting from countries such as China, Russia, and Iran give us some insights into what they’re trying to exploit?
Living Off the Land (LOTL): A Case Study
During a recent incident involving LockBit ransomware, we discovered a persistent credential stealer that was hidden as a scheduled task/process. We did a significant amount of investigation before unraveling the clues of what was creating alerts and attempting to beacon-out to certain IP addresses in Latvia.
THIS MEMORIAL DAY WEEKEND: RANSOMWARE
Since May 4th, we have seen an eye-catching increase in cyber incidents, email compromise, and ransomware attacks.
As we approach the US Holiday, Memorial Day, we expect this increase to continue. To help improve your awareness, we offer the following trends and fairly consistent indicators pointing back to Eastern European and Russian criminal actors.
A Closer Look at a COVID-19 Phish
As cybercriminals continue to exploit the COVID-19 pandemic, we’ve been on guard keeping watch for any phish that may get caught in our nets that look particularly interesting. This week, we caught some.
The Noise of Missing Traffic
As the Coronavirus continues its march across the globe the last few weeks, this has resulted in countries going into lockdown across the globe. Recently, our intelligence team started looking for countries that have suddenly gone silent.
Investigating Cybersecurity Incidents using Full Packet Capture
Michael McAndrews, our Vice President of Network Security Services and former FBI Special Agent, walked the audience at the Southwest CyberSec Forum through the process we used to investigate and resolve a recent international cybersecurity incident.
Southwest CyberSec Forum | January 2020
We are excited to kick-off the new year with a presentation from Michael McAndrews to the members of the Southwest CyberSec Forum on Monday, January 6, 2020. Michael’s presentation “The Need for Advanced Incident Response Tools and Capabilities” will use actual scenarios from a WGM/Crowdstrike international incident response engagement.
10 Cyber Security Questions Business Owners Should Ask Their IT Department (Part 2)
This is Part 2 of our post to help business owners understand which cyber security questions should be the basis of a readiness discussion with their IT Team. If you have any concerns or doubts, please give us a call.
10 Cyber Security Questions Business Owners Should Ask Their IT Department (Part 1)
With daily revelations of new cyber threats and data breaches, business owners are looking to better understand and manage their risks and vulnerabilities. They hear stories of the potential damage a breach can cause, but they struggle in understanding how it could happen to their company.
Michael McAndrews Presents Dark Web Keynote
Another brilliant presentation on the Dark Web by Michael McAndrews of WGM Associates LLC at the Arizona Technology Council Cybersecurity Summit. Great crowd! Michael said, “These attendees had some of the best questions I’ve been asked in years.”