Blog

Your Enemy Can Be Your Best Teacher

This quote attributed to the Dalai Lama inspired our analysts to take a thoughtful approach to monitoring our external nodes. We wanted to answer the question – what are the top 20 ports the top 3 cyber threat actor countries are hitting? Could the targeting from countries such as China, Russia, and Iran give us some insights into what they’re trying to exploit?

read more

Living Off the Land (LOTL): A Case Study

During a recent incident involving LockBit ransomware, we discovered a persistent credential stealer that was hidden as a scheduled task/process. We did a significant amount of investigation before unraveling the clues of what was creating alerts and attempting to beacon-out to certain IP addresses in Latvia.

read more

THIS MEMORIAL DAY WEEKEND: RANSOMWARE

Since May 4th, we have seen an eye-catching increase in cyber incidents, email compromise, and ransomware attacks.
As we approach the US Holiday, Memorial Day, we expect this increase to continue. To help improve your awareness, we offer the following trends and fairly consistent indicators pointing back to Eastern European and Russian criminal actors.

read more