You are viewing 'attackers'

How Cybercriminal Gangs Work

Hint: Hollywood gets it wrong

Aaron Perkins

March 15, 2016 - Posted by Aaron Perkins to Security Insight

Access Granted

If there is one thing you should know about cybercriminals, it is that they can be extraordinarily patient.

Much like an anaconda that can wait for its chosen prey for six months or more, cybercriminals are in no rush to launch into a cyberattack unprepared.

With the potential for virtually endless profits, cybercriminals organize their efforts more precisely than an air traffic controller manages takeoffs and landings.

Hollywood, though, tends to embellish what actually happens within a cybercriminal’s operations since, truth be told, hacking is boring – or at least boring to watch.

I’ve met quite a number of hackers in my lifetime, and never once did their stories contain, “And then I hacked into the bank’s servers, and ACCESS GRANTED flashed across the screen in bright green letters!”

With the way hacking and cybercrime are portrayed in movies and TV... read more >

Patched Vulnerability in FireEye Appliances

FireEye acted quickly to close a serious vulnerability in some appliances

Terrance DeJesus

December 16, 2015 - Posted by Terrance DeJesus to Security News


On Tuesday, December 15, 2015, FireEye, a worldwide provider of cybersecurity and malware protection to clients in the public and private sectors, issued a Support Notice to its clients regarding a critical vulnerability in a module which analyzes Java Archive (JAR) files.

Google’s Project Zero, a team dedicated to finding new vulnerabilities, discovered this severe security hole in the way the Malware Input Processor (MIP) utilizes an open source Java decompiler called Java Optimize and Decompile Environment (JODE). MIP uses the JODE decompiler in conjunction with JAR helper to statically analyze JAR files and check for signatures which may suggest malicious code. JODE is then used by Java’s SimpleRuntimeEnvironment class to deobfuscate strings by dynamically executing a small sample of the bytecode.

Affected... read more >

APT: Another Profitable Title

Jeremy Scott

August 18, 2015 - Posted by Jeremy Scott to Security Insight

Security Group

It appears that we have come to the day as security professionals that to be part of the elite you have to disclose a new threat actor group or campaign with a code name. Once they’ve created a fun name for the threat actor group or campaign, it is usually sprinkled with some of the tactics and indicators used. The issue with the current state of naming conventions is that it has done nothing more than create great marketing material and confusion for a large part of the security community.

As a security professional who spends the majority of my time tracking threat actors, malware samples and common indicators of compromise, you may be asking “don’t you see this sharing (disclosing events) as a good thing and why is it so confusing?”

First of all, I believe the increase in sharing over the last few years has been great and has even broken down some of the barriers that were in place before. Where the confusion comes in, however, is everyone... read more >

Attack Attribution

Focusing on the Who

Bryan Pluta

June 25, 2015 - Posted by Bryan Pluta to Security Insight

Blog Image

Recently, I’ve seen several articles talking about the attribution of attacks and its necessity. Attribution in the commercial world and government sector have different levels of importance. Attribution in the government sector is essential. The government, including three-letter agencies, needs to ensure that they have “the who” portion of an attack correct, to a very high degree of confidence. The government uses this information to determine which actions to carry out against an actor. If they are wrong about “the who”, serious consequences may occur. 

So what level of attribution should companies in the commercial world worry about? ThreatConnect, a Threat Intelligence/Attribution specialized company, makes a great point in a recent Krebs on Security... read more >

VENOM - Virtualized Environment Neglected Operations Manipulation

An alternate take on the snake

Chad Kahl

May 13, 2015 - Posted by Chad Kahl to Threat Intelligence


I guess it is time to take off my shoes, because I have run out of fingers to count the number of times I read "OMG THIS IS THE NEXT HEARTBLEED!" for normal vulnerabilities.

Marketing firms have definitely figured out how to promote their researchers' activities:

Scary Name + Cool Logo == Unique Hit Counts  == KPI met on your next review

I get it. I totally do. It becomes an issue, however, when every blog site picks it up and people start getting freaked out about relatively normal things.

  1. New vulnerabilities occur all the time
    This includes high, medium and low priority vulnerabilities. Some are pretty bad, allowing for sensitive information disclosure, denial of service, or remote code execution. Most software engineers are not magicians who create perfect code every time. Even those who are have their code pieced together with the work of others, resulting in unintended...
read more >

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Older Entries >>

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)