We are excited to announce the publication of our new Global Threat Intelligence Report (GTIR). The report is our most comprehensive one yet. Analyzing content from NTT Group companies and data from our new Global Threat Intelligence Center, the GTIR highlights the latest phishing and ransomware attack trends, and the impact of today’s threats against global organizations.
Most cybersecurity reports are meant for security professionals. They are not intended for use by anyone without significant security knowledge and experience. But we have taken a different approach for this year’s GTIR. We want to provide a resource for educating everyone with security responsibilities, from security and IT professionals through to executives, management, and end users. In today’s... read more >
Global visibility, leadership and roadmap empowering detection capabilities
In a recent press release, NTT Security announced the formation of the Global Threat Intelligence Center (GTIC) as a natural evolution of the previously established Security Engineering and Research Team (SERT). As a founding member of the legacy SERT, and current director within the GTIC organization, I am excited to be part of this next great step.
This move marks a significant point in the future of NTT Security in its ability to address security threats, as NTT Security must bring together its international threat intelligence assets, to further enhance our global capabilities.
The GTIC’s mission, under the leadership of Steven Bullitt (VP Global Threat Intelligence), is to apply actionable and detailed insight with a focus on reducing risk for clients and customers. GTIC will... read more >
Atom Bombing Returns
In November of 2016, I wrote a blog titled “Atom Bombing: Three ways to protect yourself.” I discussed a new attack vector uncovered by security researchers at enSilo that allowed attackers to inject code directly into atom tables. Atom tables are present in all Windows operating systems and function in multiple ways across the operating system. Here is a link that can help you learn more about atom tables.
Dridex, a common banking malware, has evolved to include atom bombing into its attack vector. It doesn’t take long for criminals to adopt new attack methods and this is a clear example. The latest Dridex variant,... read more >
Businesses that are adjacent to hotels are the best…for security consultants. When you have a high-gain wireless antenna, a rogue access point plugged into a network or able to compromise a vulnerable wireless access point, you pretty much don’t have to leave the comfort of your hotel room or parked vehicle for the assessment. I have been on a handful of these fortunate layouts and it certainly helps when staying under the radar. One of my first red team assessments had a hotel right next to the business we were assessing. The only thing separating the extended stay hotel and business was waist-high foliage, with little to no lighting or camera coverage. With this assessment, after hours testing was in scope, thus making the assessment that much easier.On-site Social Engineering... read more >
Hands-On Web Exploitation with Python
Back in 2015, a colleague and friend asked if I would be interested in teaching a training class with him at OWASP AppSec USA. After carefully considering, I agreed. It’s a good thing, because he had already submitted the class to the call for trainings before asking me.
Fast forward a bit and we’re now gearing up to teach our third version of the class. What started out as a one-day training session has turned into a three-day course. Based on the feedback we have received over the previous years, my colleague and I have tweaked the class in an attempt to provide a class for all levels of programmers, from beginners who may be new to Python to veteran programmers.
Much like our first class, I have taken the time to develop a new vulnerable virtual machine for the test lab. This time around, I applied several lessons I learned along the way. The primary change to the virtual machine is that I made it quite a bit more simplistic. I did this because I... read more >
Data Analysis of CVE-2017-5638 Exploit Attempts
A major vulnerability, the Apache Struts 2 0-Day vulnerability (CVE-2017-5638), was recently discovered on March 6, 2017. Here at NTT Security, we analyze these types of vulnerabilities, setup detection capabilities and analyze any exploit attempts by threat actors as detected via the NTT Security Global Managed Security Services Platform.
This blog takes a further look, via data analysis, into the active exploit attempts of the Apache Struts 2 0-Day vulnerability as seen in the NTT Security Global Managed Security Services Platform. Through our analysis, we were able to uncover the source of the attacks, industries targeted, malware samples, and more. Additionally, based on our research, we were able to conclude that exploit attempts for this vulnerability will remain popular for some time, and have listed migitation and recommended actions further below in this blog to avoid future exploit attempts.Background
On March 6, Apache released a... read more >
Does your organization face challenges with effectively aligning cybersecurity teams and business executives? In many organizations, it seems that business executives and cybersecurity teams don't always understand each other's roles. Executive leadership may not realize the cyber risks to their organization, such as APT threats, insider threats, espionage, phishing. Also, cybersecurity teams may not know what business systems are MOST important to protect before and during an incident.
So how can you successfully align cybersecurity with the C-Suite, and keep the collaborative alignment effective? Before we answer that question, let's first talk about the challenges that have historically kept security and business executives out of alignment.
Strategic vision directly influences and impacts the success of implementation of cybersecurity controls. Cybersecurity MUST be positioned as a business enabler. And businesses... read more >