Data Analysis of CVE-2017-5638 Exploit Attempts
A major vulnerability, the Apache Struts 2 0-Day vulnerability (CVE-2017-5638), was recently discovered on March 6, 2017. Here at NTT Security, we analyze these types of vulnerabilities, setup detection capabilities and analyze any exploit attempts by threat actors as detected via the NTT Security Global Managed Security Services Platform.
This blog takes a further look, via data analysis, into the active exploit attempts of the Apache Struts 2 0-Day vulnerability as seen in the NTT Security Global Managed Security Services Platform. Through our analysis, we were able to uncover the source of the attacks, industries targeted, malware samples, and more. Additionally, based on our research, we were able to conclude that exploit attempts for this vulnerability will remain popular for some time, and have listed migitation and recommended actions further below in this blog to avoid future exploit attempts.Background
On March 6, Apache released a... read more >
Does your organization face challenges with effectively aligning IT security teams and business executives? In many organizations, it seems that business executives and IT security teams don't always understand each other's roles. Executive leadership may not realize the cyber risks to their organization, such as APT threats, insider threats, espionage, phishing. Also, IT security teams may not know what business systems are MOST important to protect before and during an incident.
So how can you successfully align IT security with the C-Suite, and keep the collaborative alignment effective? Before we answer that question, let's first talk about the challenges that have historically kept IT security and business executives out of alignment.
Strategic vision directly influences and impacts the success of implementation of IT security controls. IT security MUST be positioned as a business enabler. And businesses must... read more >
How long is too long?
There has been a lot of chatter on social media lately surrounding the topic of public vulnerability disclosure. Doing a quick Google search, I found a ton of resources, discussions and blog posts available, covering different ways to properly disclose a vulnerability. Several are listed below:
Memory Forensics Comes into the Light
Recently, fileless malware has shown up in numerous LinkedIn articles, blog posts and research papers. It’s being discussed as the “new” threat to watch out for. I agree that this is an important topic, but I do not agree that it is a new threat. Rather, it has been a threat long ignored and is now being rapidly exploited by attackers.
To give some information about the threat, fileless malware is found only in memory, not in a file on disk. This attack is actually using Meterpreter code inside the physical memory of a domain controller. Along with the presence of Meterpreter, analysts discovered the use of PowerShell scripts within the Windows Registry. For those who are unaware, Meterpreter is a tool from the Metasploit framework, a free hacking tool commonly used by both penetration testers and criminal hackers. Once the attackers have successfully installed Meterpreter, they use various scripts to install a malicious service on the targeted host. After... read more >
Many types of red team and physical security assessment toolkits are utilized across the industry. Through our experiences in the NTT Security Threat Services group, we have developed a mixed bag of devices and tools that we commonly use with hybrid assessment types.
The lists below are not intended to be comprehensive, but a quick reference for red team specific toolkits - which often include technical devices and physical tools.
As always, it is assumed that you have permission from your client, have the proper documentation on hand and the defined scope is your primary consideration before attempting to compromise a target facility. Please make sure that you have plenty of experience with bypass and lock picking tools in order to reduce the risk of damaging doors, locking cores and mechanisms etc. Always be... read more >
A recap of RSAC 2017
RSA 2017 finished up last week - thousands of security professionals descended upon the Golden City, ready to learn about the newest technology.
If you made it to our booth, you heard us discuss how digital transformation is having a substantial impact on organizations in every industry. The cloud is becoming harder to navigate, with more products and solutions offered than ever before. On top of that, many organizations with a security program in place, are wondering how to keep up with the threat landscape and digitization.
I touched on this during my interview with Illena Armstrong, VP Editorial, SC Media at RSA. Organizations need a strong and flexible security program that is able to adopt and transition to new technological advancements for your organization. Watch the full interview below to learn about how the ability to adopt solutions faster can be cost saving, and key things to consider in the digital transformation... read more >
Phishers & Scammers & Taxes, Oh My!
Our new Constitution is now established, and has an appearance that promises permanency; but in this world nothing can be said to be certain, except death and taxes.
— Benjamin Franklin
It’s that time of year — tax season. Regardless of whether you owe or are expecting a refund, there is one thing we all should be looking out for: people who want to take your money. This is a good time of year to remember one of the least technical, but certainly one of the most dangerous aspects of our industry, social engineering.
Whether by email through a phishing scheme or via telephone and fear, there is a possibility that you will be contacted in an attempt to access your IRS records, or pushed to send money to an unauthorized, but reputable sounding party.
Here are just some of the potential social engineering scams you might see:A tax company appears... read more >