Security Blogs Focused on Threat Intelligence

The NTT Security SERT Q4 ‘16 Threat Intelligence Report

Key points: decline in attacks, challenges in securing the retail industry, and an apparent increase in nation state-sponsored cyberattacks

Danika Blessman

January 26, 2017 - Posted by Danika Blessman to Threat Intelligence

NTT Security SERT Q4 Threat Intelligence Report

The NTT Security SERT (Security Engineering Research Team) released its Q4 ‘16 Threat Intelligence Report today.

During Q4 ’16, NTT Security researchers observed a noticeable shift in the types of attacks from previous quarters – particularly exhibited by a much narrower scope of attack vectors. Several vulnerabilities such as Oracle Server Backup in the retail industry and Linux password files in the finance industry were specifically targeted – likely indicative of criminals identifying specific flaws and crafting attacks to fit, a sign of more sophisticated and directed efforts.

This shift was also evident in an overall 35 percent decrease in total security-related events across client networks from Q3 ’16 to Q4 ’16, including continued declines of 25 percent in... read more >

The NTT Security SERT Q3 ‘16 Threat Intelligence Report

Ransomware in the health care industry, the ‘direct cash-back’ revenue model, targeting the Internet of Things (IoT), securing SWIFT networks, and a notable decrease in reconnaissance activity.

Danika Blessman

October 20, 2016 - Posted by Danika Blessman to Threat Intelligence

SERT Threat Report Q3 2016

The NTT Security SERT (Security Engineering Research Team) released its Q3 ‘16 Threat Intelligence Report today.

During Q3 ’16, NTT Security researchers observed attacks which exhibited the same characteristics as those a year ago in Q3 ’15 – a notable decrease in reconnaissance and an increase in application attacks, with attackers likely maintaining a persistent presence in the target environment.

NTT Security observed a 38 percent drop in security-related events from Q2 ’16 to Q3 ’16. While that seems like an amazing statistic, it included a dramatic 91 percent decrease in reconnaissance and a 64 percent decrease in suspicious activity, which may indicate more of a change in focus than a dramatic fall off in attack volume.

... read more >

The SERT Q2 ‘16 Quarterly Threat Intelligence Report

Shrinking variety of attacks, inside Business Email Compromises, update on ransomware, perspective on China’s new Five Year Plan, and highlights from PCI DSS 3.2.

Jon-Louis Heimerl

July 26, 2016 - Posted by Jon-Louis Heimerl to Threat Intelligence

The Solutionary Security Engineering Research Team  (SERT) released its Q2 2016 Threat Intelligence Report today.

Solutionary observed a flattening of attack types during Q2 ’16. In recent quarters, web applications made up as much as 42 percent of observed attacks. In Q2 ’16, web application attacks made up 24 percent of such attacks. The top three attack types – web-application... read more >

SERT Q4 2015 Quarterly Threat Report

Evolving attack patterns, views of BASHLITE and JOOMLA, and a look forward on Android

Jon-Louis Heimerl

January 28, 2016 - Posted by Jon-Louis Heimerl to Threat Intelligence

The Solutionary Security Engineering Research Team (SERT) released its Q4 2015 Quarterly Threat Report today.

As the source of 63 percent of all detected attacks and 79 percent of all detected malware, the United States is once again the most hostile source of cyberattacks. As we’ve seen in the past, this does not mean the attackers are within the U.S. but are using U.S. infrastructure as their launching pads. A 77 percent drop in reconnaissance activity from Q3 ’15 to Q4 ’15 indicates reconnaissance activity has plummeted nearly 88 percent from levels seen in Q2 ’15.

Malware detection and trends continue to vary widely from quarter to quarter, but one interesting observation is that the top five sources of malware accounted for 79 percent of all malware detected during Q4 ‘15. While detected malware rose only slightly through Q4... read more >

0-Day in Linux Kernels: High or Low Threat?

CVE-2016-0728: Evaluating the Threat Level

Jeremy Scott

January 26, 2016 - Posted by Jeremy Scott to Threat Intelligence

Lightbulb Overview

On January 14, 2016 researchers at Perception Point identified a 0-day local privilege escalation vulnerability (CVE-2016-0728) in Linux Kernel versions 3.8 to 4.4 (2012 – 2016). This flaw exists due to the kernel’s keyrings security facility used to retain cached security data, authentication keys, encryption keys and other data. Using a local user account, one can free a referenced keyring object and overwrite it to be executed in the kernel, escalating privileges to root. Based on statistics provided by Perception Point, tens of millions of personal computers (PCs), servers and 66% of all Android devices may be vulnerable.

The Solutionary Security Engineering... read more >

Black Energy Malware is Back...and Still Evolving

Danika Blessman

January 18, 2016 - Posted by Danika Blessman to Threat Intelligence

Industrial Control Systems

Black Energy (BE) malware is back in the news as of early January 2016. This time it is being blamed for contributing to a power outage on December 23, 2015 in Ukraine, which left nearly half the populace in the Ivano-Frankivsk region without power for several hours.

Discovered in 2007, BE was originally designed as a distributed-denial-of-service (DDoS) toolkit but has since evolved to its current state, supporting a multitude of plug-ins. The newest features of the BE malware include:

  • KillDisk, a destructive data-wiping utility capable of destroying an estimated 4000 file types, including registry files. This function could render the host unbootable, and depending on the infected host, could have dire consequences. Based on the malware’s typical target set of Industrial Control Systems (ICS), an infected host could prove to be disastrous, not to mention expensive.
  • Researchers also identified a previously unknown Secure Shell (SSH) backdoor...
read more >

OpenSSH: Overflowing and Leaking

Information Leakage (CVE-2016-0777) and Buffer Overflow (CVE-2016-0778)

Terrance DeJesus

January 15, 2016 - Posted by Terrance DeJesus to Threat Intelligence

Danger

On January 14, researchers from Qualys published information regarding information leakage (CVE-2016-0777) and buffer overflow (CVE-2016-0778) vulnerabilities in OpenSSH which result from default code in versions 5.4 through 7.1p1.

These vulnerabilities exist because OpenSSH clients support a feature called roaming. This feature allows for connectivity to an SSH server to resume the suspended SSH session if the existing connection breaks unexpectedly. Because of the roaming feature, however, these vulnerabilities exist and could be exploited by a malicious or compromised SSH server.

Information Leakage (CVE-2016-0777)
The information leak is exploitable because the default code in the OpenSSH client allows a malicious SSH server to steal the client's private keys. The client code was enabled by default, and a malicious server could trick that code into leaking client memory to the server, including private client user... read more >

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | Older Entries >>

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)

LATEST TWEETS