Preventing WannaCry and Petya / NotPetya Attacks Following the devastating WannaCry malware attack, the Petya / NotPetya wiper outbreak once again highlighted the necessity of having a proper defense in depth strategy in place. Defense in depth demands an organization…
Read MoreJuly 6, 2017
In our Detecting Petya/NotPetya post, we described the way in which NotPetya (or “Nyetna” as it has also been named) spreads to other systems on the network without use of the ETERNALBLUE/ETERNALROMANCE SMBv1 exploits. (Although the code contains the ability…
Read MoreJune 30, 2017
Why Monitor IoT Devices at Home? LogRhythm’s NetMon Freemium is a powerful and easy-to-use product, so why not fully realize its potential both at home and in the office? In-home Internet of Things (IoT) devices, such as sensors, lights, cameras,…
Read MoreJune 29, 2017
Why Extract Specific Bytes Out of a Packet? Pulling specific bytes out of a packet is the best way to get to the real truth of the content. Getting to this level of the content can help you in many…
Read MoreJune 27, 2017
Petya / NotPetya Poses Risk to Even Patched Systems On the morning of June 27, 2017, a new ransomware outbreak—similar to the recent WannaCry malware—was discovered in the Ukraine. The malware quickly spread across Europe, affecting varied industries such as…
Read MoreJune 27, 2017
Whether you swipe it, chip it, tap it, or phone it in, if you are involved in capturing payments from a credit card, you are most likely required to comply with Payment Card Industry Data Security Standard (PCI-DSS) requirements. PCI-DSS…
Read MoreJune 20, 2017
Continuously detecting and responding to malware threats can be an operational challenge. It can also be riddled with inefficiencies and risk. The reality is many organizations do not have the staffing resources to operate a 24×7 security operations center (SOC).…
Read MoreMay 25, 2017
The WannaCry ransomware campaign is just the latest wave of malware to target exploits in core networking protocols. And you need to protect your network with advanced threat detection. The ransomware spreads to unpatched Windows systems (see Microsoft Security Bulletin…
Read MoreMay 17, 2017
If you are already using Microsoft Sysmon in your environment, then you might be wondering whether it is possible to detect WannaCry activity on your Sysmon-enabled Windows hosts. The answer is yes, and this blog will explain how! What is…
Read MoreMay 17, 2017
Contributors to this in-depth research analysis include Erika Noerenberg, Andrew Costis, and Nathanial Quist—all members of the LogRhythm Labs research group. Summary Ransomware that has been publicly named “WannaCry,” “WCry” or “WanaCrypt0r” (based on strings in the binary and encrypted…
Read MoreMay 16, 2017
WannaCry: What We Know It is worth noting that the first WannaCry infection was reported on February 10th then again on the 25th. We will refer to this as “version 1.” This did not have a widespread impact. On the…
Read MoreMay 15, 2017
Detecting and responding to a threat in the earliest stages of the Cyber Attack Lifecycle is the key factor in preventing a breach from becoming a detrimental incident. LogRhythm User and Entity Behavior Analytics (UEBA) detects and neutralizes both known…
Read MoreMay 4, 2017
Recently, a question was posed on the LogRhythm Community around how to extract the SCSM log from a remote Windows host. I put together a quick PowerShell script to extract not only the System Center Service Manager (SCSM) log file,…
Read MoreApril 24, 2017
Shamoon 2 Malware Background On August 15, 2012, a Saudi Arabian energy company was infected with disk-wiping malware in a targeted attack. The malware, known as either “Shamoon” or “DistTrack,” reportedly infected nearly 30,000 machines at the company in this…
Read MoreApril 20, 2017
Part 1: Passwords and Passphrases Building a corporate security awareness program can be as challenging as it is rewarding. Employees are the most targeted resource within an organization, but they are also the first line of defense. Often times, employee…
Read MoreApril 13, 2017
A security operations center (SOC) is becoming an absolute necessity when defending your organization from damaging cyber-attacks. A SOC is the centerpiece of a company’s security operations, as it serves as a critical IT center in which to mitigate cyber…
Read MoreApril 4, 2017
James Carder brings more than 19 years of experience working in corporate IT security and consulting for the Fortune 500 and U.S. government. As CISO and Vice President of LogRhythm Labs, he develops and maintains the company’s security governance model…
Read MoreMarch 20, 2017
Insider threats pose significant risks to your organization. Their actions are difficult to detect and many incidents take months or longer to discover. The key to defending against this class of threats is to understand the who, the why, and…
Read MoreMarch 2, 2017