LogRhythm Security Spotlight

LogRhythm Security Spotlight

Cybersecurity insights to reduce noise, prioritize work, and quickly secure your environment

Easily defend against trending cyberthreats and attack techniques

As of 2022, the global average cost per data breach amounted to $4.35 million, according to Statista. There is a lot riding on the shoulders of security teams and with such high stakes at risk, it is more important than ever that organizations know how to defend their IT environments against the rising attack surface.

The Security Spotlights series shares our top tips on how you can improve your cybersecurity maturity through the implementation, use, and optimization of security analytics content and custom use cases based on insights from our Analytic Co-Pilot Services. Learn how you can reduce risk to trending cyberthreats in the short videos below. 

T1570 Lateral Tool Transfer

Using the Lateral Tool Transfer tactic, hackers can transfer data or malware from one system to another. This has helped hacking groups like Chimera bypass security controls designed to detect external threats and remain undetected in corporate systems for up to three years!

Learn more about this MITRE technique and how you can detect it.

Monitoring Windows Event Forwarding

Windows Event Forwarding (WEF) is a native Windows process that allows for logging from dispersed Windows environments by giving organizations the ability to centralize events into a Windows Event Collector or WEC Server.  

In this Security Spotlight, you will learn more about Windows Event Forwarding and how to improve visibility into Windows logging.

QakBot OneNote Spawning MSHTA

Qakbot malware has evolved from a simple credential stealer to multi-staged trojan and is associated with ransomware groups like REvil, ProLock, and Lockbit. It’s so pervasive it is continuously featured in the list of top 10 malwares globally! Qakbot users use social engineering to deliver the malicious payload in different forms, and recently started incorporating Microsoft OneNote into phishing campaigns. The malware can spread and gain access to information through seemingly legitimate OneNote files. 

TuRKey_RanSOmWarE

The Security Spotlight is a quick overview of a ransomware variant called TuRKey_RanSOmWarE and its progenitor the Ryuk .Net Ransomware Builder.

Long-tail Analysis

This Spotlight is a quick overview of leveraging public content to develop effective long-tail analysis tools.
  • LogRhythm Community

    • CVE-2022-30190: Follina Exploit

    This Spotlight is a quick overview of the Follina MS Word RCE vulnerability, and how you can detect them before they cause too much damage. 

    CVE-2020-1472 ZeroLogon Alternative Detection

    This Spotlight is a quick overview of ZeroLogon and an alternative way that you can detect it. 

    Gamaredon: Infrastructure and Indicators of Compromise (IoCs)

    This Spotlight is a quick overview of the Gamaredon threat actor group.

    T1553.005: Mark-of-the-Web Evasion

    This Spotlight is a quick overview of an approach to monitoring for more sophisticated Spear Phishing attacks attempting Mark-of-the-Web Evasion.

    T1566 001 Spear Phishing Attachment

    This Spotlight is a quick overview of basic spear phishing tactics and the associated MITRE module rule.

    Different Suspicious or Malicious Command Line Parameters

    This Spotlight is a quick overview of some typical suspicious or malicious command line parameters.

    Process Hollowing

    This Spotlight is a quick overview of an approach to monitoring for potential Process Hollowing techniques.

    T1101.001 Brute Force - Password Guessing SQL Server

    This Spotlight is a quick overview of an approach to attacking public facing SQL servers and how to detect the initial phase of that attack.

    T1136.002 Create Account: Domain Account

    This spotlight is a quick overview of a rule developed to monitor the lifecycle of identities in organizations.

    T1021 004 SSH PuTTY Usage

    This Spotlight is a quick overview of a rule developed by LogRhythm to assist in the ongoing governance of a PAM solution.

    Exchange Vulnerability

    This Spotlight is a quick overview of some recent Exchange vulnerabilities and how you can detect them before they cause too much damage.

    Hoaxshell Reverse Shell

    This Spotlight is a quick overview of a recent PowerShell malicious activity that has been doing the rounds on the internet.

    Experience LogRhythm SIEM in action

    See how you can mature your security operations by improving your time to detect and respond to threats. Schedule a demo with one of our team today.