Rapid7’s Incident Response (IR) team was engaged to investigate an incident involving an attempted Cobalt Strike execution.
The investigation uncovered twists and turns with pre-ransomware activities, tunneling tools, and attackers taking a page out of the defender’s playbook. The attacker took careful steps to maintain access to the environment through persistence that mimicked normal user behavior. This blog covers the techniques, indicators of compromise (IoCs), and detections for Rapid7 customers.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- FBI chief rekindles debate over unbreakable encryption
January 9, 2018
The cat and mouse game of security versus privacy continues as FBI Director Christopher Wray calls out unbreakable encryption as an “urgent public safety issue.” Throughout the past year, the FBI took possession of thousands of electronic devices. Approximately 7,800 devices were deemed impenetrable due to modern encryption techniques. Even though the FBI had the legal right to ...
- Spy vs spy vs hacker vs… who is THAT? Everyone’s hacking each other
October 5, 2017
VB2017 Intel agencies and top-tier hackers are actively hacking other hackers in order to steal victim data, borrow tools and techniques, and reuse each other’s infrastructure, attendees at Virus Bulletin Con, Madrid, were told yesterday. The increasing amount of spy-vs-spy type activity is making accurate threat intel increasingly difficult for security researchers, according to Kaspersky Lab. Threat intelligence ...
- How cyber impacts the full spectrum of terror threats
September 27, 2017
Despite the immediate logistical demands of three catastrophic hurricanes in the last two months and various geopolitical flashpoints, cybersecurity remains a key issue and very much on the minds of top federal defenders. “There is no longer a ‘home game’ and an ‘away game,'” for homeland security, DHS Acting Secretary Elaine Duke said at a Sept. ...
- $39 million cyber heist crooks caught by Omani agency
August 2, 2017
Omani forensic specialists helped track down online crooks who stole $39 million from a government bank, the director of the Internet Technology Agency has revealed. A cyber attack on an Oman bank in 2013 sparked a global manhunt across 24 nations that led to the arrests of seven people in the USA, according to Dr Badr ...