During a recent incident response engagement, FortiGuard IR services (FGIR) responded to a ransomware attack where the threat actor heavily used anti forensic techniques to cover their tracks and to avoid their malware getting into the hands of researchers.
They attempted to achieve this by deleting files and folders they had created, clearing logs and obfuscating malware. While analyzing a disk image of a compromised Windows Server 2016 system, FGIR was able to identify historical evidence of deleted malware and tools used by the threat actor, inside an obscure ETL file called AutoLogger-Diagtrack-Listener.etl. ETL files are generated by the Windows ETW (Event Tracing for Windows) infrastructure.
Read more…
Source: Fortinet
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- FBI chief rekindles debate over unbreakable encryption
January 9, 2018
The cat and mouse game of security versus privacy continues as FBI Director Christopher Wray calls out unbreakable encryption as an “urgent public safety issue.” Throughout the past year, the FBI took possession of thousands of electronic devices. Approximately 7,800 devices were deemed impenetrable due to modern encryption techniques. Even though the FBI had the legal right to ...
- Spy vs spy vs hacker vs… who is THAT? Everyone’s hacking each other
October 5, 2017
VB2017 Intel agencies and top-tier hackers are actively hacking other hackers in order to steal victim data, borrow tools and techniques, and reuse each other’s infrastructure, attendees at Virus Bulletin Con, Madrid, were told yesterday. The increasing amount of spy-vs-spy type activity is making accurate threat intel increasingly difficult for security researchers, according to Kaspersky Lab. Threat intelligence ...
- How cyber impacts the full spectrum of terror threats
September 27, 2017
Despite the immediate logistical demands of three catastrophic hurricanes in the last two months and various geopolitical flashpoints, cybersecurity remains a key issue and very much on the minds of top federal defenders. “There is no longer a ‘home game’ and an ‘away game,'” for homeland security, DHS Acting Secretary Elaine Duke said at a Sept. ...
- $39 million cyber heist crooks caught by Omani agency
August 2, 2017
Omani forensic specialists helped track down online crooks who stole $39 million from a government bank, the director of the Internet Technology Agency has revealed. A cyber attack on an Oman bank in 2013 sparked a global manhunt across 24 nations that led to the arrests of seven people in the USA, according to Dr Badr ...