When WannaCry hit, the news sent shivers down the world. Reports of hospital outages and super secret tools used by the NSA (Equation Group) that could hack into any version of Windows was released to the public. During this period of time, the community warned of more waves were soon to come. This started yesterday around June 26, 2017 primarily in Ukraine and Binary Defense started to see some of the first large infections of Petya (or some calling it NotPetya) happening at other geographic locations early this morning. On the surface, this appeared to be another EternalBlue/MS17-010 campaign being used on the surface and a new variant. No-one at the time knew exactly how the infection methods were being used, but multiple companies jumped the gun and reports claimed multiple avenues including HTA attack vectors, email campaigns with attached word and excel documents.read more →
It is fairly common knowledge among security professionals that security information and event management (SIEM) technologies...
Posted on September 13, 2017
It was reported on November 13th 2014 that in late September the National Oceanic and Atmospheric Administration, NOAA, was breached by a Chinese hacker. This announcement comes only days after the reports of the USPS being hacked. Currently the full scope of what was compromised by the breach is unknown and NOAA officials have declined to comment on what was targeted by the breach. Though NOAA officials stated that incident response was started immediately, they did not notify anyone of the breach until the 4th of November when it was reported the Commerce Department Inspector General Todd Zinser. The first indication to anyone outside of the agency that something was wrong was October 20th when NOAA took several systems offline for “unscheduled maintenance”.read more →
While many look at ISIS and think only of the campaign of terror they are driving through the middle east, but what most do not think of is the terror campaign they are waging through cyberspace. Since its inception ISIS has continually evolved to thrive in current times. ISIS began using relatively old tactics such as when they raided the Central Bank of Mosul making off with over $475 million and taking control of oil fields in Syria. ISIS has since moved into the cyber world for recruiting, propaganda, and theft to expand the reach of the organization.read more →
On November 10, 2014 the United States Postal Service (USPS) announced they were the victim of a cyber security intrusion. The breached was discovered in September and it appears that the Chinese government may be responsible. In the document "USPS Cyber Intrusion and Employee Data Compromise November 10, 2014" released on 11/10/2014, the USPS stated the intrusion was similar to attacks being reported by many other federal government entities and corporations. Although this is a blanket statement, the release does highlight some key information.read more →
We recently became aware (special thanks to @slideintohome) of a SMTP botnet campaign occurring for a number of large-scale customers targeting SMTP gateways with Shellshock based attacks. The attack leverages Shellshock (https://www.trustedsec.com/september-2014/cve-2014-6271/) as a main attack vector through the subject, body, to, from fields (targets every main header field in order to download the perl botnet script). Once compromised, a perl botnet is activated and beaconing on IRC for further instructions.read more →