Going remote is the new reality as we continue to grapple with a devastating global pandemic. The transition to remote learning in our nation’s schools, in particular, has created a new level of upheaval and burden that’s impacted most every home and community. Luckily, most of Stealthbits’ existing corporate customers switched to digital work rather seamlessly after testing and reinforcing the security of their networks and IT infrastructure. Educational institutions, on the other hand, were…
A recent cyber-attack on the Canadian government was successful because of a well-known attack technique, credential stuffing. If you’re not familiar, credential stuffing is just taking credentials from one breach and using it to compromise a new organization. It is successful because 62% of people reuse personal passwords on work systems.
News of this attack broke on Monday, August 17, 2020, and it highlights how real the cyberattack risk is for every organization. Th…
It is important to monitor the size of the NVMonitorData SQL database that is used by StealthINTERCEPT (SI) to store the event data it collects. In production environments, the event dataset can grow significantly over time. If left unchecked this DB growth will lead to excessive disk space usage and slowing performance over time inserting new event data. In addition, users can encounter slow performance reporting data via either the SI Console or the Web Reporting modul…
This is what it looks like to create an access link, in this blog I will explain which settings affect what options are available on these link creation pages. SharePoint is all about collaboration and sharing, and in the SharePoint Online cloud, giving access to resources is a bit different than the traditional method of giving a user or group access to something. In SharePoint Online access is primarily controlled via Access Links which can b…
Webinar Preview: Back to “The Basics” – Pragmatic advice from Gavin Ashton, author of “Maersk, me, & notPetya”
Part 3 – Privileged Access
This is the final installment of a three-part series on Maersk, me, & notPetya, a blog post by Gavin Ashton about his experiences responding to and recovering from the NotPetya ransomware outbreak at Maersk. If you’ve missed Part 1 or Part 2, give them a quick read!
At the root of this attack, and so many before it lies …
If you are a security analyst, engineer, admin, or otherwise responsible for protecting the personal and private data of employees and customers – the following 3 statistics should frighten you.
The frequency of insider threats incidents has increased by 47% in the past two years – the Ponemon Institute Disgruntled employees rank in the top 5 contributors for insider data breaches according to Verizon. Somewhere between 20 and 30 mil…
Part 2 – Active Directory
This is the second part of a three part series on Maersk, me, & notPetya, a blog post by Gavin Ashton about his experiences responding to and recovering from the NotPetya ransomware outbreak at Maersk.
Not everyone realizes that in the last several years ransomware has made significant advances in its ability to not just infect a single computer, but to also pivot from that computer and infect other workstations and servers. Following a common pattern …
There are actually four (4) ProTips in this blog (Click below to go to one you want):
Multiple Policy Registration in StealthINTERCEPTManaging StealthINTERCEPT via PowerShellEditing StealthDEFEND Investigations the Lazy WayCategorize StealthDEFEND Playbooks to Reduce Clutter
Multiple Policy Registration in StealthINTERCEPT
The capability has long existed in StealthINTERCEPT to have a single policy with multiple event registrations. There are particular situations when you need …
Cyberattacks and data breaches are simply too common, with nearly 4,000 confirmed data breaches reported in the latest 2020 Verizon Data Breach Investigations Report. Recent news demonstrates Active Directory (AD) is under heavy attack from adversaries of all types, including nation-state sponsored and organized cybercriminal groups alike.
June 17, 2020 – North Korea’s state hackers caught engaging in BEC scams
“We found that the attackers queried the AD (Active Directo…
Kerberos Explained
Kerberos is an authentication protocol enabling systems and users to prove their identity through a trusted third-party. The protocol was initially developed at the Massachusetts Institute of Technology (MIT) as part of a larger project called Project Athena. Project Athena was a joint initiative of MIT, Digital Equipment Corporation, and IBM to build a distributed computing environmen…
Europe’s top court, the Court of Justice of the European Union, recently struck down the EU-US data privacy arrangement known as Privacy Shield, which many organizations rely on when transferring data from the EU to the United States.
Privacy Shield was enacted in 2016 to replace the Safe Harbor Privacy Principles, which was declared invalid by the same court in 2015. In addition to replacing Safe Harbor, it aimed to protect the fundamental rights of anyone in the EU whose personal da…