Blog

Solve Your Healthcare Security Challenge Using Next-Gen SIEM

Published on June 3, 2019

Healthcare organizations are aware of the extremely sensitive nature of, and consequently the importance of, protecting patient data. Due to the value of personal health information (PHI), healthcare organizations are under attack from both external and internal threats. External attackers, drawn by the monetary value of PHI, employ increasingly sophisticated...

Securonix Threat Research: Detecting LockerGoga Targeted IT/OT Cyber Sabotage/Ransomware Attacks

Published on April 9, 2019

By Oleg Kolesnikov and Harshvardhan Parashar, Securonix Threat Research Team Updated April 30, 2019   Figure 1: LockerGoga Targeted Malicious Cyber Sabotage/Ransomware Implant in Action   Introduction The Securonix Threat Research Team has been closely monitoring the LockerGoga targeted cyber sabotage/ransomware (TC/R) attacks impacting Norsk Hydro (one of the largest...

Threat Hunting Architecture

Published on March 27, 2019

By Rohit D. Sadgune, Senior Security Solution Engineer, Securonix   Introduction Threat hunting is an essential skill for organizations with mature security operations centers. In this blog I will lay out an essential framework for the two different classifications of threat hunting as well as several threat hunting models that...

Why accurate attack attribution is critical in cybersecurity

Published on February 22, 2019

  By Igor Baikalov, chief scientist at Securonix   Read this article on SC Magazine UK   The Internet favours anonymity by design. Despite being an obvious boon to cybercriminals and terrorists, anonymity has long been touted to be a worthy price to pay for supporting the foundations of democracy: privacy...

Securonix Threat Research: Detecting Persistent Cloud Infrastructure/Hadoop/YARN Attacks Using Security Analytics: Moanacroner, XBash, and Others

Published on January 24, 2019

By Oleg Kolesnikov and Harshvardhan Parashar, Securonix Threat Research Team   Figure 1: Moanacroner Establishes Persistence After Initial Cloud YARN/Hadoop Infection Using Crontabs   Introduction In recent months, we have been observing an increase in the number of automated attacks targeting exposed cloud infrastructure/Hadoop/YARN instances. Some of the attacks we...

The Top Seven Cybersecurity Horrors

Published on October 31, 2018

…and how to protect yourself It’s Halloween! And before the night exposes the horrors from the netherworld, most of us still have to get through the wacky costumes at work. Just the same, the cybersecurity demons do not slow down, and our SOC superheroes must continue to save the world...

Securonix Threat Research: British Airways Breach: Magecart Formgrabbing Supply Chain Attack Detection

Published on October 29, 2018

By Oleg Kolesnikov and Harshvardhan Parashar, Securonix Threat Research Team Updated November 6, 2018   Figure 1: Magecart modernizr-2.6.2.min.js Obfuscated Formgrabbing Payload from British Airways Attacks   Introduction The data breach suffered by British Airways earlier this year affected around 380,000 customers and resulted in the theft of customer data...

Securonix and Cylance: End-to-End AI-Enabled Security Intelligence and Threat Prevention

Published on October 11, 2018

Suspicious activity on the endpoint is usually an indicator that a larger cybersecurity threat or attack is occurring. Your users are continually targeted by various attacks–phishing, malicious websites, session-based attacks and more—that end up playing out on the endpoints inside your organization. While understanding anomalous behaviors on your endpoints is...