Blog: RSA Research & Innovation

Innovating ahead of the market and offering the latest threat intelligence on the ever-expanding attack surface.

  • 12/4/2017 - Anatomy of an Attack: CARBANAK Throughout 2017, RSA Incident Response has observed new TTPs associated with the CARBANAK threat actor group. These TTPs show an increase in situational awareness, organization, and attacker forensic discipline. Discover these new TTPs in detail and the methods used by RSA Incident Response to effectively neutralize them.
  • 11/22/2017 - The Carbanak/Fin7 Syndicate: A Historical Overview Of An Evolving Threat While Carbanak/Fin7 may use APT-style tactics and demonstrate persistence, RSA Research does not consider them to be an APT. Read the full report to understand why.
  • 11/2/2017 - Blockchain: the New Crutch for Fraud Blockchain is no longer used solely for cryptocurrencies such as Bitcoin; fraudsters are now adopting this technology to host their websites and use blockchain-based DNS in order to make their websites bulletproof.
  • 10/10/2017 - RSA Labs: The Next Generation RSA Laboratories has been in existence since the early '90s when it was the resource for Cryptography Research and Education. The RSA Labs organization has since evolved, even going underground for a period of time, to re-emerge now with a renewed mission and purpose for RSA.
  • 7/28/2017 - Operational Rhythm at the Black Hat 2017 NOC By Matt Tharp Operational rhythm is the term for the nebulous flow of information between parts of a team that makes it so effective. Who needs what, and when to be successful? In the Black Hat NOC, we have very little time to establish such a rhythm. However, a process for distributing critical information isn’t...
  • 7/25/2017 - Black Hat NOC 2017: CAN YOUR SIEM DO THIS? Setup of the Black Hat NOC is an exciting time. The entire network infrastructure is dropped in place at Mandalay Bay. Multiple Black Hat NOC teams work long hours to get the network in place, configured and tested. The attention then turns to the NOC setup where the infrastructure is tied together. RSA, one of...
  • 7/18/2017 - Demand More from Your SIEM By Mike Adler, VP Product, NetWitness Suite If you’re like a lot of IT security professionals, you’ve always been able to rely on your SIEM to provide log data for threat detection. But that’s just not enough to keep up with all the new threats from new sources that are bombarding organizations today. Can your...
  • 7/17/2017 - Hypothesis in Threat Hunting Today’s threat landscape requires organizations to operate more proactively to keep up with advanced and persistent threats. There is no doubt that the practice of threat hunting has emerged as a key capability to detect stealthy threat actors trying to gain access to the organizational IT infrastructure by evading traditional security measures. Hunting aims to...
  • 7/5/2017 - Cat-Phishing Hackers for Fun and Profit On June 14th, 2017, a new variant of ZXShell appears to have been uploaded from the Marmara region of Turkey. The Trojan itself is well known and contained x32 and x64 rootkits. This blog describes the functionality of ZXShell, as well as the associate rootkits. The Trojan source code is available here. Metadata File Name:...
  • 6/28/2017 - Detecting "Petya/NotPetya" with RSA NetWitness Endpoint and RSA NetWitness Packets By Alex Cox, Christopher Elisan and Erik Heuser, RSA Research A Ransomware variant known as “Petya/NotPetya” began making the rounds on June 27, 2017. This ransomware takes a different approach to denying access to the victim’s files. Instead of the usual displaying of a message and letting the victim browse to really see that the...