Manage Digital Risk
Address Critical Business Needs
Kingslayer - A Supply Chain Attack
Today, RSA is publishing new research on a sophisticated software supply-chain attack – dubbed “Kingslayer”. RSA Research investigated the source of suspicious, observed beaconing thought to be associated with targeted malware. In the course of their investigation, RSA discovered a sophisticated software supply-chain attack involving a Trojan inserted in otherwise...
Read more
Black Hat Asia NOC: Malware visibility
By Chris Thomas and Mike Sconzo In the Black Hat Asia NOC we worked to ensure the wireless network was available for presenters and attendees. As part of our monitoring, we kept an eye open for any malware present on the network. RSA NetWitness® Suite’s Malware Detection capabilities look for network sessions containing file-types typically...
SuperCMD RAT
On April 8th, an interesting DLL was uploaded from Canada to VirusTotal. What makes it interesting is that the detections on VirusTotal are mostly heuristics and do not settle on a single family. The malware is also configured to beacon to an RFC1918 internal IP address, however, the name 816db8a1916201309d2a24b4a745305b.virus indicates it was picked up...
The Realm of Threat Intelligence - Attack Scenarios and Use Cases
The three previous blogs in this series have covered Packet Analysis, Log Analysis and Threat Intelligence; this final article aims to bring all of this information into one cohesive solution for any SOC or Cyber Defence organisation. For further reading on this subject please see our presentation at last year’s RSA Conference in Abu Dhabi...
A Different Take on Keystroke Logging
On March 29th a file was uploaded to VirusTotal containing a fake Microsoft Update Authenticode certificate. Soon thereafter, RSA Research investigated the sample based on certain artifacts that matched those present on Shell_Crew malware RSA Research previously reported on. This Windows DLL file was compiled on October 28th, 2014 at 06:35:47 GMT (Table 1). File...
An Update on Terracotta VPN
An update on the Chinese VPN service Terracotta, research reported by RSA in August 2015. Linked to APT threat groups Deep_Panda / Shell Crew
Tales from the BlackHat NOC: Fish and Chips Edition
We’re in the first day of training at Black Hat Europe 2016, and once again – the RSA Black Hat NOC team is volunteering. This round, we’ll have more full packet capture, log analysis, session reconstruction, and analytics for both the wired and wireless networks provided by RSA NetWitness. Except this time, there is one difference (besides...
Tales from the Black Hat NOC: Setup in London
Arrival into London went without a hitch. I then took the train to Angel station and walked to the Business Design Center, which is my home for the next week, during the Black Hat Europe 2016. After walking through the doors and finding my way I was greeted by a room full of boxes. Time to...
Schoolbell: Class is in Session
by Kent Backman and Kevin Stear, RSA Research Backstory If a sophisticated exploitation campaign is broad enough, it will attract the attention of multiple threat researchers. Such is the case of the malicious, multi-faceted exploitation campaign and botnet RSA Research has dubbed “Schoolbell.” In this blog, RSA will build on existing industry research and dig...
Automate Detection and Detect Early with Leading Indicators
The ultimate goal of any security monitoring program or Security Operations Center (SOC) team is to automate threat detection, to detect earlier in the attack lifecycle and to stop the threat actors from achieving their desired objectives of disrupting their business or stealing their IP or money. “Automating Threat Detection”, sounds simple enough, but how...
Blog posts by category
Around RSA
Industry Perspectives
Products & Solutions
Securing the Digital World
The Language of Cybersecurity
Need help? Click on the button below to begin a chat session.
