May 2018

  1. Gain Enterprise attack visibility using deception

    Using Deception to Gain Enterprise IoT Attack Visibility

    Thursday, May 31, 2018
    The main lessons from attacks against Internet of Things (IoT) devices are to change default usernames and passwords, use longer passphrases to avoid brute force attacks, and make sure devices have enough memory for firmware and kernel updates to remove vulnerabilities or service backdoors, plus... READ MORE
  2. GitHub- Danger in Plain Sight

    GitHub - A Cyber Danger in Plain Sight

    Monday, May 21, 2018
    While researching lateral propagation password use in our Deception module, Fidelis Cybersecurity found a surprising number of passwords publicly available. We continued to investigate by pivoting on what we found and uncovered vast caches of passwords. These password lists are publicly available,... READ MORE
  3. Technical Updates on Gozi V3

    Gozi V3 Technical Update

    Thursday, May 17, 2018
    In 2017 Gozi was updated[1] to include protections of the onboard configuration known as INI PARAMS[3]. That update was likely in response to an excellent article written by @maciekkotowicz[2], or possibly because infection rates had dropped due to increased coverage through various IOC extraction... READ MORE
  4. Deception Deployment Strategies

    Deception Deployment Strategies: Containment versus Detection 

    Wednesday, May 9, 2018
    Deception discussions often lead to honeypots and then some level of confusion begins. Add in an array of acronyms for deception including: breadcrumbs, decoys, traps, beacons, canaries and tarpits – and most people new to the topic see another security research project.  Deception technologies ... READ MORE
  5. Evolving from honeypots to active deception defenses

    From Honeypots to Active Deception Defenses

    Thursday, May 3, 2018
    A very frequent response when mentioning deception is a reference to honeypots in the realm of cyber security defenses.  Yes, modern deception defenses are derived from honeypots and understanding the evolution of this valuable defense is the focus of this blog.  The basic concept of honeypots are... READ MORE
  6. A review of the current state of the Emotet Spreader

    Emotet Update

    Tuesday, May 1, 2018
    Last year Fidelis Cybersecurity posted an update to our previous research on the Emotet spreader module(7). Our analysts continue to monitor this threat however, due to ongoing Emotet activity recently, the Fidelis Threat Research Team recently dedicated some time to checking out an updated sample... READ MORE