1. Technical Updates on Gozi V3

    Gozi V3 Technical Update

    Jason Reaves |

    In 2017 Gozi was updated[1] to include protections of the onboard configuration known as INI PARAMS[3]. That update was likely in response to an excellent article written by @maciekkotowicz[2], or possibly because infection rates had dropped due to increased coverage through various IOC extracti … READ MORE

  2. Deception Deployment Strategies

    Deception Deployment Strategies: Containment versus Detection 

    Tom Clare |

    Deception discussions oftenleadto honeypots and then some level of confusion begins. Add in an array of acronyms for deception including: breadcrumbs, decoys, traps, beacons, canaries and tarpits– andmost people new to the topic see anothersecurity research project.Deception technologieswithin … READ MORE

  3. Evolving from honeypots to active deception defenses

    From Honeypots to Active Deception Defenses

    Tom Clare |

    A very frequent response when mentioning deception is a reference to honeypots in the realm of cyber security defenses. Yes, modern deception defenses are derived from honeypots and understanding the evolution of this valuable defense is the focus of this blog. The basic concept of honeypots are … READ MORE

  4. A review of the current state of the Emotet Spreader

    Emotet Update

    Jason Reaves |

    Last year Fidelis Cybersecurity posted an update to our previous research on the Emotet spreader module(7). Our analysts continue to monitor this threat however, due to ongoing Emotet activity recently, the Fidelis Threat Research Team recently dedicated some time to checking out an updated sampl … READ MORE

  5. Fidelis Deception now in the cloud

    Fidelis Extends Elevate Platform to Protect Cloud Assets with Active Deception

    Sam Erdheim |

    Cloud access credentials for AWS cloud accounts hardcoded and placed within containers make it all too easy for hackers to gain entry. We’ve all seen it in the news - businesses are falling victim to their AWS cloud assets being used to mine crypto currency. The benefit of cloud is agility, how … READ MORE

  6. Using Deception to gain IOT security awareness

    Using Deception to Gain Enterprise IoT Attack Visibility

    Doron Kolton |

    The main lessons from attacks against Internet of Things (IoT) devices are to change default usernames and passwords, use longer passphrases to avoid brute force attacks, and make sure devices have enough memory for firmware and kernel updates to remove vulnerabilities or service backdoors, plus … READ MORE

  7. Fidelis Blog: Five myths of deception defenses

    5 Myths of Deception Defenses

    Deception has been used for centuries to divert attacker attention and protect vital assets. In the Art of War, Sun Tzu said: “All warfare is based on deception. Hence, when we are able to attack, we must seem unable; when using our forces, we must appear inactive; when we are near, we must ma … READ MORE

  8. Fidelis Blog: Man Vs Machine Using Deception Defenses

    Man vs Machine Using Deception Defenses

    Doron Kolton |

    Originally published in Information Magazine on March 26, 2018. Machine automation provides leverage to attackers to scale out attacks beyond human capacity. However, machine analysis has its limits on the types of data it can assess compared to human capabilities. Recently Fidelis Cybersecurity … READ MORE

  9. Fidelis blog: A SOC under siege: alert fatigue

    A SOC Under Siege: How to Reduce Alert Fatigue

    Sam Erdheim |

    I recently sat down with a SOC analyst from a large e-commerce vendor who showed me his daily workflow. He walked through how he had different data sources pumping into his SIEM, which spit out lots of alerts. Then he walked through a few examples, starting with the alert from the SIEM and then … READ MORE