BLOG

July 8, 2022

TRITON’s Tactics and Techniques in the Enterprise domain + mitigations – Part 3

In part 3 of the TRITON tactics and technics series come the Defense Evasion techniques which seek to help the malware bypass defensive tools’ detection. These techniques have been mapped by MITRE ATT&CK in their universally renowned knowledge base of adversary tactics and techniques based on real-world observations. As a reminder, TRITON malware was first identified during an attack on a Saudi Arabian petrochemical plant facility in the year 2017 and it targets Schneider Electric’s Triconex Tricon controllers.

TRITON’s Tactics and Techniques in the Enterprise domain + mitigations – Part 7

06.07.2022

TRITON malware was first identified during an attack on a Saudi Arabian petrochemical plant facility in the year 2017 and it targets Schneider Electric’s Triconex Tricon controllers. This was the first time in history that safety instrumented systems were targeted with the intention to fail, potentially leading to serious damage to property and humans. TRITON’s toolbox contains eleven of the fourteen tactics mapped by MITTRE ATT&CK Matrix for Enterprise, the universally renowned knowledge base of adversary tactics and techniques based on real-world observations.

TRITON’s Tactics and Techniques in the Enterprise domain + mitigations – Part 2

02.07.2022

Today comes part 2 of the tactics, techniques, and specific threat actor activities as well as detection & mitigations for the TRITON malware in the Enterprise domain. According to the ATT&CK matrix, after the malicious actor had established initial access to the targeted environment, their next step is the Execution phase, during which, the rogue actor creates his own accounts in the compromised system. This is then followed by the Persistence phase of operations enabling the actor to remain in the system.

Software Defined Network Security Benefits

27.06.2022

What is SDN? Traditional networking uses integrated hardware and software to direct traffic across a series of routers and switches. Originally SDN was designed to virtualize the network by separating the control plane that manages the network from the data plane where traffic flows. There is a smart controller running specialized software that manages all network traffic in the data centre, and a series of routers and switches that forward packets of traffic.

Software Defined Network Security Benefits

13.06.2022

Social Media is a nearly unlimited pool of information about its users. For starters, there is a multitude of information available on social media platforms that the users provide willingly with premeditation but sometimes it seems they do so with little awareness of how this information can be used and abused. SM accounts are an Eldorado for social engineering hackers who can use this information to design effective phishing campaigns – after all, if one knows what makes you tick, then one can make you click in a spontaneous reaction to a received message.

Everyday Network Security – Part 2

07.06.2022

Continuing from last week on the topic of making a network secure for everyday use, the following recommendations are worth considering: Manage your SSID Change your network name SSID stands for Service Set Identifier and for the sake of simplicity we can call it the WiFi name, i.e. the name assigned to your router. This name is usually set by the manufacturer and usually is a generic name of a type of router.

Denial of Service & Distributed Denial of Service Attacks & Mitigation

05.06.2022

What is a denial-of-service attack? A denial of service (DoS) attack is designed to overwhelm the system’s resources to the extent that it is unable to respond to legitimate service requests. Affected services may include email, websites, online banking, and many other types of services. These are known as “denial of service” attacks because the victim’s site is unable to provide services to those legitimate customers who are unable to access it since the target site is flooded with illegitimate access requests.

Everyday Network Security – Part 1

31.05.2022

It will probably come as no surprise and is common knowledge by now that every klick you make online can be watched, logged, analysed, aggregated, and sold for profit. Depending on where you live, ‘Big Brother’ can use this information truly oppressively, and malicious actors can misuse it for nefarious activities. One of the areas of keeping your information secure and preventing prying eyes from collecting too much information about you is properly configuring and using your network connection.

TRITON’s Tactics and Techniques in the Enterprise domain + mitigations – Part 1

26.05.2022

Today we continue looking at the tactics, techniques, and specific threat actor activities as well as detection & mitigations for the TRITON malware in the Enterprise domain. As the Tactics deployed by TRITON’s operators cover almost all of the Tactics mapped by ATT&CK we decided to divide the original source provided by the Cybersecurity and Infrastructure Security Agency into several parts. As a reminder, TRITON malware was first identified during an attack on a Saudi Arabian petrochemical plant facility in the year 2017 and it targets Schneider Electric’s Triconex Tricon controllers.

Sensible computing

23.05.2022

95% of cyber security breaches are caused by human error, according to the 2020 IBM Cyber Security Intelligence Index Report. Below is a list of good computing practices to help you reduce the risk of falling victim to computing fraud. Verify Recipients Emails are easy for an attacker to spoof, making it a very common practice for the malicious actor. As a result, whenever you receive a request via email to take a sensitive action, first verify that the sender is authentic, and when possible, enter the URL yourself (rather than clicking a link in the message)