Mitigating Cyber Risks With Faster Threat Intelligence
December 23, 2020
Infoblox helps enterprises react quickly to potential security breaches
By Michael Zuckerman, Product Marketing Manager, Infoblox
A very well-known electronics firm was in the news last August as an alleged and unfortunate victim of a Maze ransomware attack. This attack involved various services, including their corporate e-mail, U.S. website, and other internal applications. It seems very apparent that this attack was delivered using the Maze ransomware toolset. A few weeks earlier, two other prominent electronics and technology companies were also allegedly the victims of Maze ransomware.
The Maze threat group and their Maze ransomware have been out there since their discovery in May 2019. On Oct. 29, 2019, the Infoblox Cyber Intelligence Unit (CIU) detected a campaign distributing Maze ransomware to Italian-speaking users. Maze ransomware in this scenario was delivered using e-mails or exploit kits such as Fallout and Spelevo.
Early on, there was no publicly available decryption tool for Maze ransomware. The private key needed to decrypt the files was solely available from the Maze threat actors. You can see some of our threat intelligence on this and our notes on vulnerabilities and mitigations related to Maze here.
****************************************************************
Sign Up for Infoblox Cyber Threat Reports Today
Infoblox’s Cyber Intelligence Unit publishes regular reports that contain a wealth of information on threats, notices, and updates. These reports provide context and insight into notable threats recently observed, detailed analysis on advanced malware campaigns, and analysis of attacks featured on the news. Subscribe to Infoblox Threat Intelligence.
****************************************************************
What Can You Do With Threat Intelligence?
Infoblox Threat Intelligence research has been able to highlight likely threats, sometimes early in their lifecycles. This data works best when enterprises have the organizational processes and tools to assess it and act upon it promptly. The rapid resolution of open questions is essential. Is this attack likely for an industry? A geography? Businesses of a certain size? Can the IT team handle this new type of attack? What tactics and techniques are the threat actors using? What are the indicators of compromise (IOCs) that the IT team needs to be aware of? What threat group do the IOCs point to? Can the IT team successfully detect, mitigate, and rapidly recover from this attack?
The need for speed in all facets of defense and mitigation is real. Organizations need to get inside the attacker’s decision cycle and gain the advantage. The goal is to bring cyberdefenses to the highest level – ideally, ahead of prospective attackers’ offenses. Improving defenses requires a deep understanding of the technology and techniques that threat actors use, or might use. Threat intelligence is an essential part of the defensive toolset, helping IT teams to detect, mitigate, and protect against cyberattacks.
Infoblox Threat Intelligence for Faster Threat Detection
In the age of teleworking, it’s important that organizations level up their pre-emptive measures to detect and mitigate rapidly growing threats. Infoblox, a pioneer in providing insightful threat intelligence, has come up with a few exceptionally useful tools that help organizations stay ahead of attackers. While the complete Infoblox Threat Intelligence product suite is relevant in the current scenario, partners and enterprises can get an easy head start by exploring the Dossier Threat Research Tool, which promises faster threat detection.
Threat intelligence is a critical weapon for modern enterprises. Much of the information about the threat actors and their tools that an organization is likely to face can be gathered with the right threat intelligence tools. A strong stance with relevant, fast threat intelligence helps organizations make the best decisions to reduce exposure to any potential attack and to rapidly detect, mitigate, and recover from an ongoing attack.
Michael Zuckerman is a seasoned B2B product marketing and marketing strategy consultant with experience in the cybersecurity and enterprise SaaS software markets. Zuckerman’s domain experience in cybersecurity over the past five years includes container security, moving target defense, network threat analysis (AI), sandbox, deception technology, continuous security validation, cloud access security brokers, AI based SIEM, secure collaborative governance, and related technology sets that include data loss prevention (DLP), user and entity behavior analytics (UEBA), and encryption.
The Maze threat group and their Maze ransomware have been out there since their discovery in May 2019. On Oct. 29, 2019, the Infoblox Cyber Intelligence Unit (CIU) detected a campaign distributing Maze ransomware to Italian-speaking users. Maze ransomware in this scenario was delivered using e-mails or exploit kits such as Fallout and Spelevo.
Early on, there was no publicly available decryption tool for Maze ransomware. The private key needed to decrypt the files was solely available from the Maze threat actors. You can see some of our threat intelligence on this and our notes on vulnerabilities and mitigations related to Maze here.
****************************************************************
Sign Up for Infoblox Cyber Threat Reports Today
Infoblox’s Cyber Intelligence Unit publishes regular reports that contain a wealth of information on threats, notices, and updates. These reports provide context and insight into notable threats recently observed, detailed analysis on advanced malware campaigns, and analysis of attacks featured on the news. Subscribe to Infoblox Threat Intelligence.
****************************************************************
What Can You Do With Threat Intelligence?
Infoblox Threat Intelligence research has been able to highlight likely threats, sometimes early in their lifecycles. This data works best when enterprises have the organizational processes and tools to assess it and act upon it promptly. The rapid resolution of open questions is essential. Is this attack likely for an industry? A geography? Businesses of a certain size? Can the IT team handle this new type of attack? What tactics and techniques are the threat actors using? What are the indicators of compromise (IOCs) that the IT team needs to be aware of? What threat group do the IOCs point to? Can the IT team successfully detect, mitigate, and rapidly recover from this attack?
The need for speed in all facets of defense and mitigation is real. Organizations need to get inside the attacker’s decision cycle and gain the advantage. The goal is to bring cyberdefenses to the highest level – ideally, ahead of prospective attackers’ offenses. Improving defenses requires a deep understanding of the technology and techniques that threat actors use, or might use. Threat intelligence is an essential part of the defensive toolset, helping IT teams to detect, mitigate, and protect against cyberattacks.
Infoblox Threat Intelligence for Faster Threat Detection
In the age of teleworking, it’s important that organizations level up their pre-emptive measures to detect and mitigate rapidly growing threats. Infoblox, a pioneer in providing insightful threat intelligence, has come up with a few exceptionally useful tools that help organizations stay ahead of attackers. While the complete Infoblox Threat Intelligence product suite is relevant in the current scenario, partners and enterprises can get an easy head start by exploring the Dossier Threat Research Tool, which promises faster threat detection.
Threat intelligence is a critical weapon for modern enterprises. Much of the information about the threat actors and their tools that an organization is likely to face can be gathered with the right threat intelligence tools. A strong stance with relevant, fast threat intelligence helps organizations make the best decisions to reduce exposure to any potential attack and to rapidly detect, mitigate, and recover from an ongoing attack.
Michael Zuckerman is a seasoned B2B product marketing and marketing strategy consultant with experience in the cybersecurity and enterprise SaaS software markets. Zuckerman’s domain experience in cybersecurity over the past five years includes container security, moving target defense, network threat analysis (AI), sandbox, deception technology, continuous security validation, cloud access security brokers, AI based SIEM, secure collaborative governance, and related technology sets that include data loss prevention (DLP), user and entity behavior analytics (UEBA), and encryption.