Blog

Phishing: GDPR exploited as a human vulnerability

GDPR phishing campaigns| On May 25th, the General Data Protection Regulation (GDPR) came into force, meaning from then on, companies have to fully comply with it. The GDPR has implemented new rules regarding consent of the use and hold of personal data; companies might have to ask it (again) if they did not have it as properly defined by the European regulation. “This is why you received tons of GDPR mails last week.” GDPR: with massive…

Read more

Malware lifecycle: process of a cyber attack

It is a basic statement: the better security gets, the fancier the cyber attack processes become. Applied to cyber criminality, it means attackers follow advanced process to reach their objectives. The analysis of the attack process enables the defender to anticipate the behavior of the attacker and to possibly get one step ahead from him. Hence, several models have been developed by security companies to illustrate the lifecycle of an attack, with prevention and detection…

Read more

Dark web: the harmful business of medical data

How much does a Social Security Number cost? How much does a full medical report cost on the dark web? This article will have a look at the illegal traffic of medical data, some of the most demanded items on the dark web market. Over the past three years, this market has grown quickly; medical data are said to be by far more lucrative than financial data.   How do data end up on the…

Read more

Online spies: concerns, act and examples.

Why do people become spies ? Why do people spy on each other? Many motivations can be brought to consideration: money, intelligence, competition, lust. Privacy is one of the rights citizens demand the most but still, one that we respect the less. Technology applied to the cyberspace has brought up new ways for people to expose themselves and for spies to achieve their goals. Over the past few weeks, several incidents have proven that in…

Read more

Crypto rush: the criminal appeal of cryptocurrency

Treasure is no longer only gold or cash, but history seems to repeat itself  as the value of cryptocoins remains extremely attractive. The past week has been another illustration of how appealing crypto coins are also to criminals. Thus, it is no longer surprising that most ransomware demand payments in cryptocurrencies. New attack processes like cryptojacking, have been introduced over the past few months- making cryptocurrencies even more vulnerable in terms of cybersecurity. Today, we…

Read more

Threat Landscape Predictions 2018

Every day we work towards a better and safer future, but to do so, we need to understand what we can expect tomorrow. Below you will find 17 expectations that have been provided by the Malware Intelligence Team. The threat landscape that has been provided by MIT strongly focuses on network threats. 1. Cryptocurrency Cryptocurrency is used by cybercriminals to exchange or buy services and products. The fact that it is difficult to track cryptocurrency…

Read more

Puny: Funny or Just Plain Dangerous?

On April 14th, 2017 researcher Xudong Zheng published a Proof of Concept of a Punycode attack. This attack enables attackers to mimic legitimate domains such as PayPal.com. This blogpost was the starting point for the RedSocks Malware Intelligence Team to dig further into the subject and see if we could gather information about attacks in the wild.   Spoiler: we did. Vulnerable Domains to IDN Homograph RedSocks Security started an investigation to find websites vulnerable to…

Read more

RedSocks Security on HTTPS in 2017

Malware, on average stays hidden for 187 days. Now with the increased use of HTTPS, the chances are that the number of days will increase, meaning that it’ll take even longer before malware is detected. HTTPS provides encryption. It should ensure that network data being transferred is encrypted and therefore not readable by third-parties. This advantage has attracted the attention of cybercriminals and malicious insiders since this advantage allows them to increase their survival rate in an targeted environment – since they can…

Read more

De duistere kant van Booters en Stressers oftewel DDoS diensten

Booters of Stressers zijn diensten die vooral in de onderwereld van het hacken worden aangeboden. Dit zijn diensten die ervoor zorgen dat een bepaalde locatie op het internet heel veel verkeerd verkeer ontvangt, hieruit is de naam Stresser ontstaan. Deze dienst voert als het ware een test uit op een bepaalde locatie op het internet, om te kijken of deze veel dataverkeer aankan. Hoewel dit soort schijnbaar legale diensten vaak voor illegale doeleinden gebruikt worden,…

Read more

Nederlandse Servers gebruikt op aanval Amerikaanse State Election Systems

De FBI heeft een Flash Bulletin uitgegeven met daarin 8 IP-adressen die gebruikt zouden zijn tijdens de hack op het ‘state Board of Election Website’. Deze blog voorziet in meer achtergrondinformatie over deze IP-adressen. De 8 IP-adressen waar het om gaat zijn: – 185.104.11.154 – NL – K Servers Ltd – 185.104.9.39 – NL – K Servers Ltd – 204.155.30.75 – US – Fremont Hosting Solution Ltd – 204.155.30.76 – US – Fremont Hosting Solution Ltd…

Read more

WARNING: Massive Panda banking trojan spam campaign is currently active

If you have received an invoice in your mail, take extra care. The reason we warn you is the fact that in The Netherlands, we have spotted a massive spam campaign, that is using the Panda Banking Trojan to steal financial information. The spam campaign seems to use LinkedIn records as input for the target list, if this is truly the case – we can be certain that in the future we will see similar spam attacks,…

Read more

Waarschuwing: Nederland heeft last van spam mail

Sinds heden ochtend lijkt geheel Nederland last te hebben van een spam mail met als onderwerp: “Uw nota is nog niet betaald”. In vergelijking met gemiddelde spam is dit mailtje relatief gezien goed opgesteld. Het mailtje bevat de volgende informatie: Beste {{VOORNAAM ACHTERNAAM}}, {{FUNCTIE BINNEN BEDRIJF}}, {{BEDRIJFSNAAM}} Deze herinnering betreft factuurnummer {{RANDOM FACTUURCODE}}. De uiterste betaaldatum was {{DATUM}}. Het gaat om een bedrag van {{BEDRAG}} €. Gelieve het bedrag van de factuur te betalen. Ontvangst…

Read more

Everything you always wanted to know about malware detection, but were afraid to ask.

Everything you always wanted to know about malware detection, but were afraid to ask. How is malware detected? This is an example of a simple question that will require an answer which spawns into several sub-questions with accompanying answers before we can consider this question to be answered. First, we need to figure out in what ways we might encounter or ‘see’ malware during it’s travels in our networks and systems. And to make things…

Read more

RedSocks Labs: Malware Statistics March 2016

RedSocks gathers statistics of malware that have been analysed in the RedSocks Labs. As always, millions of malware samples have been analysed. In March, RedSocks analysed on average 425,531 new malicious files per day. Over 13 million new malicious files were analysed in March 2016 which is a 3 million increase compared to February 2016. Historically, RedSocks has been able to detect way more malicious files than top 10 Anti-Virus programs. In March 2016, top…

Read more

Cyber attack in Ukraine cut off 225000 people from electricity

Last year, in the month December, a cyber attack took place in Ukraine which impacted 225000 people, forcing them to be without electricity for a while. Now if we let this sink in, we have to realize that emergency services were not available, that people were forced to stay in a cold home, that alarm systems were not operating and that the complete country could have been set upside down in a couple of hours. The…

Read more

3 reasons why you should integrate breach detection into a SIEM solution

Author: Martin Tolboom, Sales Solution Architect / Security Consultant Many companies rely on a Security Information and Event Management (SIEM) solution to monitor and analyse security information and to detect security incidents and data breaches within their infrastructure. And yes, a SIEM solution is a very useful and powerful tool to implement a good security monitoring environment. Combining a SIEM solution with a good Breach Detection solution like RedSocks Malicious Threat Detection can strongly improve…

Read more

Cybercriminals use these WEAK PASSWORDS to exfiltrate stolen data

The art of hacking has become extremely simple in the last couple of years. In the past 10 years, hundreds of new remote administration tool builders were released to the public. The hacking (cybercrime) community took the code of Remote Administration Tools and made sure that the Remote Administration Tools would stay alive without the official developer – the community continued to work on RATs and as a result, we are still seeing RATs. “But…

Read more

RedSocks Lab: Bad Hoods, detection of unknown threats

Bad Neighborhoods Just as in the real world the internet also has “bad neighborhoods” whose streets are unsafe and where crime rates are higher than in other districts. Research into these internet neighborhoods can lead to better security solutions. For instance it has been discovered that the majority of the spam in the internet comes from just a couple of these bad neighborhoods. Cyber-attacks have also dramatically increased in severity and frequency leading to major…

Read more

My flow exporter speaks IPFIX; Is compatible with the RedSocks Malicious Threat Detector?

Rick Hofstede, Flow Export & Analysis Expert, RedSocks B.V. The IPFIX protocol moved to the Standards Track of the Internet Engineering Task Force (IETF) in September 2013 and the number of flow exporters supporting IPFIX is growing rapidly. So is the number of fields that can be exported using NetFlow or IPFIX. Besides the traditional fields that were already available in the NetFlow era, many more fields are being added by vendors for exporting all…

Read more

The security gap is growing in all networks, introducing egress monitoring

As witnessed by a variety of large breaches at Talk Talk,Vodafone, at Hilton and others, are evidence of the alarming security gap in almost all networks. Most security vendors focus on preventive technologies aiming to keep malware from entering your network, little attention has been given to the time period between the infection begins and when it is detected. The trick for controlling risks is to strike the right balance between prevention and detection. Introducing ‘egress…

Read more

Advanced attack detection: manual vs automated monitoring

Automation enables individuals to reduce the number of cyber attacks that occur as well as speeding up the time for attacks to be contained and remediated. Hence, it is critical that we move forward to automation, but most companies are still struggling with this. Following up on alerts manually generally requires 2-3 hours of remediation, thorough analysis on incident reports, money and an extensive knowledge about protocols. These aspects can be drastically shortened and improved…

Read more

T-Mobile Hack: Why you should be worried and take action

Author: Reza Rafati, Malware Research Analyst, RedSocks B.V. T-Mobile is one among many companies being targeted by hackers in recent times. Reportedly, T-Mobile USA became a victim of an incredible hack which resulted in the theft of 15 million T-Mobile customer records including Social Security numbers, addresses, customer names, birthdays as well as sensitive identification numbers. Social security number, addresses and phone numbers The criminal(s) responsible for the cyber-attack on T-Mobile can use the acquired…

Read more
RedSocks_beeld_blog_Probe

The RedSocks Probe: flow metering & export done right

Rick Hofstede, Flow Export & Analysis Expert, RedSocks B.V. RedSocks, a Dutch start-up company in the network security industry, has recently enhanced its product portfolio with a new product: the RedSocks Probe. In this blog post, I will elaborate on the unique features of the RedSocks Probe. Introduction Have you ever wondered whether your flow data is accurate? Or whether, and how much, data is lost by your flow exporter? You should. But before we…

Read more

Deep dive into attribution trove of Hacking Team

Attribution is probably one of the toughest things to deal with during a major Cyber Security breach, yet it is one of the most demanded skills. Earlier in the first incident response cases, attribution was based solely on IP address location. Even though proxy servers have been there all along, individuals, companies and researchers could easily get away with this type of attribution. Attribution and Advanced Persistent Threats Since recent years, and especially since the…

Read more

The backdoor policy fallacy

Here’s a story that may sound familiar to you, because it actually is. Picture Joe the contractor. Joe is just an average Joe, maybe like you and me…It was a sweltering day. The air shimmered over the concrete floor of the small construction site. Joe wiped his brow with the shirt he had taken off a few minutes earlier.He was pretty content with the progress he had made. Maybe one more day and the bricklayers…

Read more

Protecting your flow data: how to secure network flow data export and collection

RedSocks, a Dutch start-up company in the network security industry, has recently enhanced its product portfolio with a new product: the RedSocks Probe. In this blog post, I will elaborate on the unique features of the RedSocks portfolio in general and the RedSocks Probe in particular, which make a great leap forward in the context of secure network flow data export and collection. Introduction Network flow monitoring has become one of the most popular approaches…

Read more

RedSocks adopting the STIX and TAXII standards

Here at RedSocks one of our main subjects during conversations, development discussions and at the board level is about the subject privacy. Since the appearance of Edward Snowden, privacy is the main subject that is changing the build fundamentals of the internet. Fundamental parts of the internet get rebuilt, rechecked and new (mainly encryption) standards get adopted very quickly. Where as a messenger service in the past had to be reliable and quick, it now…

Read more