The Cybercrime-as-a-Service Economy has created parity between the capable hacker gang, and ordinary aspiring criminals armed with mere credit cards. These perpetrators could be in it just for the money,...
McAfee product coverage and mitigations for malware or indicators associated with the recent attacks (a.k.a. Dragonfly, Energetic Bear, Havex/SYSMain) on industrial control systems (ICS's) are listed below.
Endpoint Security, Part 1 of 5: The Risk of Going Unprotected
Making a business case for investments in information security has never been easy. We make these types of investments to protect against...
Spear phishing email is a major worry to any organization. Messages that appear legitimate and specific fool us more often than random phishing attempts. Exploits that use patched vulnerabilities delivered via spear phishing email are one of the most successful combinations used by attackers to infiltrate targeted organizations and gain access to confidential information. During […]
The Dofoil downloader (found in the wild since 2011) occasionally updates itself with new features and encryption techniques to hide communications with its control servers. The latest iteration uses a variation of XOR and RC4 algorithms similar to previous variants to encrypt the list of control servers within the binary and encrypt all traffic with […]
McAfee product coverage and mitigations for malware or indicators associated with the recent attacks (a.k.a. Dragonfly, Energetic Bear, Havex/SYSMain) on industrial control systems (ICS’s) are listed below. The Havex remote access tool is common across these associated attacks or campaigns–including Dragonfly. We have seen Havex in ICS-specific targeted campaigns. It can detect and affect ICS- […]
Every organization has deployed anti-virus/anti-malware solutions, but how much you have actually reduced your risk? To recap what we’ve covered in this 5-part blog series, Aberdeen’s analysis and Monte Carlo modeling: Confirms the high risk of unprotected endpoints Demonstrates that endpoint protection really does reduce risk Confirms that “free” endpoint protection (e.g., Microsoft) is better […]
If you’re just tuning in, this is the fourth in a series of blogs about understanding the risk of endpoint security, preceded by: Endpoint Security: The Risk of Going Unprotected Endpoint Security: Yes, Anti-Virus Really Does Reduce Risk Endpoint Security: Why “Free” A/V is Better Than Nothing By now, the approach to substantiate the statement […]