Antigen Security – Cyber Pathogenesis Series – Analyzing a Lockbit 2.0 Ransomware Attack
Case Summary The Lockbit gang stands out among other ransomware-as-a-service peers for its sophistication relative to other RaaS gangs and affiliate operators. The ransomware itself could accurately be described as a semi-automated malware toolset capable of antiforensics, defensive evasion, network discovery, automated lateral movement and data exfiltration. Moreover, its affiliate operators have a reputation for […]
Antigen Security – Proactive Guidance – Patching & Vulnerability Management – November 2021
Patch Tuesday November 2021 Microsoft – https://msrc.microsoft.com/update-guide/vulnerability Microsoft has released its November 2021 Patch Tuesday Advisory. We have six vulnerabilities classified as critical in nature with two additional vulnerabilities that have been detected as being exploited in the wild. Three vulnerabilities are rated as “Exploitation More Likely”, which imply that these products are well targeted […]
Antigen Security – Cyber Pathogenesis Series – There and Back Again: A Conti Story
Conti consistently ranks among the more successful Ransomware-as-a-Service gangs in the game. Also known as FIN12 and Wizard Spider, the Saint Petersburg, Russia-based gang has gained notoriety for extorting millions from their victims most notably those in the Healthcare sector. Antigen Security was contracted to perform a compromise assessment and recovery of a ransomware victim company belonging to the North American manufacturing sector. Even post-encryption, extensive disk evidence was available for all server infrastructure and firewall logs. The aim of this […]
Antigen Security – Breach Preparation 101 Series – Crafting your Incident Response Plan
Measure twice, cut once – true when building anything, especially incident response plans. Whether you are building an Incident Response Program from the ground up, or revising an existing plan there are a few things we need to make clear prior to diving into a tabletop exercise or live incident. There were a number […]
Antigen Security – Cyber Pathogenesis Series – Proxy War Without End
Welcome to the inaugural installment of Cyber Pathogenesis, Antigen Security’s new cyber threat intelligence series! This series aims to provide actionable information on the modern cybersecurity threat landscape for both network defenders and classic IT practitioners alike. “For what can war, but endless war, still breed?” – John Milton The cybersecurity industry has […]
Antigen Security – Breach Preparation 101 Series – Crafting your Incident Response Policy
Building an effective Incident Response Program often begins by discussing and setting the right expectations and guidelines for activities. A good way to begin forming your organization’s approach to this centers on an often-forgotten element of your Incident Response Program: your Incident Response Policy. When discussing with your executive team/decision makers on this area […]
