NetFlow NinjasTM Blog

Tag: Malware

Lessons Learned from the New York Times Hack

POSTED BY Jessica Clark on 02.01.2013  |  0 comments
Unfortunately, The New York Times is not the only organization that has been the victim of a sophisticated, targeted attack of this nature, and it certainly will not be the last as regular drum beat of these kinds of incidents has been reported over the past few years. In order to combat these new and constantly evolving threats, defensive techniques need to adapt. READ MORE
CATEGORIES In The News, Integrations, NetFlow, Network Performance Monitoring, Network Security, Network Visibility, StealthWatch, Virtualization
TAGS stealthwatch, netflow, lancope, network security, network visibility, malware, apts, incident response, insider threat, data loss, threat intelligence, botnets, data exfiltration, network visibiility, internal monitoring, concern index, cyber threat defense, network threats, zero-day, cyber espionage, state-sponsored attacks, data breach, cyber threats, internal malware, borderless network visibility, government, user behavior

Trouble At The Watering Hole

POSTED BY John Pierce on 01.11.2013  |  0 comments
Now that education campaigns and digital Darwinism have reduced the number of people who fall for phishing attacks, attackers are increasingly co-opting legitimate sites and using them to spread their malware. READ MORE
CATEGORIES General Interest, Network Security
TAGS network security, network visibility, malware, targeted attacks

Nothing to See Here

POSTED BY John Pierce on 01.04.2013  |  0 comments
You can’t trust an infected host. Once an attacker has obtained root access either manually or with malware- they can potentially control all aspects of the machine. Everything you see on the system can be a lie- logs, processes, files, registry entries, and now the contents of the system’s memory. Dementia is a proof of concept and not intended to actively hide malware, but now that the technique has been proven, we may see this in the wild shortly. READ MORE
CATEGORIES Network Security
TAGS network visibility, malware, forensics

APTs – The Usual Suspects are Becoming More Unusual

POSTED BY David Brooks on 11.29.2012  |  0 comments
Cyber espionage is on the rise; not just in terms of frequency, but in terms of distribution. Just because the attack is rudimentary makes it no less of a threat. Pervasively enabling NetFlow throughout an organization not only provides visibility without the need to deploy expensive probes, but NetFlow-based network forensics goes hand-in-hand with detecting APTs and keeping your network safe. READ MORE
CATEGORIES FlowSensor, NetFlow, Network Security, Network Visibility, StealthWatch
TAGS stealthwatch, netflow, lancope, network security, network visibility, malware, apts, forensics, zero-day, cyber threats, rats, rudimentary attacks, network forensics

Are My Computers for Rent?

POSTED BY Charles Herring on 11.07.2012  |  0 comments
In a recent blog entry, Brian Krebs revealed that a Russian-based service is selling the IP addresses, usernames and passwords of computers inside organizations including Fortune 500 companies using the Remote Desktop Protocol (RDP). In the comments section, some readers asked how they can check if their servers are listed in the service’s database. While there certainly is merit in that type of diligence, they could better answer that question by reviewing their own network surveillance data. It is a question that intelligent analysis of enterprise NetFlow/IPFIX can quickly answer. READ MORE
CATEGORIES About Lancope, General Interest, IPFIX, NetFlow, Network Visibility, StealthWatch, Virtualization
TAGS netflow, network security, network visibility, malware, policy management, stealthlabs