Sqrrl Blog

Jan 14, 2016 4:22:06 PM

Living On an Exponential Curve of Breaches

Guest Blog by Richard Stiennon, Chief Research Analyst at IT-Harvest

Most of us live in the moment and most of us have trouble getting the big picture from the flood of breach announcements throughout the year. Anthem, Ashley Madison, OPM, all shocked us. After all these years how could large organizations be so ill protected against what are invariably unsophisticated attacks?

Read More

Topics: Malware, Data Breach, Cyber Threat Hunting, Security Analytics

Nov 17, 2015 10:39:00 AM

Cyber Incident Matrix: Penn State

Complexity Score: 4
Severity Score: 2
How did we get these numbers?

Incident Summary

  • What was breachedPennsylvania State University's School of Engineering

  • Delivery: September 2012

  • The Attackers: Offshore entities, at least one located in China

Overview:

In November of 2014, the FBI alerted Penn State administrators that they had suffered a breach by a foreign entity. After several weeks of forensic analysis, it was determined that key machines inside the Penn State School of Engineering had been breached, containing the usernames and passwords of 18,000 university faculty, staff, and students. Several of the breached machines also contained PII, but there is no evidence to suggest that this information has been used maliciously.

Read More

Topics: Malware, Data Breach, Cyber Incident Matrix

Aug 11, 2015 8:00:00 AM

Cyber Incident Matrix: Kaspersky

Severity Score: 2
Complexity Score: 10
How did we get these numbers?

Incident Summary:

  • What was breached: Several internal R&D related Systems of Kaspersky Lab

  • Delivery: Unknown - Spring 2015

  • The Attackers:  Unnamed Nation State

Overview:

On June 10th, 2015, Russia-based security firm Kaspersky Lab announced that their systems had been infiltrated by a hyper-advanced previously undiscovered form of malware known as Duqu 2.0, the next generation of the Duqu trojan, or the “cousin” of Stuxnet. According to Kaspersky Lab, they were not the only target of the attack, as Duqu 2.0 was also deployed to spy on the 2014-2015 P5+1 talks, the new Iran Nuclear talks, and a conference commemorating the 70th Anniversary of the liberation of Auschwitz-Birkenau.

Read More

Topics: Malware, Data Breach, Duqu 2.0, Indicators of Compromise

Dec 1, 2014 8:30:00 AM

BlackEnergy: Mitigation with Big Data Analytics

By George Aquila

The botnet builder interface of an earlier variant of BlackEnergyThe botnet builder interface of an earlier variant of BlackEnergy 

The Lurking Threat

In late October, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued a formal alert warning that it had “identified a sophisticated malware campaign that has compromised numerous industrial control systems,” including GE Cimplicity and Siemens WinCC platforms, from as far back as 2011. These are widely used to control and monitor critical infrastructure from gas pipelines to electrical grids, so the threat has prompted a rising concern in the energy community that systems across the country have been compromised and could be imminently threatened by malicious actors.

Read More

Topics: Accumulo, Hadoop, Big Data Security, Cybersecurity, APT Campaign, Malware

Oct 29, 2014 8:00:00 AM

The "Pawn Storm" Campaign and Dynamic Threat Detection

By George Aquila

An advanced and widespread malware campaign dubbed “Pawn Storm” was recently profiled in a white paper by security researcher Trend Micro. The campaign has reportedly been targeting and compromising a number of high value government and private sector defense systems across the world for the past several years.

Target and Scope
Read More

Topics: Cybersecurity, Breach Detection, APT Campaign, Malware