Posts

Dark side ransomware on colonial pipeline network

Image
We all know about the recent ransomware attack on Colonial pipeline. With regard to this, let us try to understand what happened exactly: About the firm: The largest refined products pipeline in the US, it is involved in transporting over 100 million gallons of fuel across their corridors. The recent ransomware attack against colonial pipeline's networks led to an emergency declaration in 17 states and the district of Columbia across 5,500 miles of fuel pipeline Let’s understand about Darkside ransomware Darkside is a relatively new ransomware strain that made its first appearance in August 2020. It follows RaaS (ransomware-as-a-service) model. It follows a double extortion trend like: 1.       Threat actors encrypt the user’s data 2.       Exfiltrate the data and threaten to make it public if the ransom demand is not paid. Their ransom demand ranges between $200,000 to $2,000,000. Let’s now understand how the attack ve...

A leaf out of Digital Forensics adventures- Part 1

Image
What is digital forensics? A specialized branch of forensic science that works to recover and investigate digital devices in the world of cybercrime. The aim of this work is to identify, preserve, analyze, and document digital evidence in order to present it to the relevant law authorities as and when required. Who is a Digital forensics investigator?  A person who has a mindset to discover evidence and trace back the storyline to solve the case. It can range from discovering:  • How attackers gained access to the network- or the point of breach • Lateral movement on the network- or affected systems discovery • Information stolen or backdoors planted- Corporate Espionage  • Recover data that were attempted for deletion, damage as well as manipulation. Let’s now analyze the different phases across a digital forensics investigation: Phases: 1. First-line incident response The focal point right after a suspected breach /security incident is known as the first respo...

Incident response handling for ransomware

Image
Welcome readers back to my blog. Today we will have a run-through in terms of performing incident response on ransomware breaches. Ransomware as we all know is becoming an increasing menace the world over, many firms keep getting compromised one way or another due to this specialized attack. The most critical factor in handling incident response would range around how effective firms do tackle such incidents. TL; DR: Validate the attack Gather the incident response team Analyze the incident and perform a thorough investigation  Contain the incident Eradicate the malware and its traces Perform post-incident analysis and monitoring Perform a post mortem analysis and prepare the lessons learned  In this part, let’s focus majorly on validation, analysis, containment phases.  Let’s take a look as a refresher for how best to handle such incidents (and also others similar in nature)  1.    Initial Triaging a.      Start with the aim to limit the inf...

Digital twins technology with IoT

Image
  What is digital twin? Digital twin is increasingly becoming popular since 2018, as the virtual replicas of physical assets. Simply said, this buzz word refers to a technology that helps carry out features like device simulation during development, ingestion of real-world data about a physical object or system as inputs and producing the outputs or simulations based on those inputs helping scientists and IT professionals run simulations before actual devices are built and deployed. Digital twin technology has now moved to multiple industries and vastly merging in the Internet of Things, artificial intelligence and data analytics helping augment deployments for peak efficiency and create other what-if scenarios. Via simulation of real object and its interactions with its surroundings, this technology helps provide a more accurate representation of the shape an object than a physical replica. The power of digital twins can be extended to virtually any technology such as clou...

Researching the difference between SIEM and SOAR

Image
A great matter of debate and confusion I have always seen is the line of difference between SOAR and SIEM along with fact that if you have one, do you still need the other or in conjunction. In order to understand the clarity, let us analyze the details and the concept behind both one by one: 1.       Understanding SIEM SIEM is the abbreviation for the technology platforms which stands for security information and event management used to collect and store security data. This can be related to simple examples including firewalls, intrusion detection systems/ prevention systems etc. This technically helps to aggregate and correlate all of this gathered data by help in analyze date wth focused analytics and machine learning software. 2.       Understanding SOAR SOAR on the other hand is the collective technology involving Security orchestration, automation and response (SOAR), that is intended to help imbibe security operat...

Demystifying Zero trust architecture

Image
1.     Introduction to zero trust: A more and more raging buzz word in the world of information security, Zero Trust Architecture refers to the “defense in depth” approach of implementing security concepts removing the process of automatically trusting actors and devices integrated in network. Zero trust architecture provides a thorough end to end approach to enterprise resource and data security controls interwoven around identity (person and nonperson entities), credentials, access management, operations, endpoints, hosting environments, and the interconnecting infrastructure. Zero trust leads to ultimately verifying every single component trying to connect to the system before granting access. Relying on fine grained methods such as micro-segmentation and granular perimeter enforcement based on users, zero trust helps to control security over controls such as trusting a user, machine or application for gaining access to a part of the enterprise network. Zero ...