Tag Archive for: Engineering

The Importance of Reverse Engineering in Network Analysis

/in


Comprehensive research is required to create the best detection rule for a new vulnerability or threat. But what does ‘best’ mean? Well, the interpretation of ‘best’ depends on what we know about the vulnerability, but sometimes key information may not be available. Therefore, to develop accurate detection rules that can track malicious activity, you must search for this information in non-traditional areas, like the binary code of malicious tools.

In this blog, we will detail the process of creating accurate network signatures by closely analyzing the source code of a backdoor exploit. Reverse engineering in network analysis is essential for building rules that can effectively detect malicious network packets, reduce false positives, and ultimately help defend against malicious threats to OT/IoT

Binary reversing is a great method to use for creating network signatures.

Threat Detection 101 

Let’s imagine that the only information available for a certain vulnerability is a basic, non-technical description of a router that executes commands and exploits created by the same researcher. Even with this limited information, it’s still possible to create the first rule to detect that exploitation. Figure 1 shows an example of intelligence and network traces harvested by Nozomi Networks Labs IoT honeypots. This example shows a network packet exploiting CVE-2022-27255, but the exploitation is not immediately clear. More context is needed in order to prevent false positives.

Figure 1. Network packet exploiting CVE-2022-27255.

To detect this exploitation, we need to examine the protocol in use to understand what data should and should not be present at specific offsets. SANS suggests a detection strategy based on specific strings, and the packet sizes based on the parameters of a legitimate packet.

While SANS provided a great threat detection strategy, our goal is to detect the different ways attackers are exploiting certain vulnerabilities. It’s a tough decision between creating a rule that is flexible enough to detect multiple variants of that exploit, risking the chance of false positives, or making a rule narrow and focused on detecting just that one variant.

Source…

AtScale names John Langton as VP of worldwide engineering

/in


AtScale has appointed John Langton as the company’s new vice president of worldwide engineering. In this role, John will run global engineering and R&D for AtScale, managing teams in the Bay Area, Boston, Sofia (Bulgaria) and in remote locations.

This position is an expansion of his role at AtScale, having joined earlier this year to lead the company’s artificial intelligence (AI) engineering initiatives. John brings over 20 years of experience with applied AI technologies and Software-as-a-Service (SaaS) development to AtScale.

“I have known John for years and have invested in the company he founded and led through growth and acquisition,” said Chris Lynch, CEO of AtScale.

“His impact and leadership were immediately felt when he joined the AtScale team to lead AI/ML engineering earlier this year. I am extremely excited he has taken on this broader role, as we continue to redefine the modern notion of a semantic layer for data and analytics.”, Lynch continued.

Prior to joining AtScale, John was the CTO at Linus Health, a healthcare-focused SaaS company, where he drove the technology strategy behind the company’s next generation cognitive health solutions. He served in various AI/ML leadership roles at Wolters Kluwer, where he created the first healthcare AI team, and at athenahealth.

Prior to that, he was the founder and CEO of VisiTrend, a developer of interactive visual and security analytics that worked closely with the U.S. Department of Defense (DoD) until its acquisition by Carbon Black. John began his career at Charles River Analytics and holds a PhD in Computer Science from Brandeis.

“AtScale is transforming the way organizations leverage their data assets,” added Langton.

“Since joining earlier this year, I have come to appreciate the founding vision of creating a new technology category around the concept of a semantic layer. I am beyond excited to be part of the next chapter of AtScale.”, Langton continued.

Source…

Vigilante Hacker Outsmarts Cyber Mafia [4K] | Web Warriors | Spark

/in



Feds warn about social engineering in cyberattacks on physicians’ practices

/in


HHS agency warns “vishing,” combining scam emails and phone calls, is on the rise.

Phony phone calls paired with bogus emails are part of “vishing” scams that are a rising threat to cybersecurity of physicians’ practices.

Voice phishing, or vishing, is the method “of eliciting information or attempting to influence action via the telephone,” according to the latest analyst note by the Health Sector Cybersecurity Coordination Center (HC3) within the U.S. Department of Health and Human Services (HHS). This month, HC3 also published “The Impact of Social Engineering on Healthcare,” a threat brief that describes how scammers manipulate human psychology for their own gain.

“A social engineer can manipulate staff members into giving access to their computers, routers or Wi-Fi,” to steal protected health information, personal indentifiable information or install malware, the threat brief said.

A growing problem

When part of computer hack attacks, social engineering is problematic in health care because people are naturally trusting, have a desire to help, and want to look intelligent. Workers do not want to get in trouble, but some do take short cuts, the threat brief said.

In large health care organizations, staff members do not always know all their coworkers.

Analysts have said patient data is valuable for bad actors, and health care systems must pay hefty prices to free data and restore computer systems due to attacks. In 2021 and 2022, health care had the largest average cost of a data breach — $10.1 million in 2022 – among the public, energy, technology, pharmaceuticals, and financial sectors, according to HC3.

Phishing and vishing

With phishing, an attacker sends a fraudulent message is designed to trick people into revealing sensitive information, or deploy malicious software such as ransomware into the victim’s computer infrastructure. It was the most common threat to health care organizations, accounting for 45% of security incidents, followed by ransomware at 17%, said the threat brief, citing a health information cybersecurity survey.

In the last year, vishing cyber attacks have increased in all sectors and as a social engineering technique, it has been…

Source…