This week was a banner week. While the week ended poorly for
me –my car broke down landing me at a dealer in Greenwich, CT where I’m now
typing my weekly update from a hotel room a mile away from the garage that now
houses ‘Daisy’. It’ll be noon at least before I hit the road tomorrow. Luckily,
my car is still under warrantee. I guess if something bad needed to happen to
offset all of the good this week, I’ll take it!
Here’s what we had happen this week:
·
Fusion Report 12-007 was published
·
Analytics are being prepared discussing what
started as a hunch, now developing into a full analytic on a service provider
hosting malware
·
Three new (GREAT) companies are now involved
with Red Sky and our activity is grown amazingly well!
Fusion Report was published earlier in the week. This one
dealt with yet another group of sour apples. FR12-007 detailed the technical
characteristics of the attacks, published three pages of qualified APT
indicators in the kill chain format, and offered a bit of analysis on what we
believe these sour apples were looking for. One thing I hear over and over is
‘whack a mole is hard’, so we’re now trying to help our Infosec members
prioritize their efforts by pointing them (when possible) to targeted areas in
their environments. I know when I was a CISO dealing with thousands of
different technology areas, I would have greatly
appreciated someone pointing me to the area that was being targeted… so we’re
doing our best to do that now.
Presentations were made to two great tech companies in North
Carolina –both of whom are now participating in Red Sky, and today on my way up
95 I stopped off to see some folks in northern NJ who are also now
participating. These companies are going to make incredible additions to the
Red Sky community, and one has already made significant contributions to a
discussion around my next topic…
Earlier in the week we posted a blog entry on a ‘hunch’
about a service provider whom we believe might have been hosting
some malicious content. The hunch was based on blog entries showing an overseas users utilizing a small, remote ISP on the other side of the world. I couldn't help but wonder why! After a few rounds of ‘RFIs’ and answers coming back,
log snippets from multiple companies and analysis from the membership and Red
Sky team, I think we can positively call it out. It was a pretty nice success so
early on, but heck, we’ve got a great team of folks participating.
To date, we’ve created over 170 new threats for 1100+
comments/analytics/discussions, with 8000 page views in the environment. We
boast nearly 50 (very smart) individuals representing analysts, incident
responders, and engineers from nearly a dozen companies.
We’re doing well. Hopefully I’ll be so lucky when I retrieve
Daisy tomorrow!
Until next week,
Jeff
Jeff
No comments:
Post a Comment