Tuesday, May 29, 2012

Fusion Report 10 (FR12-010) published!

I’m happy to announce that we’ve just published our next Red Sky Alliance Fusion Report. I’ve been waiting for this one. I can’t believe we’re at ten pieces of finished technical analysis already.  FR12-010 discusses a remote access Trojan (RAT) used in some of the newer targeted attacks.
While not prompted by a member submission, we felt it necessary to analyze and report. This specific tool has been leveraged by one of the more sophisticated cyber adversaries today. Red Sky analysts provided signature and artifacts associated with this malware and also included a snapshot of the actor's methodology. The paper details our analysis, and provides our members with two new Snort signatures, and a couple of dozen new indicators of compromise that may be copy/pasted directly into their defense in depth infrastructure.
A couple of key stats (now that we're at report 10!)
  • To date we've published over 1200 indicators of targeted attacks to the membership,  analyzed through crowd sourcing in the portal and via Red Sky analysis. 
  • 59 member/analysts are now tracking over 220 active discussion threads all relating to targeted attacks and emerging threats.
  • Inside the portal, members have logged over 5000 page views with the Fusion Reports topping the list. In fact, our last report (detailing the activities of one ISP) was one of our most popular. Visits to two areas in the portal - "Incident Response Corner" followed closely by "Security Intelligence" were next runners up.
Bottom line. This is exciting stuff and it's great fun to be an information security pro!  --a story... anyone who knows me will tell you I love to tell them...  I met Vint Cerf a few months back. I told him "Thank you!". Because of him, I've paid off my home, bought the car (a really nice car!), and made my career. Because of him (and the new threats), I'm cruising in on 50, balding, slightly overweight (ok, maybe more than slightly.. ), and finally cool! and you know what? So are all of the other 58 members that I talk to on a daily basis!! 
It's a fun time to be an Infosec pro!

Until next time,
Have a great week!
Jeff