Saturday, December 01, 2012

Red Sky Weekly - 12/1/12

We’re winding down 2012 but the pace hasn’t seemed to change even one bit. Attackers are busy, defenders are busy. This week Red Sky has people onsite doing analysis, and others building infrastructure to reduce friction points to collaboration, and even with all of that going on, we continue to add new members.

Here’s what’s happening:

  • Fusion Report 32 published: This week we released Fusion Report 32. FR12-032 details a newly leveraged backdoor and its associated infrastructure. We provided analysis of the malware's capabilities and protocol with 8 new signatures for identifying its communications.
  • Analyze-a-thon: Our lead analyst is onsite with a member this week developing an attributional profile of one of the most prolific APT groups out there today. In three days onsite, combing through mountains of forensic data, the team, working together has made significant progress in what they’re calling the “name and shame” report. The result of this analysis will be provided to the Red Sky community in our upcoming threat day next week.
  • Threat Day: Our next (our third) Threat Day is scheduled for this week in San Antonio, TX -again at a member location (I hear they have an indoor slide!). Presenters are lined up to talk through the day, and we’re expecting to video the day and post the presentations to the portal.

Short and sweet. Sometimes that’s best.

Until next time, have a great week!
Jeff