In Mr. Robot‘s episode 9 of season 2 (13:53), Angela Moss needs to obtain the Windows domain password of her superior, Joseph Green, in order to download sensitive documents that would potentially incriminate EvilCorp. Since her attack requires physical access to his computer, she starts with a good old-fashioned social engineering attack to get the only currently present employee in the office to leave.
With the proper auditing enabled (Logon/Logoff – Logon (Failure)) and EventSentry installed however, we can permanently block remote users / hosts who attempt to log on too many times with a wrong password. Setting this up is surprisingly simple.
If you’re running Windows 2008 (R2) or 2012 then setting up DNS auditing requires a few steps. Thankfully it’s a one-time process and shouldn’t take more than a few minutes. On the EventSentry side a pre-built package with all the necessary rules is available for download and included with the latest installer.
Helping Businesses Properly Manage Sensitive Content Internationally
We’re again excited to announce the availability of EventSentry v3.4, the latest release of our hybrid SIEM monitoring suite.
Auditing changes on Microsoft Windows DNS server is a common requirement and question, but it’s not immediately obvious which versions of Windows support DNS Auditing, how it’s enabled, and where the audit data (and what data) is available. Fortunately Microsoft has greatly simplified DNS Server auditing with the release of Windows Server 2012 R2.
PALM BEACH GARDENS, Fla.--(BUSINESS WIRE)--Companies aren’t very confident in their ability to detect, respond to and remediate ransomware attacks, according to the 2017 Ransomware Report, sponsored by user behavior analytics and activity monitoring company Veriato and 13 other companies and conducted by Crowd Research Partners.
In late 2016 the Spambrella partner program evolved to better fit the demand of managed security service providers (MSSP’s) and value add resellers (VAR’s) in transition. This is largely due to the broad and varied territories our partners are located. Spambrella now have partner program options available for all eventualities in all continents.
A new strain of the Petya ransomware started propagating on June 27, 2017, infecting many organizations. Similar to WannaCry, Petya Ransomware uses the Eternal Blue exploit to propagate itself. Petya is taking down corporate networks that run mainly on Microsoft Windows software. It has already hit most Government applications in Ukraine as well as major companies in Europe including advertising agency WPP and law firm DLA Piper.
Friday May 12th will be the day we remember the start of the mayhem caused by ‘WannaCry’, the most successful ransomware infection in history. Since Friday, Security teams have been running around with their heads on fire trying to get ahead of the infection and to understand the malware’s capabilities. In the process, a lot new sales lead ransomware experts seem to have risen from the depths and have confused the situation further.
