Splunk

You Bet Your Lsass: Hunting LSASS Access

Apr 7, 2022 By Splunk Threat Research Team In Splunk

One of the most commonly used techniques is to dump credentials after gaining initial access. Adversaries will use one of many ways, but most commonly Mimikatz is used. Whether it be with PowerShell Invoke-Mimikatz, Cobalt Strike’s Mimikatz implementation, or a custom version. All of these methods have a commonality: targeting LSASS.

Read Post

Splunk

Read more about You Bet Your Lsass: Hunting LSASS Access

Coffee Talk with SURGe: 2022-APR-05 State Department, Elections, Spring4Shell, Certs/Lapsus$, RSA!

Apr 6, 2022 By Splunk In Splunk

Grab a cup of coffee and join Ryan Kovar, Mick Baccio, and Audra Streetman for another episode of Coffee Talk with SURGe. The team from Splunk will discuss the latest security news and compete in a 60 second charity challenge. You don't want to miss it!

View Video

Splunk

Security

Read more about Coffee Talk with SURGe: 2022-APR-05 State Department, Elections, Spring4Shell, Certs/Lapsus$, RSA!

Risk-Based Alerting: The New Frontier for SIEM

Apr 4, 2022 By Haylee Mills In Splunk

If you haven't heard the gospel of risk-based alerting (RBA) in a SIEM context, by the end of this sermon you'll see why you’ll want it running in your environment yesterday, whether you're an analyst, an engineer, or in leadership.

Read Post

Splunk

Read more about Risk-Based Alerting: The New Frontier for SIEM

Splunk Releases Add-On for Google Workspace Security Monitoring

Apr 4, 2022 By Mark Karlstrand In Splunk

As the trend toward having a more distributed labor force working remotely part or full time persists, Splunk continues to see strong customer demand for more visibility into the security of the productivity and collaborative products their employees use. To assist with these requests, we’re excited to announce the release of Splunk Add-On for Google Workspace 2.0. This second major release includes important changes requested by our customers and valuable new functionality.

Read Post

Splunk

Read more about Splunk Releases Add-On for Google Workspace Security Monitoring

Threat Update: CaddyWiper

Apr 1, 2022 By Splunk Threat Research Team In Splunk

As the conflict in Eastern Europe continues, the Splunk Threat Research Team (STRT) is constantly monitoring new developments, especially those related to destructive software. As we have showcased in previous releases in relation to destructive software and HermeticWiper, malicious actors modify their TTPs in order to become more effective and achieve their objectives.

Read Post

Splunk

Read more about Threat Update: CaddyWiper

An Analysis of Ransomware Encryption Speeds by Splunk SURGe

Mar 29, 2022 By Splunk In Splunk

Did you know the median time for ransomware to encrypt nearly 100,000 files is 42 minutes and 52 seconds? This speed is likely beyond the capabilities of most organizations to respond effectively before encryption is complete. These findings are the result of research published by SURGe, Splunk’s strategic cybersecurity research team.

View Video

Splunk

Read more about An Analysis of Ransomware Encryption Speeds by Splunk SURGe

Threat Update DoubleZero Destructor

Mar 28, 2022 By Splunk Threat Research Team In Splunk

The Splunk Threat Research Team is actively monitoring the emergence of new threats in the cyber domain of ongoing geopolitical events. As we have shown previously in several releases, including HermeticWiper and CaddyWiper, actors in this campaign are deploying, updating, and modifying stealthier malicious payloads. On March 17th, 2022, the Ukraine CERT discovered a new malicious payload named DoubleZero Destructor (CERT-UA #4243).

Read Post

Splunk

Read more about Threat Update DoubleZero Destructor

Gone in 52 Seconds...and 42 Minutes: A Comparative Analysis of Ransomware Encryption Speed

Mar 23, 2022 By Shannon Davis In Splunk

Do you feel like every other cybersecurity news story mentioned ransomware in 2021? Does it feel like you can’t turn on a cybersecurity podcast and not hear the “R” word? We feel the same way, and as a cybersecurity vendor, we felt that we should also contribute to the noise. :-) But we did want to try and do something different.

Read Post

Splunk

Read more about Gone in 52 Seconds...and 42 Minutes: A Comparative Analysis of Ransomware Encryption Speed

Coffee Talk with SURGe: 2022-MAR-022 Government Cyber Statements, Okta, WiCys, and a deep dive

Mar 23, 2022 By Splunk In Splunk

Bring a cup of coffee and tune in to join the SURGe security team for a recap of cybersecurity news and events, our 60-second charity challenge, and another topic deep dive!

View Video

Splunk

Read more about Coffee Talk with SURGe: 2022-MAR-022 Government Cyber Statements, Okta, WiCys, and a deep dive

Detecting HermeticWiper

Mar 10, 2022 By Splunk Threat Research Team In Splunk

As stated in our previous threat advisory STRT-TA02 in regards to destructive software, past historical data suggests that for malicious actors to succeed in long-standing campaigns they must improve and add new ways of making their payloads stealthier, resistant, and damaging. HermeticWiper introduces some unique features, applying destructive actions on compromised hosts.

Read Post

Splunk

Read more about Detecting HermeticWiper

Subscribe to Splunk

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Splunk

You Bet Your Lsass: Hunting LSASS Access

Coffee Talk with SURGe: 2022-APR-05 State Department, Elections, Spring4Shell, Certs/Lapsus$, RSA!

Risk-Based Alerting: The New Frontier for SIEM

Splunk Releases Add-On for Google Workspace Security Monitoring

Threat Update: CaddyWiper

An Analysis of Ransomware Encryption Speeds by Splunk SURGe

Threat Update DoubleZero Destructor

Gone in 52 Seconds...and 42 Minutes: A Comparative Analysis of Ransomware Encryption Speed

Coffee Talk with SURGe: 2022-MAR-022 Government Cyber Statements, Okta, WiCys, and a deep dive

Detecting HermeticWiper

Monthly Archive

Follow Us