A type of credential reuse attack known as credential stuffing has been recently observed in higher numbers towards industry verticals. Credential stuffing is the process of automated probing of and access to online services using credentials usually coming from data breaches, or bought in the criminal underground.

Implementing and operationalizing the best practices and capabilities of DevOps into an organization is a key predictor for increased customer satisfaction, organizational productivity and profitability. Doing so successfully can be a challenging endeavour. Implementing DevOps can be particularly difficult because it oftentimes requires technology changes, process changes and a drastic change in mindset.

In this post, we continue our discussion of use cases involving account take over and credential access in enterprise data sets. In the first part of this series, we introduced the definition of a VIP account as any account that has privileged or root level access to systems/services. These VIP accounts are important to monitor for changes in behavior, particularly because they have critical access to key parts of the enterprise.

NoSQL technology has become more popular in recent years thanks to the development of new open-source NoSQL databases that are relatively easy to install, use and integrate with web frameworks. An example of one of those popular frameworks on the internet is known as MEAN (MongoDb, Express.js, Angular.js, Node.js). These NoSQL frameworks have become very popular for things such as content management, catalogs and big data in general.

A new kind of spam is being observed in the field that uses the browser notification feature to trick users into subscribing to sites that will in turn bombard users with notifications usually related to click or add profit schemes. Subscription notification request seen below: Browser notification subscription requests are a legitimate feature that allows visitors of a site to be notified when there is new content available. It saves users the need to constantly refresh or keep open browser tabs.

Detecting malicious activity is rarely easy, but some attacker methods are more challenging to detect than others. One of the most vexing techniques to counter is credential theft. Attackers that gain control over a user account have access to the assets of that user. If the credentials are for an account with special privileges, like a system administrator, then the attacker may be able to gain access to system-wide resources and even be able to change logs to cover their tracks.

The energy industry used to operate on a simple hub-and-spoke model, in which large power plants would produce energy in a centralized location and distribute it out to consumers. Yet as solar, wind, and other small-scale renewable energy sources take hold in the market, that hub-and-spoke model is being replaced by a complex grid of interconnected devices.

The cybercrime threatscape is constantly changing as hackers adapt and repurpose the use of many different types of tools and attack vectors, and a recent report by Kaspersky Lab indicates that the use of remote administration tools (RATs) has increased during 2018. RATs are commonly developed as legitimate software suites with bundled functionalities to support system administrators and other power users.

PowerShell had its beginnings as a way to enable administrators to perform their tasks both locally and remotely with unprecedented access to underlying Windows components, such as COM objects and WMI. Since being included in every major Windows Operating System since Windows 7, PowerShell based tooling is well proliferated for both legitimate and malicious use and includes common tooling such as SharpSploit, PowerSploit, PowerShell Empire, Nishang and Invoke-Obfuscation.

We are excited to announce a new solution for our customers to monitor the performance, availability, and security of their Zoom video conferencing service. The Sumo Logic for Zoom app is available today in our app catalog. This new app will be added to our ‘Work From Home’ solution which is available for free, with no obligation.