Our blog is a playground with fresh ideas about security and our approach

19 Oct

Defend Forward, Part Three: Taking It Operational


Defend forward, which we have written about in previous blog posts, could very well be the future of enterprise cybersecurity. A posture that seeks to gain early understanding and warnings of attacker activity instead of waiting for a breach to happen and then dealing with the consequences, it’s the clearest way to prevent huge data losses and catch experienced attackers off guard. We think it summarizes the importance and effectiveness of active defense in cybersecurity.

14 Oct

{Ebook} Don’t Toss the Phish! Gathering Tailored Threat Intel from Spear Phishing


Over 90% of cyber attacks begin with spear phishing. These highly targeted, often sophisticated campaigns can be difficult to recognize and even more difficult to protect against. No matter what security is in place, there is always the possibility that someone, somewhere will click on a link that will result in your corporate network being compromised. So what can you do? We get this question a lot. And we have a unique solution.

13 Oct

Dota3 Malware Again and Again


The Internet is plagued by automated systems that search for servers with weak credentials to infect with their malware. In this blog post, we will analyze a well-known malware that has been active for years: Dota. In the Dota family of malware, there have been different variants, and using data gathered by one of our servers deployed over the Internet, we have recently observed that Dota3, the latest variant, is still active.

7 Oct

Five Cool TTPs for Autumn


At CounterCraft, we talk a lot about the TTPs our platform can detect and classify, and how we are pioneering the integration of the Mitre ATT&CK TTP classification framework. If you work with Mitre ATT&CK, you’ve probably seen the matrix thousands of times, but have you ever really taken a look at the more niche, yet still-high-risk TTPs? In this article, we go one step further to describe some of the more interesting TTPs you can detect using our deception-powered threat intel technology.

6 Oct

Cyber CEOs Talk Confluence Server Exploits


The Atlassian Confluence exploit has been in the wild for a while now. Although the response and patching was quite rapid, there are still servers that are unpatched and being exploited. CounterCraft’s founders talk about the company’s threat intel research that is currently being deployed across the internet. They talk about how CounterCraft gathered intel on the exploits happening in real time, deploying unpatched deception servers to detect in real time what attackers were doing.

5 Oct

It’s Cybersecurity Awareness Month!


This month, CounterCraft celebrates Cybersecurity Awareness Month hand in hand with the National Cybersecurity Alliance. Cybersecurity is the ultimate goal of everything we do, which is why we are fans of this initiative. Now in its 18th year, Cybersecurity Awareness Month is a growing campaign created to increase awareness of the importance of keeping the internet (and all the data online) safe. This year’s theme is “Do Your Part. #BeCyberSmart.”, marking an effort to empower both individuals and organizations to own their part of cyberspace and implement stronger security measures where possible.

30 Sep

What We're Reading


Everyone, including bad actors, are back from holiday this month. Action in the cybersecurity realm is slowly picking up, for better and for worse—read on for the news we’ve been watching and sharing this month. 2021 Has Broken the Record For Zero-Day Hacking Attacks This year, cybersecurity defenders have found the highest number of zero-day hacking attacks ever, and all this before the year is even up. 66 zero-days have been found in use this year, according to databases such as the 0-day tracking project—almost double the total for 2020, and more than in any other year on record.

29 Sep

Malicious Docker Images Still Used for Mining Purposes


You may have seen our recent posts about how TeamTNT is abusing Docker daemons for mining Monero. In this blog post, we will describe another method we have observed that includes the use of malicious Docker images available at Docker Hub. This Docker image is the one responsible for the scanning and infection that we described in our last blog post. The alpineos/dockerapi image The alpineos/dockerimage is a public Docker image available at Docker Hub.

28 Sep

What is Cloud?


CounterCraft Cloud is a cyber-deception-as-a-service that identifies and profiles cyber threats before they attack your online IT assets, remote workers, and networks. With CounterCraft Cloud you get tailored threat intelligence campaigns with minimal investment of resources. The powerful and precise technology means you will receive IOCs and TTP alerts specific to your organization. Watch our video to get a better idea of what the service can do for you and your business.

23 Sep

Escaping Docker Privileged Containers for Mining Crypto Currencies


Last week, we published a blog post describing how TeamTNT created a Docker worm that was replicating itself in open Docker daemons. In the case of that example, everything took place inside a Docker container. Now, The same threat actor, TeamTNT, is still abusing open Docker daemons but now they are using a neat trick to escape from the container and install the crypto miner in the real host (the one running the Docker daemon).

Page 1 of 19