Cyber Threat Spotlight | Legion Cyberworks

2023-06-052023-06-05Cyber Threat Spotlight, Uncategorized

Decoding the Volt Typhoon APT Group

Introduction In the realm of cybersecurity, the battle against advanced persistent threats (APTs) has intensified. Among the notable adversaries is the Volt Typhoon APT group, a state-sponsored threat actor based out of China, known for their sophisticated and targeted attacks and their focus on espionage and information gathering activities. In this blog post, we will delve into the tactics, techniques, and procedures (TTPs) employed by Volt Typhoon, and explore how […]

2021-12-142021-12-15Blog, Cyber Threat Spotlight

Log4Shell CVE-2021-44228

Vulnerability Overview On December 10, 2021, the Apache Software Foundation released a security advisory to address a remote code execution vulnerability (CVE-2021-44228) affecting Log4j versions 2.0-beta9 to 2.14.1. A remote adversary could exploit this vulnerability to take control of an affected system. Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services. Private organizations, law enforcement, and security services providers are responding to active, widespread […]

2021-03-292021-03-29Cyber Threat Spotlight

Threat Brief – Purple Fox Malware

By: Tyler Horner 2021-March-29 Executive Summary Purple Fox is an active malware campaign targeting Windows machines. Up until recently, Purple Fox’s operators infected machines by using exploit kits and phishing emails. Guardicore Labs have identified a new infection vector of this malware where internet-facing Windows machines are being breached through SMB password brute force. Guardicore Labs have also identified Purple Fox’s vast network of compromised servers hosting its dropper and […]

2020-04-032020-04-03Blog, Cyber Threat Spotlight

2020 Zoom Meeting & Windows Credential Leaking

Issue Overview Lots of news has been made recently about an issue in Zoom which reportedly opens users up to attacks whereby a remote threat actor collects the username and the hashed password of the victim. The attacker would then use password cracking tools to decrypt the victim’s password and gain unauthorized access to resources. The truth is that the underlying issue is with the way Microsoft Windows systems are […]

2017-10-062019-12-25Cyber Threat Spotlight

Understanding Ransomware

CYBERSECURITY SPOTLIGHT: RANSOMWARE Ransomware Defined Ransomware is a class of malicious software (malware) that holds the victim’s computer system and data hostage with a demand for a ransom payment to restore access. Ransomware typically uses file level or full disk encryption to effectively lock the victim out, preventing access to their system and/or the data on it. The effects of a ransomware attack can be devastating in terms of data […]

2017-09-252020-01-03Blog, Cyber Threat Spotlight

Managed Security Monitoring for the SMB

The Need for Managed Security Monitoring in the SMB Space We received a call to work a malware incident at a small healthcare firm in the Pacific Northwest. We contacted their IT Admin, got a remote session going and started collecting initial information to do some quick triage and find out what we were dealing with. Our Security Engineer quickly identified the malware as Synack Ransomware, and it had compromised […]

2017-07-252020-01-03Blog, Cyber Threat Spotlight

RANSOMWARE AS A SERVICE

Ransomware as a Service (RAAS) Overview Just like you can go out and run your website on a Infrastructure as a Service platform or use a popular CRM system (rhymes with Gale’s Horse) that is referred to as Software as a Service, threat actors can get malware from platforms offering Ransomware as a Service, complete with customization, obfuscation, packing, a billing service so that the hacker and the RAAS folks […]