#ThreatThursday

New!

August 6, 2020

#ThreatThursday - Evil Corp

This blog post will dive deeper into the Garmin attack, extract TTPs from Cyber Threat Intelligence, create a MITRE ATT&CK Navigator Layer and adversary emulation plan, emulate the attack with Cobalt Strike (like Evil Corp used) and then drop a synthetic WastedLocker built with SCYTHE, and discuss how to defend against ransomware attacks with Olaf Hartong.

VIEW

#ThreatThursday

New!

July 30, 2020

#ThreatThursday - Emotet

On Friday, July 17, many of us woke up to a bunch of new phishing emails. What happened over night? Well, like Sherrod DeGrippo from ProofPoint wrote, emotet returns after a 5 month hiatus. Emotet is a banking trojan that gains access to end user machines and steals their financial information such as login information and personal identifiable information (PII). This week, we met with Sherrod and discussed Emotet. As usual, we create an adversary emulation plan based on Cyber Threat Intelligence and then emulate it with SCYTHE.

VIEW

#ThreatThursday

New!

July 23, 2020

#ThreatThursday - Deep Panda

This week we interviewed Bradford Regeski, a Cyber Threat Intelligence analyst at H-ISAC, about the top threats the healthcare industry is seeing. He shared a number of excellent resources on threat actors, told us a little more about H-ISAC, and dove deeper into Deep Panda.

VIEW

#ThreatThursday

New!

July 16, 2020

#ThreatThursday - Orangeworm

This week on #ThreatThursday we cover the latest release of MITRE ATT&CK (with sub-techniques), announce a healthcare partnership, and look at a threat actor that has been targeting the healthcare sector for years: Orangeworm. As usual, we consume Cyber Threat Intelligence, create a threat profile and adversary emulation plan, and discuss how to defend against Orangeworm.

VIEW

#ThreatThursday

New!

July 9, 2020

#ThreatThursday - Managing Threats

Welcome to another edition of #ThreatThursday! We now have a section on this blog exclusively for #ThreatThursday so that you may efficiently find the resources for CTI analysis, threat emulation, and remediation in one location every week: https://www.scythe.io/threatthursday Feel free to bookmark or subscribe to the RSS feed.

VIEW

#ThreatThursday

New!

July 2, 2020

#ThreatThursday - Ransomware

A day hardly goes by without hearing about another ransomware attack. Just this week I read, on SANS NewsBites, that University of California San Francisco (UCSF) paid $1.1 million to regain access to their data. This week’s #ThreatThursday we take a look at a ransomware example, learn how criminals are evolving to get paid, create an adversary emulation plan that is safe but valuable for enterprises, and speak to industry thought leader, Olaf Hartong, about defending against ransomware attacks using Sysmon.

VIEW

#ThreatThursday

New!

June 25, 2020

#ThreatThursday - Cozy Bear

This week on #ThreatThursday we look at Cozy Bear, or APT29, a Russian government threat group that has been operating since at least 2008. This group is most famous because of the attribution to the Democratic National Committee hack in the summer of 2015.

VIEW

#ThreatThursday

New!

June 18, 2020

#ThreatThursday - APT33

This week on #ThreatThursday we look at an Iranian Threat Actor, APT33 or Elfin. We introduce the MITRE ATT&CK Beta with sub-techniques, create and share an adversary emulation plan for APT33 on Github, show how to execute PowerShell (both powershell.exe and unmanaged PowerShell) through SCYTHE and show how to perform lateral movement within the SCYTHE user interface as well as on the command line.

VIEW

#ThreatThursday

New!

June 11, 2020

#ThreatThursday - Buhtrap

In this #ThreatThursday we will be looking at Buhtrap, a criminal team attacking financial institutions. We are presenting new concepts this week such as consuming Cyber Threat Intelligence that has not been mapped or tracked on MITRE ATT&CK website and explaining the concept of Short and Long Haul C2.

VIEW

#ThreatThursday

New!

June 4, 2020

#ThreatThursday - APT19

Adversarial Emulation is a threat intelligence driven process. Leveraging threat intelligence is required for more effective defense (Blue Team) and offense (Red Team). We must understand how threats operate and their behaviors (tactics, techniques, and procedures) to stay ahead of them and prevent or detect when they attack our organization. For these reasons, we want to share our vision for being threat-led with our readers and introduce #ThreatThursday.

VIEW

let our tech speak for itself

Know where you stand with SCYTHE. Talk to us to start the evaluation process today! We’d love to talk to you about how SCYTHE can fit into your cybersecurity workflow.

Contact Us

LEARN MORE