Attivo Networks Blogs


Attivo Networks and the Conti Ransomware

Reading Time: 4 minutes  |  Published: June 11, 2021 in Blogs, Ransomware

Written by: Joseph Salazar, Technical Marketing Engineer - In mid-May 2021, the FBI released a security report identifying at least 16 Conti ransomware attacks over the past year on healthcare and first-responder networks, including law enforcement agencies, emergency medical services, 9-1-1 dispatch centers, and municipalities.  These...

Darkside Ransomware Attack and Domain Compromise

Reading Time: 2 minutes  |  Published: May 12, 2021 in Blogs, Ransomware

Author: Venu Vissamsetty, V.P Security Research, Attivo Networks - Colonial Pipeline, one of the largest pipeline operators in the United States, had to shut down operations on May 8th, 2021 after becoming the victim of a ransomware attack. The FBI confirmed that the DarkSide ransomware group...

Stop DearCry Ransomware Exploits of Hafnium

Reading Time: 2 minutes  |  Published: March 16, 2021 in Blogs, Ransomware

Author: Venu Vissamsetty, V.P Security Research, Attivo Networks -The recent Hafnium attacks drew attention to several Microsoft Exchange Server vulnerabilities, but other groups are taking advantage of these to launch ransomware attacks. Attackers are targeting enterprises exploiting the four recent Microsoft Exchange Server vulnerabilities (CVE-2021-26855,...

Secure Your Shared Resources from Adversaries Exploiting SMB and Windows Admin Shares

Reading Time: 3 minutes  |  Published: January 29, 2021 in Blogs, Ransomware

Vikram Navali, Senior Technical Product Manager  - The tactics employed by adversaries are as varied as their motives. Some prefer spear-phishing, while others make use of malware, executing targeted attacks. However, the result is inevitably the same: getting unprivileged access to shared resources like files, folders,...

Microsoft Active Directory as a Prime Target for Ransomware Operators

Reading Time: 4 minutes  |  Published: December 9, 2020 in Active Directory, Ransomware

Written by: Joseph Salazar, Technical Marketing Manager & Juan Carlos Vázquez, Sales Manager -The Active Directory (AD) infrastructure remains critical in so-called “human-operated” ransomware campaigns and post-compromise extortion, which represents a significant threat to businesses and a detection challenge in the short time they have...

Preventing SCCM Compromise and Deployment of Ransomware

Reading Time: 3 minutes  |  Published: November 9, 2020 in Active Directory, Blogs, Ransomware

Author: Biju Varghese, Technical Product Manager  - Adversaries are adopting creative methods in these COVID-19 epidemic conditions to gain access to company assets. Ransomware is one such creative digital form of extortion that affects companies of all sizes. One prevalent method adversaries use to compromise and...

Combatting Triton Malware with Advanced Threat Detection

Reading Time: 2 minutes  |  Published: May 10, 2019 in Blogs, Ransomware
1 Comment

Written by: Mike Parkin, Technical Marketing Engineer - Malware targeting IoT devices is nothing new.  There have been some reasonably famous, or infamous, depending on your perspective, IoT targeted malware incidents.  An April article on ZDNetby Danny Palmer, on the Triton malware attack in late...

cybersecurity halloween

What Could be Coming to Haunt Your Organization this Halloween

Reading Time: 5 minutes  |  Published: October 31, 2018 in Blogs, Deception, Energy, Event, Government, Healthcare, High Tech, IoT, Ransomware, Threat Detection, ThreatDefend

Written by: Carolyn Crandall, Attivo Networks CMO - Halloween may be the only time of the year when monsters, vampires and ghosts parade the streets at night spooking the public. However, in the dark online world of sophisticated adversaries and expanding attack surfaces, threats continue to...