Recent Discussions
How do you best protect your valuable data?
We all dread the notion of our identity being stolen. The vulnerability, the unknowing, and the anxiety around who and why someone would do this. Well, imagine if that identity was the administrative credentials to your core cyber resilience solution. With credential theft on the rise, insider-based attacks, privilege escalation, and advanced persistent threats are no longer just targeted at production or edge systems, they’re going after your last line of defense: your data protection infrastructure. In a world where cybercriminals no longer break in but simply log in, how do you best protect your valuable data? Matt Waxman, SVP & GM, Data Protection, Veritas answers this question in his latest blog found here:https://www.veritas.com/blogs/when-cybercriminals-no-longer-break-in-and-simply-log-in-how-do-you-protect-your-valuable-data?om_camp_id=global_osoc_Socialbenspickard5 months agoCommunity Manager2.3KViews1like0CommentsMGM Grand Attack - ALPHV/BlackCat
Recently, we all heard about MGM grand attack. As per the reports, Attackers got the access of system using vishing attack. A 10 minute phone call with attacker pretending to be an employee caused this massive breakdown. A group known as Scattered Spider is believed to be responsible for the MGM breach, and it reportedly used ransomware made byALPHV aka BlackCat, a ransomware-as-a-service group. we havecovered our observation on this Ransomware inREDLab newsletter in July 2023. We tested this strain in the REDLab which was detected by ourclient health detection featureand asystem anomalyas well as analertwas generated with file-systems backup.rhHax_Vox12 months agoLevel 21.1KViews5likes1CommentNew phishing technique with QR codes?
I wanted to check this with the experts. Are others also seeing a changed tactic in phishing emails where attackers are now using QR codes in the phishing emails? Does anyone have any information or point of view why this may be?andyathavale12 months agoLevel 31KViews4likes2CommentsNew Anomaly Extension: Client Health
In our fully isolated REDLab, the Veritas team detected abnormal activity when testing NetBackup clients with live malware samples. The Client Health anomaly extension checks the health of the digital host certificate deployed on a NetBackup client and triggers a system anomaly when a compromised certificate is detected. Once this condition is detected, the Client Health anomaly extension creates a critical audit event that indicates a break down in communication with the NetBackup client. An alert is also generated which can be relayed into the operating system logs (syslogs or event viewer), or into an external log aggregation platform such as SIEM/XDR or Veritas IT Analytics tools. You can download this new NetBackup Anomaly extension from the Veritas Download Center. For more information, review the NetBackup™ Anomaly Detection Extensions Guide.807Views4likes0CommentsNoEscape
NoEscape ransomware emerged in May of 2023 and functions as a Ransomware-as-a-Service(RaaS). CERT-In issued an alert for NoEscape ransomware which is believed to be a rebrand of Avaddon and has impacted around 10+ victims in October'23 alone. NetBackup Malware Scan results : Detected Attack Pattern : Encrypted files will have a random 10-character extension appended to the filename, which is unique for each attack.rhHax_Vox10 months agoLevel 2552Views2likes0CommentsRhysida
The Rhysida ransomware gang – which is part of Rhysida malware family is a relatively new operation which has yet to accumulate victims at scale although in June 2023 there was a successful attack on one South America country Army. Attack Pattern: Encrypts files and renames those to .rhysida. After encryption is finished, leaves a ransom note titled “CriticalBreachDetected.pdf”.551Views1like0CommentsAKIRA
The Indian Computer Emergency Response Team (CERT-In) issued an advisory reporting new ransomware Akira, which appears to be based on the original version of the Ryuk crypto-locking malware code. The ransomware group claims to have hit at least 63 organizations since its launch – mostly in the US Attack Pattern: The ransomware is designed to encrypt data on infected computers and manipulate filenames by appending the ".akira" extension. Tip for Akira:Keep an eye out for failed backups with ‘error 9132’.528Views3likes0CommentsFall Announcement: Veritas™ 360 Defense to Deliver Cyber Resilience On-Prem and Across Clouds
Introducing Veritas 360 Defense, the first extensible architecture in its space that brings together leading data protection, data governance, and data security capabilities. Veritas 360 Defense delivers a unique set of cyber resilience capabilities integrated with leading security vendors. Learn more about the announcement here:https://vrt.as/3Q6UtGP Want to learn more? Veritas Names Microsoft as First Veritas 360 Defense Partner to Achieve REDLab Validation for Security Solutions. Read the press release here:https://vrt.as/3MeSVtl The new Veritas 360 Defense architecture unites data security, protection, and governance to provide unmatched resilience in the face of Cyber Threats. Learn more in a blog from Veritas SVP & GM, Data Protection, Matt Waxman:https://vrt.as/3S79dbm Subscribe to the Veritas Cyber Resiliency Newsletter: https://www.linkedin.com/build-relation/newsletter-follow?entityUrn=7087517951578304513benspickard11 months agoCommunity Manager413Views1like0CommentsAnomaly Extension: Image Expiry
Image expiry anomaly detection extension adds the capability to detect any unusual image expiry date modifications causing early expiration. This new capability uses machine learning based model to form a normal trend of users who are expiring images manually or changing the expiry date. Also, if suddenly a new user starts doing image expirations which the ML model has not yet seen in past, it will generate anomaly in the form of notification in NetBackup. Action: Once the Anomaly gets generated, this extension will raise a notification indicating the abnormal activity done by auser.It reports the username and when the user carried out the abnormal activity.andyathavale2 years agoLevel 3376Views2likes0Comments