Veritas™ REDLab Newsletters
Veritas™ REDLab Newsletters December 2024 Newsletter Link: REDLab-Newsletter-December-2024 We conducted Cuba and DataBlack ransomware attacks on the NetBackup Client and data on NetBackup Client is encrypted. Filenames appended with the extension ".cuba" by Cuba ransomware and "random_filename.Datablack" by DataBlack ransomware for both ransomware post attacks resulting in the generation of a "Client Health system anomaly" and it also starts an automatic malware scan of the backup image. In this edition, we would like to introduce a feature known as 'Viewing hash values of malware-infected files and virus information'. Malware scanned images in NetBackup allows to view the hash values(SHA-256) of the malware infected files, names, backup times and virus information in a .csv file. October 2024 Newsletter Link: REDLab-Newsletter-October-2024 We conducted Royal and Xorist ransomware attacks on the NetBackup Client and data on NetBackup Client is encrypted. Filenames appended with the extension ".royal" by Royal ransomware, resulting in the generation of a "Client Health system anomaly" and ".xorist" by Xorist ransomware, the change of data deduplication rate is detected by the ML algorithm and generates an alert and it also starts an automatic malware scan of the backup image. In this edition, we would like to introduce a feature known as 'Suspicious file extension Detection' in NetBackup allows to configure the system to detect anomalies if any file is found in the backup with Ransomware extension. You can set threshold for the percentage of files with suspicious extension that cannot be exceeded. You can also add custom file extensions to search for such files in your domain. September 2024 Newsletter Link: REDLab-Newsletter-September-2024 We conducted Play and Agenda ransomware attacks on the NetBackup Client and data on NetBackup Client is encrypted. Filenames appended with the extension ".PLAY" by Play ransomware, resulting in the generation of a "Client Health anomaly" and ".OnHnnBvUej" by Agenda ransomware, the change of data deduplication rate is detected by the ML algorithm and generates an alert and it also starts an automatic malware scan of the backup image. In this edition, we would like to introduce a feature known as 'Anomaly Detection for Image Expiration' in NetBackup allows to configure the system to detect anomalies in image expiration. This feature helps identify unusual or suspicious activities related to the expiration of backup images. August 2024 Newsletter Link: REDLab-Newsletter-August-2024 We conducted Babuk and RansomEXX ransomware attacks on the NetBackup Client and data on NetBackup Client is encrypted. Filenames appended with the extension ".__NIST_K571__" by Babuk ransomware, resulting in the generation of a "ransomware extension anomaly" and ".txd0t" by RansomEXX ransomware, the change of data deduplication rate is detected by the ML algorithm and generates an alert and it also starts an automatic malware scan of the backup image. In this edition, we would like to introduce a feature known as 'Anomaly configuration to enable automatic scanning' in NetBackup allows to trigger automatic malware scan for those anomalies that have high severity and based on the configuration file settings. Use the configuration file on the primary server to do the required settings. July 2024 Newsletter Link: REDLab-Newsletter-July-2024 We conducted Blacksuit and CryptBB ransomware attacks on the NetBackup Client and data on NetBackup Client is encrypted. Filenames appended with the extension ".BlackSuit" by Blacksuit ransomware, resulting in the generation of a "Client Health anomaly" and ".OKHkzrxNC" by CryptBB ransomware, the change of data deduplication rate is detected by the ML algorithm and generates an alert. In this edition, we would like to introduce a feature known as 'Malware scan before recovery' feature in NetBackup allows you to scan the supported backup images for malware before initiating data recovery. During recovery, if you start from a malware-affected backup image, a warning message appears, and you are prompted for a confirmation. This feature helps ensure that the recovered data is free from malware, enhancing security and reliability during the restoration process. June 2024 Newsletter Link: REDLab-Newsletter-June-2024 We conducted BlackBasta and BlackCat ransomware attacks on the NetBackup Client and data on NetBackup Client is encrypted. Filenames appended with the extension ".basta" by BlackBasta ransomware and ".uhwuvz" by BlackCat ransomware, , resulting in the generation of a "Client Health anomaly". In this edition, we would like to introduce a feature known as NetBackUp risk engine anomaly detection which detects certain system anomalies in a proactive manner and sends appropriate alerts, enabling corrective action to be taken before any security threats can impact your environment. May 2024 Newsletter Link: REDLab-Newsletter-May-2024 We conducted 8Base and Medusa ransomware attacks on the NetBackup Client and data on NetBackup Client is encrypted. Filenames appended with the extension ".8base" by 8Base ransomware and ".medusa" by Medusa ransomware, , resulting in the generation of a "Client Health anomaly". We have published script options for automating Malware scan host configuration and anyone can refer to the May 2024 newsletter for in-depth details. April 2024 Newsletter Link: REDLab-Newsletter-April-2024 We conducted Trigona and Wannacry ransomware attacks on the NetBackup Client and data on NetBackup Client is encrypted. Filenames appended with the extension ".WNCRY" by Wannacry ransomware and "._locked" by Trigona ransomware, resulting in the generation of a Ransomware file extension-based anomaly detection. March 2024 Newsletter Link: REDLab-Newsletter-March-2024 We conducted LostTrust and LeakDB ransomware attacks on the NetBackup Client, resulting in the generation of a Client Health anomaly. This anomaly triggers a critical audit event indicating failed communication with the NetBackup Client. Consequently, this audit event generates an alert and reports the affected client's name to NetBackup IT analytics or the SIEM/XDR platform. February 2024 Newsletter Link: REDLab-Newsletter-February-2024 In this edition, we would like to introduce a feature known as Data-in-transit encryption(DTE). The security policies require the backup administrator to ensure that the channel on which NetBackup Clients send metadata and data to NetBackup Servers be secure. In NetBackup 10.0 and later, the data and metadata are encrypted over the wire. We conducted Lucky and MuskOff ransomware attacks on NetBackup Client and Client Health anomaly was generated and it creates a critical audit event that indicates failed communication with the NetBackup Client. This audit event generates an alert and reports the affected client name to NetBackup IT analytics or the SIEM/XDR platform. January 2024 Newsletter Link: REDLab-Newsletter-January-2024 In this edition we would like to introduce a feature is Multi-factor Authentication which is a multiple-step account login process that requires you to enter a 6-digit one-time password along with your password. It is strongly recommended that you configure multi-factor authentication to protect the security of your account. We have carried out Faust and Mallox ransomware attack on NetBackup Client and Client Health anomaly was generated and it creates a critical audit event that indicates failed communication with the NetBackup Client. This audit event generates an alert and reports the affected client name to NetBackup IT analytics or the SIEM/XDR platform. December 2023 Newsletter Link: REDLab-Newsletter-December-2023 In this edition we would like to introduce a feature which is Multi Person Authorization(MPA) NetBackup Security Administrator can configure multi-person authorization. It proactively protects NetBackup primary servers from an undesirable or a malicious act by ensuring that a second authorized user approves that action before it is allowed to take place. We have carried out BianLian and NoEscape Ransomware attack on NetBackup Client. Data on NetBackup Client is encrypted along with NetBackup configuration files and Client Health anomaly is detected. Once the anomaly is detected, the Client Health system anomaly creates a critical audit event that indicates failed communication with the NetBackup Client. This audit event generates an alert and reports the affected client name to NetBackup IT analytics or the SIEM/XDR platform. November 2023 Newsletter Link: REDLab-Newsletter-November-2023 In this edition we would like to introduce a feature which is Anomaly Detection of ransomware file extension. During a backup operation NetBackup 10.3 check all file extensions, compares them with the ransomware extension list and generates an anomaly if there is a match. We have carried out Rhysida and Akira Ransomware attack on VMware infrastructure protected by NetBackup and post attack, a system anomaly of type ransomware file extension was generated. NetBackup rules engine is a new feature added in NetBackup 10.3 which is a rules-based engine that can trigger certain threshold-based detection use cases. The rule engine detects abnormal activities through NetBackup audit data. October 2023 Newsletter Link: REDLab-Newsletter-October-2023 We have carried out Maze and Lockbit ransomware attack on a NetBackup client. Data on NetBackup Client is encrypted along with NetBackup configuration files and Client health anomaly is detected. Once the anomaly is detected, the Client Health anomaly creates a critical audit event that indicates failed communication with the NetBackup Client. This audit event generates an alert and reports the affected client name to NetBackup IT analytics or the SIEM/XDR platform. In this edition we would like to introduce a feature which is RBAC in NetBackup enhances security by ensuring that users have the appropriate level of access and control over backup and recovery operations. It helps prevent unauthorized access and minimizes the potential for errors or data breaches caused by users with overly broad permissions. August 2023 Newsletter Link: REDLab-Newsletter-August-2023 In this edition we would like to introduce you to an Isolated Recovery Environment (IRE) that enables air-gapped backup copies by disabling network connectivity to a secure copy of your critical data, providing administrators a clean set of files on demand to neutralize the impact from a ransomware attack. We conducted Royal and Ryuk ransomware attack on NetBackup Client, resulting in the generation of a Client Health anomaly. This anomaly triggers a critical audit event indicating failed communication with the NetBackup Client. Consequently, this audit event generates an alert and reports the affected client's name to NetBackup IT analytics or the SIEM/XDR platform. June 2023 Newsletter Link: REDLab-Newsletter-June-2023 NetBackup 10.2 introduced a new anomaly detection framework through which we delivered two new extensions, Image Expiry and Client Health Anomaly. Both of these utilize our machine learning engine to provide just-in-time detection capabilities keeping our customers one step ahead of the new cyber attacks. These extensions and any new ones will be available in a single package to simplify deployment and will receive regular updates.How do you best protect your valuable data?
We all dread the notion of our identity being stolen. The vulnerability, the unknowing, and the anxiety around who and why someone would do this. Well, imagine if that identity was the administrative credentials to your core cyber resilience solution. With credential theft on the rise, insider-based attacks, privilege escalation, and advanced persistent threats are no longer just targeted at production or edge systems, they’re going after your last line of defense: your data protection infrastructure. In a world where cybercriminals no longer break in but simply log in, how do you best protect your valuable data? Matt Waxman, SVP & GM, Data Protection, Veritas answers this question in his latest blog found here: https://www.veritas.com/blogs/when-cybercriminals-no-longer-break-in-and-simply-log-in-how-do-you-protect-your-valuable-data?om_camp_id=global_osoc_SocialEmbrace Unified Cyber Resilience with Veritas 360 Defense
Protecting your business technology against an evolving array of cyber risks and security concerns is a big challenge that requires an advanced multi-layered cyber defense strategy. Are you confident in your ability to protect and recover your IT services in the event of a cyber-attack? Veritas 360 Defense is a comprehensive and proven strategy to keep your applications and data safe and highly available – using native functionality that offers immutability, indelibility, and resiliency to protect against cyber-attacks. Veritas 360 Defense helps you deliver IT services that are secure, resilient, and quickly recoverable while providing the smooth experience that your end users expect. Learn more about the three principles of how Veritas 360 Defense is a multi-faceted, extensible cyber resiliency and data protection architecture in Tom Kozlowski's latest article: https://www.veritas.com/blogs/embrace-unified-cyber-resilience-with-veritas-360-defenseNoEscape
NoEscape ransomware emerged in May of 2023 and functions as a Ransomware-as-a-Service(RaaS). CERT-In issued an alert for NoEscape ransomware which is believed to be a rebrand of Avaddon and has impacted around 10+ victims in October'23 alone. NetBackup Malware Scan results : Detected Attack Pattern : Encrypted files will have a random 10-character extension appended to the filename, which is unique for each attack.Fall Announcement: Veritas™ 360 Defense to Deliver Cyber Resilience On-Prem and Across Clouds
Introducing Veritas 360 Defense, the first extensible architecture in its space that brings together leading data protection, data governance, and data security capabilities. Veritas 360 Defense delivers a unique set of cyber resilience capabilities integrated with leading security vendors. Learn more about the announcement here: https://vrt.as/3Q6UtGP Want to learn more? Veritas Names Microsoft as First Veritas 360 Defense Partner to Achieve REDLab Validation for Security Solutions. Read the press release here: https://vrt.as/3MeSVtl The new Veritas 360 Defense architecture unites data security, protection, and governance to provide unmatched resilience in the face of Cyber Threats. Learn more in a blog from Veritas SVP & GM, Data Protection, Matt Waxman: https://vrt.as/3S79dbm Subscribe to the Veritas Cyber Resiliency Newsletter: https://www.linkedin.com/build-relation/newsletter-follow?entityUrn=7087517951578304513MGM Grand Attack - ALPHV/BlackCat
Recently, we all heard about MGM grand attack. As per the reports, Attackers got the access of system using vishing attack. A 10 minute phone call with attacker pretending to be an employee caused this massive breakdown. A group known as Scattered Spider is believed to be responsible for the MGM breach, and it reportedly used ransomware made by ALPHV aka BlackCat, a ransomware-as-a-service group. we have covered our observation on this Ransomware in REDLab newsletter in July 2023. We tested this strain in the REDLab which was detected by our client health detection feature and a system anomaly as well as an alert was generated with file-systems backup.Veritas L!VE: Reduce Risks with a Red Team
This week, I had the opportunity to sit down with Walter Angerer, Veritas SVP of Engineering, and Sonali Jeurkar, Veritas Director of SQA Engineering, for a fantastic discussion about Veritas REDLab on the latest episode of Veritas L!VE. We explored the role of an internal red team and how they can up-level an organization's cyber security posture. Thanks to questions from the audience, we dug into the importance of penetration testing across technologies in your environment, whether on-prem, hybrid, or in the cloud.
Group Content
Join this group for regular updates, findings, best practices, and insights from the Veritas REDLab and the ever evolving world of Cybersecurity.Owned by: benspickard and JustineVelcichCreated: 2 years agoLatest Activity: 1 year ago
Open Group