VOX

This week, I had the opportunity to sit down with Walter Angerer, Veritas SVP of Engineering, and Sonali Jeurkar, Veritas Director of SQA Engineering, for a fantastic discussion about Veritas REDLab on the latest episode of Veritas L!VE. We explored the role of an internal red team and how they can up-level an organization's cyber security posture. Thanks to questions from the audience, we dug into the importance of penetration testing across technologies in your environment, whether on-prem, hybrid, or in the cloud. ... View more

In our fully isolated REDLab, the Veritas team detected abnormal activity when testing NetBackup clients with live malware samples. The Client Health anomaly extension checks the health of the digital host certificate deployed on a NetBackup client and triggers a system anomaly when a compromised certificate is detected. Once this condition is detected, the Client Health anomaly extension creates a critical audit event that indicates a break down in communication with the NetBackup client. An alert is also generated which can be relayed into the operating system logs (syslogs or event viewer), or into an external log aggregation platform such as SIEM/XDR or Veritas IT Analytics tools. You can download this new NetBackup Anomaly extension from the Veritas Download Center. For more information, review the NetBackup™ Anomaly Detection Extensions Guide. ... View more

The Indian Computer Emergency Response Team (CERT-In) issued an advisory reporting new ransomware Akira, which appears to be based on the original version of the Ryuk crypto-locking malware code. The ransomware group claims to have hit at least 63 organizations since its launch – mostly in the US Attack Pattern: The ransomware is designed to encrypt data on infected computers and manipulate filenames by appending the ".akira" extension. Tip for Akira: Keep an eye out for failed backups with ‘error 9132’. ... View more

The Rhysida ransomware gang – which is part of Rhysida malware family is a relatively new operation which has yet to accumulate victims at scale although in June 2023 there was a successful attack on one South America country Army. Attack Pattern: Encrypts files and renames those to .rhysida. After encryption is finished, leaves a ransom note titled “CriticalBreachDetected.pdf”.  ... View more

Image expiry anomaly detection extension adds the capability to detect any unusual image expiry date modifications causing early expiration. This new capability uses machine learning based model to form a normal trend of users who are expiring images manually or changing the expiry date. Also, if suddenly a new user starts doing image expirations which the ML model has not yet seen in past, it will generate anomaly in the form of notification in NetBackup. Action: Once the Anomaly gets generated, this extension will raise a notification indicating the abnormal activity done by a user. It reports the username and when the user carried out the abnormal activity.  ... View more