Read the original article: New Report: Falcon OverWatch Threat Hunting Leaves Adversaries with Nowhere to Hide CrowdStrike® Falcon OverWatch™ has released its new report, 2020 Threat Hunting Report: Insights from the CrowdStrike Falcon OverWatch Team. Now in its third year,…
Category: https://www.crowdstrike.com/blog/feed
Why Cybercrime Remains a Worrying Business Challenge in a COVID-lockdown World
Read the original article: Why Cybercrime Remains a Worrying Business Challenge in a COVID-lockdown World The following is an article that was originally published in Intelligent CIO Magazine and is republished here with its consent. With cybercriminals intent on exploiting…
Custom Alerts for IT Hygiene
Read the original article: Custom Alerts for IT Hygiene Introduction As many organizations around the globe are settling into longer-term remote working situations for their employees, IT Hygiene should be at the forefront of preventative security protocol. Adversaries are getting…
Finding Waldo: Leveraging the Apple Unified Log for Incident Response
Read the original article: Finding Waldo: Leveraging the Apple Unified Log for Incident Response As of macOS 10.12 Sierra, incident responders have been able to turn to a new endpoint log source for investigative answers: the Apple Unified Log (AUL).…
Response When Minutes Matter: A Simple Clue Uncovers a Global Attack Campaign
Read the original article: Response When Minutes Matter: A Simple Clue Uncovers a Global Attack Campaign In this blog, we describe a recent incident that highlights the CrowdStrike® Falcon Complete™ team’s ability to act as an extension of our customer’s…
The Current State of Exploit Development, Part 2
Read the original article: The Current State of Exploit Development, Part 2 In Part 1 of this two-part blog series, we addressed binary exploitation on Windows systems, including some legacy and contemporary mitigations that exploit writers and adversaries must deal…
PowerShell Hunting with CrowdStrike Falcon
Read the original article: PowerShell Hunting with CrowdStrike Falcon Introduction Threat hunting is the active search for new and novel attack behaviors that aren’t detected by current automated methods of prevention and detection. Threat hunting starts with human analysts, who…
How to Use Custom Filters in Falcon Spotlight
Read the original article: How to Use Custom Filters in Falcon Spotlight Introduction This article and video will provide an overview of the power of custom filters in Falcon Spotlight. Spotlight provides customers with realtime data about the vulnerabilities in…
How to Use RiskIQ to Enrich Detections with Internet Intelligence
Read the original article: How to Use RiskIQ to Enrich Detections with Internet Intelligence Introduction In this article, we will show you how using the RiskIQ Illuminate app can enrich your CrowdStrike Falcon Insight detections with additional pivot features. RiskIQ…
Reducing the Attack Surface with Custom Indicators of Attack
Read the original article: Reducing the Attack Surface with Custom Indicators of Attack Introduction The evolving nature of malicious activity is keeping security teams on their toes. Adversaries may start with commodity malware but quickly shift tactics as they encounter…
The Current State of Exploit Development, Part 1
Read the original article: The Current State of Exploit Development, Part 1 Memory corruption exploits have historically been one of the strongest accessories in a good red teamer’s toolkit. They present an easy win for offensive security engineers, as well…
Fal.Con 2020: Going Beyond Today’s Typical Virtual Event
Read the original article: Fal.Con 2020: Going Beyond Today’s Typical Virtual Event Nine years ago, we built CrowdStrike in the cloud, pioneering new technologies and rocketing our way to the forefront of cybersecurity — and this year, we’re leading the…
Fal.Con 2020: Going Beyond Today’s Typical Virtual Event
Read the original article: Fal.Con 2020: Going Beyond Today’s Typical Virtual Event Nine years ago, we built CrowdStrike in the cloud, pioneering new technologies and rocketing our way to the forefront of cybersecurity — and this year, we’re leading the…
Securing Elections Globally: How CrowdStrike Is Helping
Read the original article: Securing Elections Globally: How CrowdStrike Is Helping As a global leader in protecting elections, we want to explain our perspective on election security issues and share some resources with the elections community. Free and fair elections…
Memorizing Behavior: Experiments with Overfit Machine Learning Models
Read the original article: Memorizing Behavior: Experiments with Overfit Machine Learning Models In this blog, we present the results of some preliminary experiments with training highly “overfit” (interpolated) models to identify malicious activity based on behavioral data. These experiments were…
Join CrowdStrike at the Black Hat 2020 Virtual Event
Read the original article: Join CrowdStrike at the Black Hat 2020 Virtual Event Black Hat 2020 will be a virtual event for the first time in its 23-year history, and CrowdStrike is thrilled to be a Titanium sponsor for this…
Actionable Indicators to Protect a Remote Workforce
Read the original article: Actionable Indicators to Protect a Remote Workforce Introduction As the world continues to adjust to the new reality of employees working from anywhere and at any time, security teams are working overtime to protect users from…
Asia Pacific and Japan Survey Reveals the Future Expectations of Cybersecurity in the Wake of COVID-19
Read the original article: Asia Pacific and Japan Survey Reveals the Future Expectations of Cybersecurity in the Wake of COVID-19 For almost every organization within the APJ region, the past four months have seen a fundamental shift in how they…
Attackers Are Trying to Take a Bite Out of the Apple
Read the original article: Attackers Are Trying to Take a Bite Out of the Apple Over the past year, CrowdStrike® Services has observed threat actors increasingly targeting macOS environments — and using relatively unsophisticated methods to gain access. Even though…
New Podcast Series: The Importance of Cyber Threat Intelligence in Cybersecurity
Read the original article: New Podcast Series: The Importance of Cyber Threat Intelligence in Cybersecurity A new CrowdStrike® podcast series hosted by Cybercrime Magazine focuses on the critical role cyber threat intelligence (CTI) plays in an effective cybersecurity strategy. The…
Manufacturing Industry in the Adversaries’ Crosshairs
Read the original article: Manufacturing Industry in the Adversaries’ Crosshairs Since January 2020, the CrowdStrike® Falcon OverWatch™ managed threat hunting team has observed an escalation in hands-on-keyboard activity. The COVID-19 pandemic has fundamentally shifted the way businesses are working, and…
Manufacturing Industry in the Adversaries’ Crosshairs
Read the original article: Manufacturing Industry in the Adversaries’ Crosshairs Since January 2020, the CrowdStrike® Falcon OverWatch™ managed threat hunting team has observed an escalation in hands-on-keyboard activity. The COVID-19 pandemic has fundamentally shifted the way businesses are working, and…
Automating Remote Remediation of TrickBot via Falcon’s Real Time Response API: Part 2
Read the original article: Automating Remote Remediation of TrickBot via Falcon’s Real Time Response API: Part 2 This is Part 2 in a two-part blog series covering the CrowdStrike® Falcon Complete™ team’s ability to remotely remediate “TrickBot,” a modular trojan…
Flexible Policy Management for Remote Systems
Read the original article: Flexible Policy Management for Remote Systems Introduction As organizations shift to supporting more remote workers, protection policies for laptops and systems that are no longer behind traditional perimeter defenses need to be updated. Can administrators quickly…
Automating Remote Remediation of TrickBot via Falcon’s Real Time Response API: Part Two
Read the original article: Automating Remote Remediation of TrickBot via Falcon’s Real Time Response API: Part Two This is Part Two in a two-part blog series covering the CrowdStrike® Falcon Complete™ team’s ability to remotely remediate “TrickBot,” a modular trojan…
Automating Remote Remediation of TrickBot via Falcon’s Real Time Response API: Part 1
Read the original article: Automating Remote Remediation of TrickBot via Falcon’s Real Time Response API: Part 1 The combination of commodity banking malware and ransomware is nothing new in the threat landscape. Adversaries continue to develop new tactics that enhance…
Automating Remote Remediation of TrickBot via Falcon’s Real Time Response API: Part 1
Read the original article: Automating Remote Remediation of TrickBot via Falcon’s Real Time Response API: Part 1 The combination of commodity banking malware and ransomware is nothing new in the threat landscape. Adversaries continue to develop new tactics that enhance…
System Recovery using Real Time Response
Read the original article: System Recovery using Real Time Response Introduction Cyberattacks including ransomware have increased as work environments have changed, and organizations have shifted to supporting more remote personnel. With threats increasing against these remote systems, the ability to…
Python 2to3: Tips From the CrowdStrike Data Science Team
Read the original article: Python 2to3: Tips From the CrowdStrike Data Science Team After more than a decade, the sun has set on Python 2. Love it or hate it, Python 2.7.18 is the final official release — and to…
The Fal.Con for Public Sector Conference Is On Demand With Recommendations for Securing Your Remote Workforce
Read the original article: The Fal.Con for Public Sector Conference Is On Demand With Recommendations for Securing Your Remote Workforce The CrowdStrike® 2020 Fal.Con for Public Sector Virtual Cybersecurity Conference was held on June 24 — the second year for…
GuLoader: Peering Into a Shellcode-based Downloader
Read the original article: GuLoader: Peering Into a Shellcode-based Downloader GuLoader, a malware family that emerged in the wild late last year, is written in Visual Basic 6 (VB6), which is just a wrapper for a core payload that is…
CrowdStrike Joins with Netskope, Okta and Proofpoint to Secure Remote Work Anytime and Anywhere at Scale
Read the original article: CrowdStrike Joins with Netskope, Okta and Proofpoint to Secure Remote Work Anytime and Anywhere at Scale CrowdStrike, Netskope, Okta and Proofpoint are joining together to help better safeguard organizations by delivering an integrated, Zero Trust security…
Remote-Friendly vs. Remote-First: Being Part of CrowdStrike’s Distributed Workforce
Read the original article: Remote-Friendly vs. Remote-First: Being Part of CrowdStrike’s Distributed Workforce Over the past decade, remote work has been gradually shifting from a coveted perk to a popular arrangement, especially in the tech sector — and in recent…
Expanding Protection with Remote System Control
Read the original article: Expanding Protection with Remote System Control Introduction Sinkholes can be used by both bad actors and system administrators alike. Bad actors can redirect systems to malicious domains and security admins can stop systems from reaching those…
We Stop. So You Can Go.
Read the original article: We Stop. So You Can Go. In March 2020, at the beginning of the U.S. response to the worldwide COVID-19 pandemic, I expressed my gratitude for the healthcare workers and other first responders who put themselves…
CrowdStrike Incident Workbench Speeds Incident Response
Read the original article: CrowdStrike Incident Workbench Speeds Incident Response Recently, CrowdStrike introduced the new CrowdStrike® Incident Workbench, a more effective and efficient way to visualize and prioritize security incidents. With alert fatigue so prevalent among security teams, CrowdScore™ and…
How CrowdStrike Secures Cloud Workloads
Read the original article: How CrowdStrike Secures Cloud Workloads Introduction The CrowdStrike solution has been designed to provide proven endpoint protection to all workloads, regardless of their location. CrowdStrike Falcon protects physical servers and virtual machines in private data centers…
Threat Hunting with a Remote Workforce
Read the original article: Threat Hunting with a Remote Workforce Introduction In the world of cybersecurity, adversaries and defenders are constantly trying to outmaneuver each other and gain strategic advantage. For example, attackers are keenly aware that the shift to…
Sneak Peek: 2020 Fal.Con for Public Sector Virtual Cybersecurity Conference
Read the original article: Sneak Peek: 2020 Fal.Con for Public Sector Virtual Cybersecurity Conference Although the global COVID-19 pandemic has required the cancellation of many events this year, the CrowdStrike® 2020 Fal.Con for Public Sector conference is moving forward as…
Attackers Are Targeting Cloud Service Providers
Read the original article: Attackers Are Targeting Cloud Service Providers Companies are increasingly relying on cloud-based infrastructure, especially as more of their employees are working remotely — and may continue to do so. Public, private and hybrid clouds allow access…
CrowdStrike’s work with the Democratic National Committee: Setting the record straight
Read the original article: CrowdStrike’s work with the Democratic National Committee: Setting the record straight June 5, 2020 UPDATE Blog update following the release of the testimony by Shawn Henry, CSO and President of CrowdStrike Services, before the House Intelligence…
Fighting Hackers From Your Couch: Five Things You Should Know
Read the original article: Fighting Hackers From Your Couch: Five Things You Should Know COVID-19 has reshaped our lives as we know it, and the same goes for hackers’ business models. To learn more about how COVID-19 has changed the…
Remote Internships: One-time Necessity or the Next Big Thing?
Read the original article: Remote Internships: One-time Necessity or the Next Big Thing? For some university students, the impact of COVID-19 closures has gone from disappointing to devastating, as social distancing measures and stay-at-home orders cancel everything from sports seasons…
Remediation with a Remote Workforce
Read the original article: Remediation with a Remote Workforce Introduction Remote systems can be easy targets for attackers. When these systems are compromised, responders need to work quickly to understand the attack and take action to remediate. The responders need…
Three Best Practices for Building a High-Performance Graph Database
Read the original article: Three Best Practices for Building a High-Performance Graph Database CrowdStrike® employees like to say that there is big data, huge data and our data. To date, we have collected, analyzed and stored more than 15 petabytes…
Lateral Movement Detection with a Remote Workforce
Read the original article: Lateral Movement Detection with a Remote Workforce Introduction The shift to a larger remote workforce has expanded the attack surface for many organizations. With fewer traditional defenses in place, a remote system can be an easy…
Weaponized Disk Image Files: Analysis, Trends and Remediation
Read the original article: Weaponized Disk Image Files: Analysis, Trends and Remediation Throughout 2019 and the beginning of 2020, the CrowdStrike® Falcon CompleteTM team continuously observed a spike in the delivery of weaponized disk image files. Files such as ISO…
The Wand Is Only as Good as the Magician: Getting the Most From Prevention Tools
Read the original article: The Wand Is Only as Good as the Magician: Getting the Most From Prevention Tools As organizations deal with newly remote workers and business uncertainty, prevention is more important than ever. Cyberattackers are looking to capitalize…
Best Practices: Improving Fault-Tolerance in Apache Kafka Consumer
Read the original article: Best Practices: Improving Fault-Tolerance in Apache Kafka Consumer How to effectively manage client-side partial failures, avoid data loss and process errors Apache Kafka is the gold standard for building real-time data pipelines and streaming apps. Scalable,…
Best Practices: Improving Fault-Tolerance in Apache Kafka Consumer
Read the original article: Best Practices: Improving Fault-Tolerance in Apache Kafka Consumer How to effectively manage client-side partial failures, avoid data loss and process errors Apache Kafka is the gold standard for building real-time data pipelines and streaming apps. Scalable,…
Employing FeatureUsage for Windows 10 Taskbar Forensics
Read the original article: Employing FeatureUsage for Windows 10 Taskbar Forensics During a cybersecurity investigation, digital forensics and incident response (DFIR) professionals need to obtain information from different artifacts to determine exactly what has occurred on a machine. When performing…
Falcon X – Intelligent Alerts for a Remote Workforce
Read the original article: Falcon X – Intelligent Alerts for a Remote Workforce Introduction The widespread impact of the new coronavirus has not deterred cyber adversaries. In fact, quite the opposite is happening. In times of crisis, adversaries often try…
Oh No! My Data Science Is Getting Rust-y
Read the original article: Oh No! My Data Science Is Getting Rust-y Python is one of the most popular programming languages for data scientists — and for good reason. The Python Package Index (PyPI) hosts a vast array of impressive…
The Business Case for “Remote-First”
Read the original article: The Business Case for “Remote-First” How a distributed workforce enables better performance, stronger results and a positive culture Imagine it’s 2 a.m. ET on July 4. A New York-based financial services company is being targeted by…
The Business Case for “Remote-First”
Read the original article: The Business Case for “Remote-First” How a distributed workforce enables better performance, stronger results and a positive culture Imagine it’s 2 a.m. ET on July 4. A New York-based financial services company is being targeted by…
Global Survey: The Cybersecurity Reality of the COVID-19 Remote Workforce
Read the original article: Global Survey: The Cybersecurity Reality of the COVID-19 Remote Workforce For many organizations, the rapid transition to an entirely remote workforce due to shelter-in-place orders has brought on a slew of sudden and profound cybersecurity challenges.…
Which Way Did She Go? Speeding Up Lateral Movement Investigations
Read the original article: Which Way Did She Go? Speeding Up Lateral Movement Investigations One of the biggest challenges facing security investigators is creating a full picture of a threat, piecing together disparate pieces of information that may occur across…