AT&T’s Digital Forensic Incident Response (DFIR) team has been observing cybercriminal organizations steadily increase their ransomware capabilities over the last few years. We have seen ransomware grow in sophistication and capability at a rapid pace. So rapidly in fact, that each investigation shows a new tactic or change in the binary program responsible for encrypting clients’ data.

Cybersecurity penetration testing is a method of checking for security weaknesses in software and systems by simulating real-world cyber-attacks. Also known colloquially as 'pen tests,' penetration tests probe beyond the scope of automated vulnerability scans. Pen tests find gaps in protection that can arise when unique combinations of applications, systems, and security defenses work together in live environments.

WiFi signals can be put into two different categories, unencrypted and encrypted. Unencrypted WiFi, sometimes known as open WiFi, can be connected to without a password. Anyone with a phone, tablet, PC, video game system, or Internet of Things device within range of the open WiFi signal can use it as long as there aren’t more devices connected to the wireless access point than it can handle. But the data being sent to and from your device through the open WiFi signal is unencrypted.

The global cases of Novel Coronavirus are continually ticking upward in most parts of the world, and with every new case come further questions about the patients. Hospitals, governments and even general population is interested to know who the affected people are, what their health history is, which locations they visited, and who they interacted with prior to receiving positive test results.

Software-defined wide area networking (SD-WAN) is a distributed networking approach that provides organizations a sustainable alternative to high latency hub-and-spoke network topologies.

Just as cybersecurity professionals are getting used to the possible implications of quantum computers, a new front opens in the quantum arms race: using quantum computers for encryption. Though quantum computers remain a largely theoretical threat, some researchers are already working on ways to protect systems against the exponential increase in computing power they represent.

Managed SOC, also known as SOC as a Service, is a subscription-based offering whereby organizations outsource threat detection and incident response. Based on the concept of turning an internal security operations center (SOC) into an external cloud-based service, a managed SOC offers IT organizations external cybersecurity experts that monitor your logs, devices, cloud environments, and network for known and evolving advanced threats.

The current pandemic that has upended our lives and wreaked havoc across the world have also humbled countries to a shocking degree. As borders closed, so did major sectors, industries, and businesses. Brick-and-mortar establishments had to cease operations and resume their business remotely to comply with quarantine measures. As conditions are getting better, the next challenge is for governments to restore both lives and livelihoods.

The initial response to the COVID-19 pandemic put cybersecurity programs to the test. While organizations quickly rolled out business continuity plans to transition workers from the office to the home and to migrate business online to keep customers and supply chains moving, cybersecurity leaders have worked to help keep the business protected from an onslaught of cyber threats designed to prey on the disruption and uncertainty caused by COVID-19.

A well-run security operations center (SOC) stands as the central nervous system of an effective cybersecurity program. SOCs serve as a hub of organization-wide detection and response capabilities for the people tasked with stopping cyber threats within their organization.

As states begin to lift shelter in place orders and businesses reopen their doors, there is a lot of speculation as to what “the new normal” will look like. And so far, there are still more questions than answers for those of us working from home.

Small businesses are significant contributors to the economy. According to the U.S. Small Administration, they generate approximately 44% of the gross domestic product (GDP) in the U.S. However, small to medium enterprises (SMEs) are also frequently more vulnerable to the threats of our contemporary digital landscape.

Whether they were prepared for it or not, schools around the world have been forced to adopt an online learning model for students thanks to the COVID-19 pandemic. One of the biggest concerns educators need to have in this situation is exactly how to create a fully secure remote learning environment in order to keep sensitive information for both the schools and individual students safe from hackers.

What would we do without Bluetooth these days? Our earbuds and headphones would have to use annoying wires. We would have one less way to transfer files between your laptop and your phone. And how would you connect your phone to your car? But as a wireless data transfer standard, of course Bluetooth has some associated cybersecurity risks.

The COVID-19 pandemic has unveiled numerous vulnerabilities and shortcomings in the airline industry. What’s worse for aviation in particular over other industries is how airports have essentially served as the portal for the virus traveling from one country to another across the globe. As a result of severe travel restrictions implemented by nearly every country, airline companies have been hit hard and forced into a dire financial situation.

This Investigation was initiated on the basis of several Network Anomaly alarms triggered by ongoing suspicious activity on an employee device owned by a financial institution. During the discovery phase of the Investigation, we identified abnormal egress traffic to a known Indicator of Compromise (IOC) based on intelligence from the Open Threat Exchange™ (OTX®).

As we all know by now, the Internet is an excellent tool for business, learning, and entertainment. Not only is it a tool, but it's also an essential part of our lives. Information, connections, and opportunities at the touch or swipe of a finger. As more and more people go online, the age of the average user becomes lower and lower. What is the responsibility we have to safeguard the wellbeing of those that come after us into this new digital age?

Ervin McBride IV – TDP Engineer II contributed to this article. Stories from the SOC is a blog series that describes recent real-world security incident investigations conducted and reported by the AT&T SOC analyst team for AT&T Managed Threat Detection and Response customers.

The process of threat hunting involves proactively searching for malware or attackers that are hiding within a network. Rather than simply relying on security solutions or services to detect threats, threat hunting is a predictive element to a layered security strategy, empowering organizations to go on the offensive looking for threats.

There are around 39.5 million people in the U.S. aged over 65, and a high percentage of them, particularly women (nearly 40%) live alone. Living alone makes seniors more reliant on technology, which can be a savior (think Zoom, Skype and other communication-centered technology) as well as a threat (from phishing to fake antivirus software and bitcoin scams). Are seniors more vulnerable to cybersecurity threats, and if so, what can be done to reduce their risks?