In our new threat briefing, Forescout’s Vedere Labs details tactics, techniques and procedures (TTPs) commonly adopted by ransomware groups and provides specific mitigation recommendations. In addition to basic cyber hygiene practices, we recommend using Forescout XDR for extended detection and response. Its 1,500+ detection rules cover hundreds of the TTPs most commonly used by ransomware.

In our new threat briefing report, Forescout’s Vedere Labs provides details on the recent ransomware campaign targeting VMware ESXi virtualization servers, or hypervisors, and analyzes two payloads used in these attacks: variants of the Royal and Clop ransomware. We also present the tactics, techniques and procedures (TTPs) used by attackers in this campaign, discuss mitigation recommendations and list indicators of compromise (IOCs) that can be used for detection or threat hunting.

According to a Mandiant survey of 1,350 global business and IT leaders, when trying to secure their networks against cyber threats, nearly all respondents (96%) believe it’s important to understand the threat actors targeting their organizations. That’s hardly a surprise. But then there’s this finding: 79% of respondents say that most of the time, they make decisions about cyberattacks without insights into who could be targeting their organization.

On October 3, 2022 the Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive 23-01 – Improving Asset Visibility and Vulnerability Detection on Federal Networks, a compulsory order intended to “make measurable progress toward enhancing visibility into agency assets and associated vulnerabilities.” BOD 23-01 mandates that Federal Civilian Executive Branch (FEEB) agencies complete a series of required actions within six months, or by April 3, 2023.

Forescout’s Vedere Labs latest research report is the first systematic study into deep lateral movement: how advanced adversaries can move laterally among devices at the controller level – also known as Purdue level 1 or L1 – of OT networks.

In our new threat briefing report, Forescout’s Vedere Labs analyzes the Royal ransomware threat actor group and encryptor payload, presents threat hunt opportunities for network defenders and shares details of the group’s tactics, techniques, and procedures (TTPs).

With 70 international plants spanning 15 different countries, the AES Corporation is a next-generation energy company helping lead the way to a carbon-neutral future. Like many organizations, AES wanted to improve the security posture within their OT networks with technology spanning multiple vendors. Recently I sat down with Kyle Oetken, Director of Cyber Defense, and Andrew Plunket, Sr. Cybersecurity Engineer (OT), at AES to discuss the challenges and lessons learned for securing OT environments.

On December 9, 2021, Apache upended the cybersecurity industry by publishing a zero-day vulnerability (CVE-2021-44228) for its ubiquitous Log4j logging utility. Dubbed Log4Shell, the remote code execution flaw (CVSS score:10) allows an attacker to take control of a connected device and run malicious code, access sensitive data or alter its configuration. Because Logj4 is free and easy-to-use, it’s embedded (often deeply) in Java applications used by IT and OT platforms worldwide.