With the rise of cyberwarfare against Ukraine and Russia, one could agree that there could be potential blowback from the sanctions that the United States has placed on the country of Russia. Some of the attacks that have been observed against Ukraine are attacks that include data wiping malware, such as HermeticWiper, Whispergate, and IsaacWiper. There have also been ... READ MORE
Blog
Wi-Fi Security and Design Considerations
When wireless networks are created and designed in the modern enterprise, security for these networks is necessary, but so is ensuring the business requirements are aligned. Everything from antenna placement, conducting site surveys, antennas used, supported cipher suites, authentication protocols, and the EAP type used can all play a role in the security of a ... READ MORE
The easiest way to not get eaten is to at least try to not look like food: Hardening attack surfaces – Part 1
This will be a miniseries of posts; this is part 1 of 4. I was advised by a leader long ago in my consulting career to never do “Free Consulting.” I still strongly believe in that sentiment today, but there is also a part of me that wants to give back to the community, and this post is my and RSM Defense’s way of doing so. I also strongly believe that in 2022, threat actor ... READ MORE
WMI & PowerShell for Offensive Security
As a penetration tester, learning how to use a CLI (Command Line Interface) is a necessary skill as there are many times where an interactive interface such as Remote Desktop won’t be available. Starting with a standard command prompt for Windows (cmd.exe) is a great start. However, there are more advanced and feature rich CLI interfaces. Two of which are WMI (Windows ... READ MORE
Log4j/Log4Shell Basics – CVE–2021–44228
On December 9, 2021 it was widely announced that a zero-day vulnerability was identified and is already drawing the attention of cyber criminals. A lot has already been written across the internet about the most recent vulnerability in Java’s Log4j utility. We will do our best to keep this simple and to the point. If you develop your own applications using Java, you should be ... READ MORE
Digital piracy through ransomware: A change in tides
Due to the tidal wave of ransomware attacks since 2018, the seas are changing, and the attackers are now becoming the attacked. A disparate group of entities have started to fight back against these modern-day pirates in an epic battle which will likely change how ransomware attacks are handled going forward. Years ago, digital pirates targeted healthcare and relatively ... READ MORE
2021 Attack Vectors Report
For many years, RSM has made a continuous effort to assist organizations in addressing cybersecurity challenges, provide tools to achieve a desired state of security, and deliver guidance for attack prevention. We perform security penetration testing to simulate attacks on internal networks and closely mimic security breaches within controlled environments. By conducting these ... READ MORE
Russia’s new breadbasket is America’s Mid-West
The BlackMatter ransomware group, which claims to be the successor to the ostensibly, but possibly not so retired threat actor groups REvil/DarkSide, has successfully breached an Iowa-based grain and farm services provider. The provider, which operates grain elevators, trades crops and provides other support to Iowa and surrounding farmers, says it's has taken it’s systems ... READ MORE
Counterfeit COVID-19 Cards? An Analysis of Vaccination Record Security
The following article has been published exclusively with the intentions of being used for education and training purposes. The author (Luke Labenski), War Room Blog, and RSM do not condone nor approve the usage of the information provided below for malicious purposes. Fraud and forgery are punishable by law and can be met with significant jail time as well as fines. It is ... READ MORE
Identifying Credit Card Skimmers Using Linux’s “strace” Command
RSM US LLP’s (RSM’s) digital forensics and incident response (DFIR) team recently worked a case where a client was informed that their website’s payment platform was suffering from an ongoing attack. Based on customer complaints and common point-of-purchase (CPP) notifications from issuing banks, the client feared that credit card information was being scraped from purchases ... READ MORE