Welcome to this edition of the ExtraHop TL;DR! This is your place to get the highlights on what we're talking about this month. You can also watch our video broadcasts on the third Friday of every month on our LinkedIn page.
Defend Against Log4j Exploits
A zero-day vulnerability referred to as Log4Shell (CVE-2021-44228) in the commonly used Java-based Apache utility Log4j has been disclosed. While the total impact is still to be seen, coin miners have been responsible for the initial batch of attacks, and the next wave will likely involve more sophisticated threats, including ransomware.
For more information on Log4j, check out these videos:
Josh Snow (1) - Log4j Exploit Explanation and Detection with ExtraHop Reveal(x)
Josh Snow (2) - New Log4j Detections in ExtraHop Reveal(x)
SolarWinds SUNBURST: One Year Later
This week marks the one year anniversary of the SolarWinds SUNBURST attack. While it was officially disclosed on December 13, 2020, further digging revealed the attack began many months earlier. By the time it was detected, it had spread to infect hundreds of thousands of companies. Take a look back and how it all started.
ESG Showcase: Network-Based Approach to Cloud Workload Security
ESG recently released an analyst report on how to manage and secure your ever-expanding cloud workload. As remote work continues to be how the world functions, keeping your cloud data safe is critical. Learn how to get unified and threat-centric protection across your hybrid environment.
Encryption vs. Visibility: Why SecOps Must Decrypt Traffic for Analysis
Having visibility is only part of the solution. Research shows that enterprises are increasingly encrypting traffic inside their networks (the east-west corridor), on the public internet, and in the north-south channel between them. While this is going on, attackers are increasingly using encrypted traffic to hide their malicious acts.
Effective Incident Response with Packet Capture
The fight against intruders starts with a powerful defense. But let's look at a worst-case scenario: someone snuck into your network and got a peek at your data. Where do you begin? With a modularly extensible PCAP repository, you can use packet data for root-cause analysis while fulfilling chain-of-custody evidence collection.
Threat of the Month: Advanced Persistent Threats
While the common catch-all term for sophisticated attacks is advanced threats, it can mean a number of different things. But the key goal remains the same: get into the network, find something of value, and use it for personal gain. Advanced persistent threats (APTs) gain entry—using tactics like exploiting vulnerabilities, applying social engineering, and deploying malware—then gather intelligence on the layout of the network.
From the ExtraHop Blog
Take a look at some of our recent stories.
Exchange Server Security Challenges
Microsoft recently patched some Exchange Server vulnerabilities. Understand the importance of network visibility in securing your critical server infrastructure.
How to Detect and Stop Lateral Movement
You may have tools to prevent attackers from entering your environment, but what happens after compromise? Find out how to detect and stop advanced threats.
Bridging Data Retention Gaps En Route to Zero Trust
Change is rapidly underway for many government agencies and public sector organizations as they work to implement fresh zero trust mandates.
In Other News
Read, watch, or listen to some interesting news from around the internet.
CyberWire Podcast: The Real Costs of Ransomware
Mike Campfield, VP and GM of International Sales and Global Security Programs at ExtraHop, recently sat down with CyberWire's Dave Bittner to discuss the past, present, and future of ransomware.
Reuters: Insurers Back out of Ransomware
Reuters recently reported that many insurance companies are discouraging their clients to pay for ransomware protection, explaining that it's actually making them appear more likely to pay out.
Dark Reading: Over 1,000 Individuals Arrested in Global Cybercrime-Fighting Operation
Between June and September of this year, Interpol arrested over 1,000 individuals, closed nearly 1,700 active investigations, and froze approximately 2,400 bank accounts associated with various online financial scams.
TechRepublic: Cybersecurity, the Pandemic, and the 2021 Holiday Shopping Season
Tis' the season for giving. If you're not done buying gifts for your loved ones, time is running out! But as you hop online to look for last-minute stocking-stuffers, make sure you're staying safe. In a recent article, TechRepublic detailed a few tips to keep your information secure.