Detecting Remote Access Trojan

We Smell a RAT: Detecting a Remote Access Trojan That Snuck Past a User

Julie Brown

You can have the best firewalls and perimeter defenses in place, but if your users aren’t aware of phishing techniques and malicious email attachments, it can be your undoing. Today we’re going to break down an attack that we detected for a Red Canary customer in which a malicious executable was renamed to look like an important document. While it’s … Read More

Credential Harvesting

Credential Harvesting on the Rise

Keith McCammon, Chief Security Officer

Red Canary began to see its annual spike in credential harvesting attacks last week. These attacks typically increase as tax season approaches and adversaries gear up to file fraudulent tax returns. Here’s what organizations need to know to understand and mitigate the risk. How Credential Harvesting Works Adversaries send the victim a personalized lure, which is typically an email containing … Read More

Mapping Detectors to MITRE ATT&CK

Red Canary ATT&CKs (Part 3): Mapping Our Detectors to ATT&CK Techniques

Kyle Rainey

As discussed in Part 1 of this series, we decided that using the MITRE ATT&CK framework would give us a common language to describe adversary tactics and techniques. This would help us to effectively share information amongst our internal teams, our customers, and the community at large. In this post, we will walk through the process of mapping our 800+ … Read More

Red Canary Product

Red Canary ATT&CKs (Part 2): Designing ATT&CK Interfaces in Red Canary

Chris Rothe

This is the second part of a series on why and how Red Canary chose MITRE’s ATT&CK framework as our common language for adversary tactics and techniques. This post describes the design and interface tradeoffs our engineering team considered, lessons learned, and key takeaways that security teams can use when applying ATT&CK to their security programs. When Red Canary’s security … Read More

Red Canary and MITRE ATT&CK

Red Canary ATT&CKs (Part 1): Why We’re Using ATT&CK Across Red Canary

Keith McCammon, Chief Security Officer

Information security is grounded in risk management. And, because what gets measured gets managed, we rely on a variety of frameworks and key performance indicators to tell us whether we’re moving in the right direction. Frameworks like those provided by the National Institute of Standards and Technology (NIST) and the Federal Financial Institutions Examination Council (FFIEC) allow us to measure … Read More

Celebrating Red Canary’s Best Security Blogs of 2017

Suzanne Moore

2017 was a big year for the Red Canary blog! We wrote dozens of articles and added a roster of outstanding contributors—ranging from security analysts, threat researchers, technical account managers, and incident responders to C-level security experts both inside and outside of Red Canary. A few articles really caught the attention of the security community in 2017, so we wanted … Read More

Security Team

What Makes a Great Security Team? 4 Standout Qualities

Ben Johnson

This guest post was contributed by Ben Johnson, co-founder and CTO of Obsidian Security, a stealth startup based in Southern California. Prior to Obsidian, Ben co-founded and was CTO of Carbon Black. In infosec, we are often quick to call out the people, processes, and technology that we believe are selling snake-oil, are needlessly inefficient, or don’t perform as expected. … Read More