The ICEBRG Blog

Defining the future

August 2, 2018

By: William Peteroy

When Josh and I first set out on this journey, it was for a simple reason—to build new capabilities that would have a meaningful impact on enterprise security. We started with the idea that if enterprises can be compromised for less than $25 with simple phishing schemes while defenders faced incredible amounts of complexity and cost to mount a reasonable defense then something must change.

Welcome, 2018 Interns

June 19, 2018

By: ICEBRG
  • Tags:
  • Culture
  • Internship

This week ICEBRG is pleased to welcome a talented group of interns to our Security Research Team (SRT) and Customer Success department. Over the next 14 weeks, our interns will get a look inside the world of network security and ICEBRG’s culture.

Adobe Flash Zero-Day Leveraged For Targeted Attack in Middle East

June 7, 2018

By: Chenming Xu, Jason Jones, Justin Warner, Dan Caselden
  • Tags:
  • Exploitation
  • File Analysis
  • Flash
  • Threat Detection
  • Zero-Day

ICEBRG’s Security Research Team (SRT) has identified active exploitation of a zero-day vulnerability in Adobe Flash that appears to target persons and organizations in the Middle East. The vulnerability (CVE-2018-5002) allows for a maliciously crafted Flash object to execute code on victim computers, which enables an attacker to execute a range of payloads and actions.

ICEBRG GDPR Compliance and Data Protection

May 25, 2018

By: Emily Anderson
  • Tags:
  • Data Protection
  • GDPR
  • Privacy

In security, we rely on data (and a lot of it!) to do our work—identify threats and stop bad actors. That mission can still be accomplished while remaining compliant with privacy laws such as the European Union’s General Data Protection Regulation (GDPR).

MORE EXTENSIONS, MORE MONEY, MORE PROBLEMS

April 13, 2018

By: Spencer Walden, Justin Warner
  • Tags:
  • Click-Fraud
  • Threat Research

In January, ICEBRG disclosed the presence of malicious Google Chrome extensions that were impacting over a half-million endpoints worldwide, enabling a massive click-fraud campaign and exposing significant risk to enterprises. After notifying Google, these extensions were removed from the Chrome store from users as well. Over the past two months, ICEBRG’s Security Research Team (SRT) continued to monitor for and identify new Chrome extensions suspected of engaging in similar click-fraud activity. This resulted in the identification of 35 additional extensions impacting at least 153,000 additional victims.

Intelligent Detections—The Kobayashi Maru of Security

April 13, 2018

By: Dan Caselden, Jason Rebholz
  • Tags:
  • Threat Detection

While “alert fatigue” may sound like a trendy catchphrase, it is a real issue that security analysts face every day. The ever-increasing number of security alerts from a growing number of devices often results in more noise than useful detections. The unfortunate truth is that many of these alerts are not real security issues nor do they necessarily align with the organization’s strategy to reduce risk. Furthermore, the sheer volume of this noise is costly, leading to complacency, lost productivity, and ultimately increased vulnerability to attacks. This puts the organization’s security team in a “Kobayashi Maru” no-win situation. Course correcting out of this situation, or avoiding it altogether, requires a new approach with a focus on data quality fundamentals and more intelligent detections.

Evolve Your Detection Capabilities With Threat Hunting

March 28, 2018

By: Justin Warner, Stephen Hinck
  • Tags:
  • Threat Hunting

Highly motivated threat actors continue to evolve their tactics, techniques, and procedures (TTPs) to better evade traditional defenses and hide in the noise of your environment. Organizations must evolve their defenses and step past relying solely on traditional defenses and maximize their visibility to incorporate proactive detection methodologies—the prime example being threat hunting, which is the process of searching your environment for threat activity based on attacker tactics.

Solve the Equation to a More Secure Environment

March 14, 2018

By: Jason Rebholz
  • Tags:
  • Network Visibility
  • Thought Leadership

Imagine driving a car where you could only see through your front windshield and you’re seconds away from merging onto a busy highway. That moment, where you lack the proper visibility when you need it most, creates an unsafe situation where a collision is imminent. Unfortunately, that type of visibility is a common theme that organizations encounter while defending their networks. The solution—maximize the field of vision in your environment and its surroundings. Let’s break that down.

Malicious Chrome Extensions Enable Criminals to Impact Over Half a Million Users and Global Businesses

January 18, 2018

By: ICEBRG SRT, Justin Warner, Contributor: Mario De Tore
  • Tags:
  • Click Fraud
  • Threat Research

Most leading web browsers, including Google Chrome, offer users the ability to install extensions. While these web-based applications can enhance the user's overall experience, they also pose a threat to workstation security with the ability to inject and execute arbitrary code. Coupling an extension marketplace style “easy install” for users, limited understanding of the underlying risks, and few compensating controls leaves organizations vulnerable to a serious and easily overlooked attack vector. To a motivated threat actor, this approach presents a range of opportunities, from co-opting enterprise resources for advertising click-fraud to leveraging a user’s workstation as a foothold into the enterprise network.

Coin Mining by Opportunistic and Automated Threats

January 12, 2018

By: Justin Warner
  • Tags:
  • coin mining
  • Cryptocurrency
  • Threat Research

With the recent surge in popularity and increasing value of cryptocurrency, it should be no surprise that financially motivated threat actors have begun leveraging their victims to contribute to “mining” efforts, where the computing resources of the victim are used to generate cryptocurrency for the threat actor. To succeed in making a large profit, the actors must continually compromise a large number of victims and utilize significant computing resources. This demand for mass compromise has forced these threat actors to adopt automated methods that rely on opportunistic exploitation to outpace defenders, increasing the number of victims as quickly as possible with minimal cost.