The DBIR 2020 Lowdown

Paul Scott on May 22, 2020

It’s time for another usually weekly threat report. We’re covering quite a few essential stories from the last week: Verizon DBIR is out Australian mining breach Ransomware attack on hospitals thwarted by arrest Netwalker Ransomware goes fileless Phishers update their lures Out-of-band patch for Adobe RCE QNAP RCE chain with bonus Perch Labs signatures Let’s get this party started. Verizon DBIR 2020 is out On May 19, 2020, security researchers at Verizon released the Data Breach Investigation Report (DBIR) for 2020.

Read More

America’s Most Wanted: Exploit Edition

Paul Scott on May 14, 2020

This week, we’re going to take a look at: Evil Maid Thunderspies your Backplane America’s Most Wanted Exploits SaltStack RCE Exploits Hidden Cobra Malware Evil Maid Thunderclaps Back with Thunderspy Thunderspy is the new hotness in physical exploits targeting Intel’s Thunderbolt port. It takes less than five minutes to execute and impacts any Windows or Linux PC manufactured before 2019. Released by Eindhoven University of Technology researcher Björn Ruytenberg, Thunderspy involves unscrewing the physical backplate of a machine, attaching a device momentarily to reprogram the firmware, and reattaching the backplate (if you really want to).

Read More

Still working from home? Enable Cisco Meraki and Umbrella integrations while those Bagel Bites cool off

Stephanie Cruise on May 14, 2020

It’s official – we’ve added Cisco Meraki and Cisco Umbrella to the growing family of Perch-Cisco integrations, joining Cisco AMP for Endpoints and Duo, as well as Cisco Talos. What does that mean to you? Now you can gather your Meraki and Umbrella daterz together into one place and view it right alongside your network data and other logs, while Perch’s 24/7, Cisco certified SOC monitors it for any sign of cyber threat activity.

Read More

Go Becomes the New Go-To for Malware

Paul Scott on May 7, 2020

We have some special stuff for you in this usually weekly threat report. We’re releasing several IDS signatures and IoCs you can use to detect many of the threats we mention below. This week, we’re discussing: Two new malware strains choose Go An evolution in Qakbot campaigns And, Black Rose Lucy bringing ransomware to your Android NSPPS RAT goes live Citrix products are under attack in a recent wave of scans and exploits for CVE-2019-197811234.

Read More

How MSPs are at risk of buffalo jumps, dark auctions, leaks, exploits, and evasions

Paul Scott on April 23, 2020

It’s time for another usually weekly threat report. So many interesting things happened over the last week, with a few key threats catching our eye: A large MSP was buffalo jumped Admin access to a large MSP was auctioned SBA leaked COVID-19 loan applicant data Two Windows proofs of concepts were released Emotet learned new evasion techniques Cognizant buffalo jumped and dark web auctions In our recent 2020 MSP Threat Report, we discussed buffalo jumping, a new tactic for ransomware distributors to ransom a service provider and many of their customers at once.

Read More

Threat detection and threat hunting: What’s the difference, and which one do you need?

Patrick Snyder on April 21, 2020

Modern environments use and create a lot of data. Small organizations and enterprise alike are constantly generating network traffic, activity logs, and events of all kinds. Monitoring all that data for security risks and attacks is a big task. Perch tackles the challenge using two methods of threat prevention: threat detection and threat hunting. What is threat detection? Threat detection is the passive monitoring of data for potential security issues. Intrusion prevention systems like firewalls and antivirus can help automatically stop most of the high fidelity, known threats targeted at your network.

Read More

Threat Report Thursday April 16th 2020

Paul Scott on April 16, 2020

It’s another week in paradise here at Perch. This week, we’re covering a few events: 0-day Trio running wild on Patch Tuesday Sodin Ransomware ditches Bitcoin in favor of Monero And, two implants with active campaigns: APT41’s Speculoos Backdoor TA505 phishing with SDBbot RAT 0-day Trio running wild on Patch Tuesday For April 2020’s Patch Tuesday, Microsoft patched 113 vulnerabilities. Fifteen of these were rated critical, 93 were important, three were moderate, and two rated as low.

Read More

Threat Report Thursday April 9th 2020

Paul Scott on April 9, 2020

As if the week couldn’t get any longer, we have a few key threats we want to get you up to speed on. We’re covering: The pervasive exposure of Microsoft Exchange Server to a 10-year-old vulnerability A new version of PowerShell Empire Two password dumps that’ll get recycled into credential stuffing attacks A tag team by baddies looking to body slam enterprise retail point-of-sale systems Let’s get this party started.

Read More

Release Notes

April 8, 2020

Release Notes

April 8, 2020