Posted on November 20, 2020 by John Limb
In the past few weeks, we have seen a significant increase in malicious attacks by bad actors using Cobalt Strike. Cobalt Strike is a legitimate tool used to give penetration testers access to many different attack capabilities. The issue lies when this toolkit gets into the wrong hands. Predominantly we have been seeing Cobalt Strike deploy an agent named “Beacon” for post-exploitation. Deploying this successfully can lead to a Ryuk Ransomware attack.
This week, BraintraceLABS is reporting Cobalt Strike as the most seen malware. Cobalt Strike enters the network in various ways, including via malware like BazarLoader. Malware can be installed with different tricks. The most common way is when the victim is tricked into clicking on a phishing campaign and downloads a file, which can be Word or Excel file. Then the user is tricked into enabling a macro. Once the macro is enabled, the malware will get into the network.
According to Microsoft, Cobalt Strike is being deployed through online ads claiming to be a Microsoft Teams update. The bad actor tricks the victim into clicking on a fake online ad. These advertisements will send the victim to an online domain under the control of the bad actor. When the victim clicks on the link, a download will begin. Instead of receiving the update, the user will download the payload, which can contain Cobalt Strike.
Dragonfly Encrypted Payload Analytics (EPA) prediction model identifies Cobalt Strike Beacon communications.
Braintrace’s Dragonfly is reporting the below C2 indicators of compromise for Cobalt Strike.
|IP ADDRESS||WEB HOSTNAME||COUNTRY||AS LABEL||AS NUMBER|
|184.108.40.206||31[.]44[.]184[.]131||Russia||Petersburg Internet Network ltd.||44,050|
|220.127.116.11||livenx[.]com||United States||Leaseweb USA, Inc.||396,362|
|18.104.22.168||stylesam[.]com||United States||Leaseweb USA, Inc.||30,633|
|22.214.171.124||epicnut[.]com||United States||Leaseweb USA, Inc.||7,203|
|126.96.36.199||sslcar[.]com||United States||Leaseweb USA, Inc.||19,148|
|188.8.131.52||beltpost[.]com||United States||TeraSwitch Networks Inc.||20,326|
|184.108.40.206||idrivehelper[.]com||Switzerland||Private Layer INC||51,852|
REACH OUT TO US
If you have any questions or concerns about Trickbot and Ryuk. Please feel free to contact us at firstname.lastname@example.org.
Posted on November 3, 2020 by John Limb
A new round of ransomware attacks targeting the healthcare industry is imposing a new strain on hospital networks already pushed to the breaking point by the COVID-19 pandemic. But security experts from Braintrace have recently developed a state-of-the-art network analysis tool called Dragonfly that can effectively fingerprint the virus families behind this latest round of attacks using encrypted payload analysis.
Posted on October 23, 2020 by Nicole Denton
From the security team at Braintrace, here are 16 essential steps your team should be taking to protect your organization from all forms of cyberattacks, including BEC, ransomware and crippling viruses.
Posted on September 21, 2020 by Joseph Lamport
What does it take to build a breakthrough technology product today? We recently had a chance to sit down with John Limb, the CTO at Braintrace, who is the primary driver behind the development of Dragonfly, a cutting-edge Network Traffic Analysis tool, which takes the fight against malware to the next level. Compared to all the other NTA’s on the market today, Dragonfly provides near-complete visibility, including visibility into encrypted communications, that makes it far easier for the security team to stay a few steps ahead of all the bad actors.
Posted on August 5, 2020 by Carla Landry
Which technologies will take your firm to the next level? Carla Landry explains that it's important to find the technology that best complements your firm and practice group goals in order to provide the competitive momentum you need and the value-add clients demand.
Posted on April 16, 2020
Posted on April 3, 2020 by Greg Spicer
A Q&A with Greg Spicer, the CRO of Braintrace, explaining their newest service offering that provides state-of-the-art data security for all firm employees who need to work remotely, no matter what sort of home device they may be working from.
Posted on March 31, 2020 by Frank Flores
A remote work environment may seem ideal for employees, but it can create a number of creative loopholes that hackers can exploit. Chief among areas of potential vulnerability is video conferencing, which has become an essential part of the toolset for employees working from but which hackers are now actively targeting! Here are give key steps employers should be taking to secure their videoconferencing systems.
Posted on March 22, 2020 by Braintrace
Due to COVID-19, many of us are forced to work at home. The Braintrace team came together to bring to you tips to stay secure while away from the office. We created this article for our IT professional clients to share with their colleagues. Follow these steps to create a secure home office.
Posted on February 20, 2020 by Greg Spicer
Every website domain has hundreds, if not thousands, of permutations. Most of these permutated domains are completely harmless, involving a simply typographical variation on the original domain name. However, every now and again a fraudster will create a domain based on one of these permutations with bad intentions, hoping to compromise the security of the original domain. It’s important to understand and take reasonable steps to mitigate this risk, so you can better protect your vital business domains.
Posted on January 28, 2020 by Frank Flores
A list of 8 essential tips on how to enhance your law firm's cyber security from the Director of Security Operations for Braintrace. These are all critical practices that should be incorporated into your security routine in order to stay 3 or 5 steps ahead of the bad actors who are out there now, probing and waiting for the chance to compromise your law firm’s security.
Posted on January 7, 2020
In keeping with the time-honored tradition of publishing best of lists to celebrate the New Year, here is our list of the ten most popular stories that appeared in Law Technology Digest in 2019. What do you suppose it says about the pace of technological change last year that the top story provides 18 euphemisms for “I haven’t got a f*cking clue”?
Posted on December 5, 2019 by Joseph Lamport
In the first part of this series, I wrote about how the platform business model is one of the defining features of our current state of technological and economic development, evident in such business success stories as Uber and Airbnb. A platform business is one that creates value by facilitating exchanges, of either information, good or services, among otherwise independent groups and individuals via the platform it creates. I also explained how the platform business model is of growing importance in the legal market, not so much for connecting lawyers to clients but as a means of more effectively connecting the lawyers within a firm and thereby enabling a much more efficient and far more integrated work-flow.
In this second part of the series I’m going to take a closer look at Zola Suite, part of the new generation of cloud-based law practice platforms now available on the market. Zola Suite formally launched in 2015, after a few years in development, but in fairly short order it has emerged as a market leading solution for mid-sized and larger law firms. This positions Zola in notable contrast to its better-known cloud-based provider, Clio, which has attracted a large number of solos and small firm clients to its platform.
Posted on November 12, 2019 by Joseph Lamport
In the past, law firms were held together primarily by their partnership agreements, which laid out the rules for how firm-wide decisions got made and how the spoils of collective labor would be divvied up. Law firms of the future – whether they are organized as partnerships, LLCs or some other alternative business structure – will most certainly be far more dependent on whatever practice platform they choose to adopt. It will be the practice platform, much more than the partnership agreement, that provides the insight, controls and coherence that holds the firm together.
Posted on October 23, 2019 by Joseph Lamport
Casetext keeps leading the way by introducing powerful new applications of AI in the legal research market. This week they announced the roll out of CARA Patent, a new product that leverages the power of AI technology to transform patent law research.
Posted on October 17, 2019 by Katherine Riley, CISA, CISM
One recent study estimated that a cyber-attack occurs every 39 seconds, which underscores the need of every business in America to be prepared for the possibility that their network security will eventually be tested if not breached. For law firms, the risk is even more severe. As of 2017, around 20% of all U.S. based law firms had been hacked. By early 2019, that percentage had risen to an alarming 25%.
And yet severe as the risk of security breach is, fewer than half of all law firms in the US have an adequate incident response plan in place, and less than a third of those firms with plans have undertaken any testing to ensure their preparedness in case of an attack. The lack of planning and testing only increases the dangers law firms face.
Posted on October 15, 2019 by Kerry Carroll
Document comparison is an absolutely essential technology for law firms today. It’s a critical productivity tool that most lawyers rely on every day and it plays a vital role in client service because it’s how your firm keeps clients fully informed about work-in-progress. How does your current solution stack up against compareDocs - the leading document comparision tool on the market?
Posted on October 9, 2019 by Joseph Lamport
Parsons Behle Lab has embarked on an ambitious tech development effort, which represents a striking departure from the way most law firms have approached similar innovation and tech development initiatives. They are in the process of building a new type of law practice platform, which is open for other law firms and lawyers to use, and which enables participating firms to expand the services they offer to their own clients. It's a platform that seems laden with opportunity for all those who choose to get involved.
Posted on September 23, 2019 by Joseph Lamport
One of the most frustrating tendencies of technology is to create new problems while trying to solve old ones. It's reminiscent of the drinker who drinks to forget he’s drinking in the Little Prince, with the problem and solution forever chasing each other in circular fashion.
Posted on September 9, 2019 by Anders Spile
For decades, law firms have upheld strong boundaries between the firm and the society in which they operate. The law firm maintains itself as a sturdy fortress, within which hierarchy, culture and tradition go unchallenged. The career path remains clear; associates and junior lawyers execute repetitive work in an attempt to get to the promised land of the equity partner with the result being that billable hours are silently killing all innovative efforts happening lawyer-to-lawyer.
Posted on August 16, 2019 by Joseph Lamport
Editor’s Note: We recently had a chance to sit down with Greg Spicer, the CRO at Braintrace, to talk about the growing importance of information security management and the option for registration under ISO 27001 for law firms today. Braintrace is one of the top cybersecurity consulting firms in the country serving the legal, financial and government markets.
Most Recent Issue
Craig Ball is right when he says that numbering native production is easy! He mentions software programs like Bulk Renaming Utility, File Renamer Basic and Ant Renamer. But all you need to do is grab your stamper, display the document, spreadsheet or image full screen and carefully take your stamper to the upper right hand corner and press firmly against the monitor until the ink has transferred. Read more at Ball in your court: C'mon! Bates Numbering Native Production is Easy!
Not in my lifetime
Jordan Furlong has some interesting and sober insights into the legal sector in this pandemic. I'm following almost to the end where he writes, "While I dislike its colonialist connotations, I do feel like the appropriate metaphor right now, for those of us able to lead change in the legal sector, is to 'burn our ships.'" That's not going to work. One, maybe two ships might be set ablaze and will market the heck out of their scorch marks. One might actually burn to the waterline. But for such an overhaul to truly be successful, all the boats in the harbor must be set afire, including the clients. I don't see that happening in my lifetime. Read more at THE LAW21 BLOG: Burn the ships
Talk less. Succeed more.
Ever met someone who seemed to be a liitle too much in love with the sound of their own voice? Dan Rockwell writes, "5 Reasons people talk too much: 1) Thinking. Extroverts think while they talk. (If you want your team to think, make space for them to talk.); 2) Silence drives you crazy. It only takes 4 seconds for silence to feel awkward.; 3) You have power or position; 4) Insecurity; 5) To convince people you're right." Read more at LEADERSHIP FREAK: Do less of this and You'll Be More Successful
Special Braintrace Research Update!
The good folks at Braintrace are running a special set of educational updates with details on a different issue. First up was research on Trickbot/Ryuk attack The newest research is on Cobalt Strike (which is a legitimate tool used to give penetration testers). Security is not something you can leave unattended. Reach out to Braintrace and ask about their services and request a Dragonfly demo. Learn more about Cobalt Strike by reading: Cobalt Strike Attacks
Jeffrey Brandt, Editor
Connect with me on LinkedIn Jeffrey Brandt
Follow me on Twitter @jeffrey_brandt
Follow all the PinHawk highlights @PinHawkHappens
Website:PinHawk.com | Blog: PinHawkBlog.com
Founding Circle, Association of Legal Technologists (ALT)
Chair, The 2020 Legal AI Forum (postponed)
Judge, Litera 2020 Changing Lawyer Awards
There are other PinHawk newsletters that your colleagues and coworkers may be interested in. Pass along the links to the daily PinHawk Legal Administrator Daily, PinHawk Librarian News Digest two weeklys, PinHawk Law Firm Marketing Brief, PinHawk Leading Law Departments and now the COVIDS-19 Daily Alert.