26 Jan 2023

HAWKEYE Cyber Security, Managed SOC Services Permalink

Wi-Fi Security – Monitoring Hacking Attempts

HAWKEYE January 26, 2023

Wired Ethernet is no longer the best option for many enterprises. The preferred network access technology for users and endpoints is now IEEE 802.11 Wi-Fi. Compared to conventional LANs, wireless LANs have many benefits. They can lower ownership costs and are dependable and adaptable.
Read More

24 Jan 2023

HAWKEYE Alert Advisory, Cyber Security, Managed SOC Services, News, Ransomware Protection, Security Operations Center Permalink

2022 is Over But What Did We Learn From Our Work

HAWKEYE January 24, 2023

Throughout the year, numerous new incidents and rising threats were unveiled to the horror of many. In 2022, the world experienced some of the largest cyberattacks, threats, and data breaches ever.

Read More

05 Jan 2023

HAWKEYE Cyber Security, Incident Response, Managed SOC Services, Ransomware Protection Permalink

Why Threat Actors are Now using Rust to Develop New Ransomware?

HAWKEYE January 5, 2023

Rust, a relatively new programming language, was introduced in 2015 and has since gained popularity for its pleasant developer experience and the advantages it provides to malware authors.

Read More

04 Jan 2023

HAWKEYE Cyber Security, Managed SOC Services Permalink

Methods to Perform Encrypted Traffic Analysis (ETA)

HAWKEYE January 4, 2023

In addition to considerably enhancing security and user privacy, the introduction of network traffic encryption, such as TLS, has also made it more difficult for network managers to keep an eye on their infrastructure for malicious traffic and the leakage of critical data.

Read More

26 Dec 2022

HAWKEYE Compromise Assessment, Cyber Security, Incident Response, Managed SOC Services Permalink

Why Compromise Assessment Should Be a Part of Your Threat Detection and Response Ecosystem

HAWKEYE December 26, 2022

A typical compromise assessment plan uses specialized software and scripts combined with forensic data to find compromises or problems that were not previously discovered. It is frequently used to find security holes and detect all known malware types as well as remote access tools.

Read More

23 Dec 2022

HAWKEYE Advanced Persistent Threat, Cyber Security, Managed SOC Services, Middle East Permalink

WIP19 APT Targeting Organizations in Middle East

HAWKEYE December 23, 2022

With signed malware, a new cyberespionage group has been hitting telecom companies and IT, service providers. The group, known as WIP19, resembles Operation Shadow Force in specific ways. SentinelOne claims that WIP19 is concentrated on organizations in the Middle East and Asia.

Read More

22 Dec 2022

HAWKEYE Advanced Persistent Threat, Cyber Security, Managed SOC Services Permalink

Using Steganography to Hide Malware – Witchetty APT Case Study

HAWKEYE December 22, 2022

Steganography has been used in the real world on the Windows and macOS operating systems. Attackers have been detected to send harmful JavaScript, carry crypto miners, and employ steganography to hide portions of ransomware attack code.

Read More

09 Dec 2022

HAWKEYE Advanced Persistent Threat, Cyber Security, Managed SOC Services Permalink

The Evolution of SideWinder APT and their Modus-Operandi

HAWKEYE December 9, 2022

A suspected Indian threat actor group, Sidewinder, has been operating at least since 2012. They have been seen attacking businesses, military, and governmental institutions across Asia, particularly in Pakistan, China, Nepal, and Afghanistan. However, Pakistan has been the main focus of SideWinder since the group was discovered in 2012.
Read More

07 Dec 2022

HAWKEYE Advanced Persistent Threat, Cyber Security, Managed SOC Services Permalink

Opera1er APT Group Targeting Banks, Financial Institutes, and Mobile Operators across Africa, Asia and LATAM

HAWKEYE December 7, 2022

Since 2016, OPERA1ER, also known as DESKTOP-GROUP, Common Raven, and NXSMS, has been reported to operate with the intention of carrying out financially motivated heists and exfiltrating documents for use in spear-phishing assaults.
Read More

05 Dec 2022

HAWKEYE Cyber Security, Incident Response, Managed SOC Services, Ransomware Protection Permalink

Royal Ransomware

HAWKEYE December 5, 2022

Royal has been in existence since at least the beginning of 2022, making it a relatively new business. The goal of the group and its software is standard: infiltrate the environment of a victim, encrypt their data, and demand a ransom to decrypt any files impacted. Read More

29 Nov 2022

HAWKEYE Cyber Security, Cyber Threat Management, Managed SOC Services Permalink

How to Detect Typosquatting using DNSTwist

HAWKEYE November 29, 2022

Typosquatting is a social engineering attack in which a threat actor registers domains with purposefully misspelled versions of well-known companies’ or websites’ domains and puts malicious content on them or tempts users to enter sensitive data. Read More

25 Nov 2022

HAWKEYE Cyber Security, Malware Protection, Managed SOC Services, Security Operations Center Permalink

Ursnif/Gozi Malware Evolution and Associated IoC

HAWKEYE November 25, 2022

Gozi is a powerful piece of malware with a wide range of intricate characteristics. It began as a basic banking Trojan, even more, basic in some ways than the original Zeus due to the notable absence of web injection features.

Read More

24 Oct 2022

HAWKEYE Cyber Security, Incident Response, Managed SOC Services, Security Operations Center Permalink

Detecting Cyber-Attacks on Kubernetes Environment

HAWKEYE October 24, 2022

Kubernetes is a container orchestration system that acts as a management abstraction layer. It is an open-source system that aids in automating the deployment, management, and scaling of containerized applications and services.
Read More

21 Oct 2022

HAWKEYE Advanced Persistent Threat, Cyber Security, Malware Protection, Managed SOC Services Permalink

An overview of FIN11 and their motivations

HAWKEYE October 21, 2022

A financially driven threat group FIN11 has run some of the most extensive and longest-running malware dissemination campaigns. Researchers have noted to date among financially motivated threat actors. In addition to their prolific malicious email operations, FIN11 is noteworthy for its ongoing development of malware delivery strategies.
Read More

14 Oct 2022

HAWKEYE Advanced Persistent Threat, Alert Advisory, Cyber Threat Management, Managed SOC Services Permalink

Alert Advisory: Insight into APT29

HAWKEYE October 14, 2022

Threat group APT29 is allegedly operated by Russia’s Foreign Intelligence Service (SVR). They have been active since 2008 and frequently target think tanks, research centers, and government networks in Europe and NATO member states.
Read More

09 Oct 2022

HAWKEYE Advanced Persistent Threat, Alert Advisory, Cyber Security, Incident Response, Managed Security Services, Managed SOC Services Permalink

Alert Advisory: Insight into APT42

HAWKEYE October 9, 2022

APT42 is a state-sponsored cyber espionage group in Iran. The gang, which has been active at least since 2015, is known for its highly targeted spear phishing and surveillance operations that target individuals and organizations in at least 14 countries.

Read More

02 Oct 2022

HAWKEYE Alert Advisory, Incident Response, Managed Security Services, Managed SOC Services, Security Operations Center, Threat Hunting, XDR Permalink

Alert Advisory: New Microsoft Exchange Zero-Days

HAWKEYE October 2, 2022

Late on September 29, 2022, Microsoft acknowledged both zero-day vulnerabilities and stated that they were aware of “limited, targeted attacks leveraging the two vulnerabilities to compromise customers’ PCs.”

Read More

29 Sep 2022

Masarrati Breach Detection, Cyber Security, Managed SOC Services Permalink

Recent Uber Breach and Lessons Learnt

Masarrati September 29, 2022

Uber acknowledged reports of a widespread cybersecurity compromise on September 15th. The security investigation found that the company’s system had been seriously compromised, with attackers going laterally to access the vital infrastructure of the business.

Read More

21 Sep 2022

HAWKEYE Cyber Security, Managed Security Services, Managed SOC Services Permalink

Usage of NPPSpy

HAWKEYE September 21, 2022

Extracting Windows credentials from Domain based hosts is one of the common attack techniques hackers use to obtain user credentials from Windows hosts. Once obtained, these user credentials are used to laterally move between the hosts and deploy threats or exfiltrate data from the network.

Read More

20 Sep 2022

HAWKEYE Cyber Security, Machine Learning, Malware Protection, Managed SOC Services Permalink

Malware Evasion Techniques and Recommendations for Threat Protection

HAWKEYE September 20, 2022

Malware evasion methods are frequently employed to evade detection, analysis, and comprehension. Due to the fact that sandboxes are now the quickest and simplest approach to getting an overview of the threat, anti-sandbox detection is one of the most common kinds of evasion.

Read More