Lessons Learned from 2014 Cyber Breaches

Ashley Hernandez and John Lukach

At Guidance Software, we’re honored to train and work alongside information security teams inside numerous global corporations and government agencies. This gives us an ideal vantage point from which to learn and incorporate the latest intelligence on attack methods and best-practices for incident response. So here’s a look at what we’ve gleaned from this year’s barrage of cyber-attacks.

Where to Invest Resources in the High-Profile Breach Era

In our opinion, the biggest impact that the large number of headline-making breaches has had is in raising public and corporate awareness of the consequences and difficulty of securing companies’ assets. This awareness places more pressure and demand on those on the front lines of security.

Poweliks: Persistent Malware Living Only in the Registry? Impossible!

James Habben

The ultimate desire for malware authors is to be able to have their code run every time a computer starts, and leave no trace on the disk for us to find. Let me reassure you that it hasn’t happened just yet, at least not that I have seen. There have been plenty of examples over the years that have taken advantage of some clever techniques that disguise their disk-based homes, but that’s just it–disguise!

A couple of recent posts on “Poweliks” here and here shed light on creative measures attackers use to store malware in the Windows Registry. In short, there is a registry value that executes an encoded script stored in another registry value, which then drops a file on disk for execution.