ExtraHop December TL;DR

Welcome to this edition of the ExtraHop TL;DR! This is your place to get the highlights on what we're talking about this month. You can also watch our video broadcasts on the third Friday of every month on our LinkedIn page.

The Past Year in Cybersecurity: 100 Facts, Stats, and Data Points that shaped 2021

Defend Against Log4j Exploits

A zero-day vulnerability referred to as Log4Shell (CVE-2021-44228) in the commonly used Java-based Apache utility Log4j has been disclosed. While the total impact is still to be seen, coin miners have been responsible for the initial batch of attacks, and the next wave will likely involve more sophisticated threats, including ransomware.

For more information on Log4j, check out these videos:

Josh Snow (1) - Log4j Exploit Explanation and Detection with ExtraHop Reveal(x)

Josh Snow (2) - New Log4j Detections in ExtraHop Reveal(x)

Detecting Log4Shell: Attack Diagram

SolarWinds SUNBURST: One Year Later

This week marks the one year anniversary of the SolarWinds SUNBURST attack. While it was officially disclosed on December 13, 2020, further digging revealed the attack began many months earlier. By the time it was detected, it had spread to infect hundreds of thousands of companies. Take a look back and how it all started.

ESG Showcase: Network-Based Approach to Cloud Workload Security

ESG recently released an analyst report on how to manage and secure your ever-expanding cloud workload. As remote work continues to be how the world functions, keeping your cloud data safe is critical. Learn how to get unified and threat-centric protection across your hybrid environment.

Encryption vs. Visibility: Why SecOps Must Decrypt Traffic for Analysis

Having visibility is only part of the solution. Research shows that enterprises are increasingly encrypting traffic inside their networks (the east-west corridor), on the public internet, and in the north-south channel between them. While this is going on, attackers are increasingly using encrypted traffic to hide their malicious acts.

Effective Incident Response with Packet Capture

The fight against intruders starts with a powerful defense. But let's look at a worst-case scenario: someone snuck into your network and got a peek at your data. Where do you begin? With a modularly extensible PCAP repository, you can use packet data for root-cause analysis while fulfilling chain-of-custody evidence collection.

Threat of the Month: Advanced Persistent Threats

While the common catch-all term for sophisticated attacks is advanced threats, it can mean a number of different things. But the key goal remains the same: get into the network, find something of value, and use it for personal gain. Advanced persistent threats (APTs) gain entry—using tactics like exploiting vulnerabilities, applying social engineering, and deploying malware—then gather intelligence on the layout of the network.

From the ExtraHop Blog

Take a look at some of our recent stories.

Exchange Server Security Challenges

Microsoft recently patched some Exchange Server vulnerabilities. Understand the importance of network visibility in securing your critical server infrastructure.

How to Detect and Stop Lateral Movement

You may have tools to prevent attackers from entering your environment, but what happens after compromise? Find out how to detect and stop advanced threats.

Bridging Data Retention Gaps En Route to Zero Trust

Change is rapidly underway for many government agencies and public sector organizations as they work to implement fresh zero trust mandates.

In Other News

Read, watch, or listen to some interesting news from around the internet.

CyberWire Podcast: The Real Costs of Ransomware

Mike Campfield, VP and GM of International Sales and Global Security Programs at ExtraHop, recently sat down with CyberWire's Dave Bittner to discuss the past, present, and future of ransomware.

Reuters: Insurers Back out of Ransomware

Reuters recently reported that many insurance companies are discouraging their clients to pay for ransomware protection, explaining that it's actually making them appear more likely to pay out.

Dark Reading: Over 1,000 Individuals Arrested in Global Cybercrime-Fighting Operation

Between June and September of this year, Interpol arrested over 1,000 individuals, closed nearly 1,700 active investigations, and froze approximately 2,400 bank accounts associated with various online financial scams.

TechRepublic: Cybersecurity, the Pandemic, and the 2021 Holiday Shopping Season

Tis' the season for giving. If you're not done buying gifts for your loved ones, time is running out! But as you hop online to look for last-minute stocking-stuffers, make sure you're staying safe. In a recent article, TechRepublic detailed a few tips to keep your information secure.