Doron Karmi works as a senior Incident Response Researcher at Mitiga. Prior to working at Mitiga, Doron worked as a malware analyst and threat hunter for large organizations.
There’s been a recent surge in cloud ransomware attacks. Examples of such attacks were observed by Sophos X-Ops, which detected the ransomware group BlackCat/ALPHV using a new Sphinx encryptor variant to encrypt Azure storage accounts by employing stolen Azure Storage account keys. The BlackCat/ALPHV ransomware group is the same entity that claimed responsibility for infiltrating MGM’s infrastructure and encrypting more than 100 ESXi hypervisors.
Mitiga's research team uncovered a data risk to Okta users due to passwords that can be present in logs. This article outlines the risk and attack method.
In response to the recent CircleCI security incident, the Mitiga Research Team shares this technical guide to assist organizational threat hunting efforts.
A recent Mitiga Research Team investigation found the well-regarded Amazon Relational Database Service is leaking PII via exposed RDS Snapshots.
UserData script manipulation by threat actors is a technique that has been known in the wild for several years and has been observed being exploited by many attack groups, but monitoring and detecting malicious manipulation of user data script is not trivial with standard AWS Cloudtrail logging.