Mitiga Security Team

Mitiga Security Team

Incident Response & Research

Mitiga's team of incident response experts and researchers work together to provide valuable information to the community.

3 Ways that IR2 Outworks Your Incident Response Retainer

When it comes to today’s active, dynamic cloud threat landscape filled with targets from IaaS ( Infrastructure as a Service ), to PaaS (Platform as a Service), and SaaS (Software as a Service), the conventional methods of managing incident response(IR) are increasingly falling short. Mitiga’s IR2 platform was born from this realization.

Mitiga Secures Strategic Investment from Cisco Investments as Demand for CIRA Soars

The new financing will help support rapid customer adoption of Mitiga’s IR2 platform, at the forefront of a new wave in cloud investigation and response capabilities.

Samsung Next Invests In Mitiga, Brings Total Funding to $45M

Mitiga, the cloud and SaaS incident response leader, today announced the completion of a Series A Round bringing total funding to $45 million led by ClearSky Security, with participation from Samsung Next and existing investors Blackstone, Atlantic Bridge and DNX.

CircleCI Cybersecurity Incident Hunting Guide

In response to the recent CircleCI security incident, the Mitiga Research Team shares this technical guide to assist organizational threat hunting efforts.

Oops, I Leaked It Again — How Mitiga Found PII in Exposed Amazon RDS Snapshots

A recent Mitiga Research Team investigation found the well-regarded Amazon Relational Database Service is leaking PII via exposed RDS Snapshots.

Google Workspace - Log Insights to Your Threat Hunt

Google Workspace is a popular service for document collaboration for organizations and for individual users. Threat actors note that the popularity of this service is increased, and search for ways to exploit vulnerabilities and misconfigurations, so it is important to know how to hunt for threats in Google Workspace.

Just What is “Proactive Forensic Data Acquisition” Anyway?

It isn’t just anti-virus blind spots that hinder cybersecurity team efforts to safeguard organizational assets from threat actors. Veteran incident management analysts will tell you many detection tools also have blind spots that can lead to incomplete investigations and incorrect conclusions.

When It Comes to Incident Response, It’s Time to Give Peacetime Value a Chance

There is an accepted notion in some corners of cybersecurity that maintains “there is no peacetime.” For many of us, that is a daunting premise — as it discounts extensive CISO efforts to extend multi-year investments in cybersecurity tools, innovation, and resources to address ongoing cyberattacks focused on business services transitioned to cloud and SaaS platforms.

Stop Ransomware Attackers From Getting Paid to Play Double-Extortionware Games

In the past, many companies relied on backups to get back to business quickly if they were attacked. Reliable, secure backups separated from the primary environment made it much more difficult for an attacker to access and encrypt them. That long-standing process no longer deters double-extortionware actors — instead, today’s attackers not only encrypt the data but also exfiltrate it.

Get Ransomware-Ready – How to Protect Your Business Against Today’s Most Dangerous Cyberthreats

It is hard to overstate the level of havoc generated on global enterprises by year-over-year increases in ransomware attacks. Verizon Data Breach Investigations Report provides one state-of-the-world snapshot noting that the 13% increase in reported ransomware instances last year was greater than those measured across the preceding 5 years combined. It’s not surprising that ransomware readiness has moved up the list of most CISOs crowded priority sheets. And it needs to.

An Easy Misconfiguration to Make: Hidden Dangers in the Cloud Control Plane

The biggest risk in cloud development is not recognizing the differences between cloud and traditional definitions of common architecture terms. For example, imagine a system that is completely “firewalled off”—a firewall prevents any inbound or outbound connections from the machine.

What is the Spring4Shell exploit? An overview of the Spring vulnerability

Spring is a Java framework for dependency injection and Model-View-Controller (MVC) web development. Spring is a very popular framework; over 6,000 other libraries use the "spring-beans" library (according to Maven Central). Spring4Shell, a new exploit in Spring, was just disclosed.

Understanding Your Okta Logs to Hunt for Evidence of an Okta Breach

As the Okta breach event is still unfolding, it is unclear how far this breach may propagate and what influence it has on Okta customers. It is, however, extremely likely that any such potential abuse will leave traces in Okta logs (as well as other logs of potentially compromised systems). But Okta logs are not easy to investigate, so you need to know where to start your research.

Here's Why Traditional Incident Response Doesn’t Work in the Cloud

Traditional incident response (IR) learned from on-premises investigations doesn’t work in the cloud. Today's threat actors are finding misconfigurations and vulnerabilities to allow them to penetrate cloud environments.

What are the dangers of lateral movement in a hybrid environment?

Lateral movement cyberattacks are among the greatest threats cyber security faces today. Whether a company's network exists primarily in the cloud, on-premises, or a hybrid cloud environment, there are lateral movement attack techniques designed to exploit vulnerabilities unique to each environment.

Rethinking zero-day vulnerabilities vs. one-days to increase readiness

Because zero-day vulnerabilities are announced before security researchers and software developers have a patch available, zero-day vulnerabilities pose a critical risk to organizations as criminals race to exploit them. Similarly, vulnerable systems are exposed until a patch is issued and applied.

Can vulnerabilities in on-prem resources reach my cloud environment?

What risk does this Zoho password manager vulnerability present, and could this on-prem vulnerability impact cloud environments as well?

Lacking readiness, massive Twitch.tv breach may be a win for competitors

What seems clear now is that Twitch simply wasn’t ready for an attack. Twitch claims that this latest incident was “a result of a server configuration change that allowed improper access by an unauthorized third party.”

Security Advisory: Mitiga Recommends All AWS Customers Running Community AMIs to Verify Them for Malicious Code

Based on recent research and analysis, Mitiga issued a global advisory, warning AWS customers running EC2 instances based on Community AMIs (Amazon Machine Instances), from potentially embedded malicious code. We strongly advise verifying their security before continuing using these instances.

Mitiga Cooperates with Law Enforcement on a Global Business Email Compromise (BEC) Campaign that Has Netted Over $15M

Mitiga uncovered a widespread and well-executed Business Email Compromise (BEC) campaign in which cybercriminals are impersonating senior executives using Office 365’s email services in order to intercept sensitive communications and then alter wire transfer details and redirect funds to rogue bank accounts.

Customer Advisory Kaseya VSA Ransomware Incident

Kaseya, an IT management software provider, notified its customers of a possible security breach in the Kaseya Virtual System Administrator Product. Kaseya has indicated that the number of victims is around 1000s, though the number may increase, at least 36,000 Kaseya customers took their servers offline.

How to Beat the Cubans in the Cuba Ransomware Gang

The Cuba Ransomware Gang is a group that hijacks information and blackmails companies to pay in Bitcoin or watch the exfiltrated private information leaked for all to see.