Blog Posts

Research, Updates, Trends, Analysis
Real-World Cloud Attacks: Still Hitting the Fan!

Recent cloud-based attack headlines remain front-and-center in the cybersecurity community, adding to the relevance of analysis and guidance provided by Mitiga Co-Founder and CTO Ofer Maor in his recent BrightTALK Webcast, It's Getting Real & Hitting the Fan! Real World Cloud Attacks.

Google Workspace - Log Insights to Your Threat Hunt

Google Workspace is a popular service for document collaboration for organizations and for individual users. Threat actors note that the popularity of this service is increased, and search for ways to exploit vulnerabilities and misconfigurations, so it is important to know how to hunt for threats in Google Workspace.

Just What is “Proactive Forensic Data Acquisition” Anyway?

It isn’t just anti-virus blind spots that hinder cybersecurity team efforts to safeguard organizational assets from threat actors. Veteran incident management analysts will tell you many detection tools also have blind spots that can lead to incomplete investigations and incorrect conclusions.

How Can Transit Gateway VPC Flow Logs Help My Incident & Response Readiness?

In this blog, we will focus on the security and forensic aspects of Transit Gateway VPC flow logs and expand the way they can be used by organizations to respond to cloud incidents.

When It Comes to Incident Response, It’s Time to Give Peacetime Value a Chance

There is an accepted notion in some corners of cybersecurity that maintains “there is no peacetime.” For many of us, that is a daunting premise — as it discounts extensive CISO efforts to extend multi-year investments in cybersecurity tools, innovation, and resources to address ongoing cyberattacks focused on business services transitioned to cloud and SaaS platforms.

Stop Ransomware Attackers From Getting Paid to Play Double-Extortionware Games

In the past, many companies relied on backups to get back to business quickly if they were attacked. Reliable, secure backups separated from the primary environment made it much more difficult for an attacker to access and encrypt them. That long-standing process no longer deters double-extortionware actors — instead, today’s attackers not only encrypt the data but also exfiltrate it.

Are You Ready for a Slack Breach? 5 Ways to Minimize Potential Impact

As Slack becomes a dominant part of the infrastructure in your organization, it will become a target for attacks and at some point, it is likely to be breached (just like any other technology that we use). The impact of that breach, however, depends on how we prepare for it, by limiting its potential propagation and allowing for fast response.

How Identifying UserData Script Manipulation Accelerates Investigation

UserData script manipulation by threat actors is a technique that has been known in the wild for several years and has been observed being exploited by many attack groups, but monitoring and detecting malicious manipulation of user data script is not trivial with standard AWS Cloudtrail logging.

Get Ransomware-Ready – How to Protect Your Business Against Today’s Most Dangerous Cyberthreats

It is hard to overstate the level of havoc generated on global enterprises by year-over-year increases in ransomware attacks. We can point to any number of analyst findings to substantiate this position, but the latest Verizon Data Breach Investigations Report provides a credible, state-of-the-world snapshot.

Want to stay up to date on the latest Mitiga news and research? Subscribe to our blog!