CyberPoint Blog

We not only protect what's invaluable, we write about it too.

Sylphs in the Cloud

A Sylph (also known as Sylphid) is an air spirit. They are formed of air, they live in the air, and they have unusual power over the air, particularly the wind and the clouds. Usually, Sylphs are portrayed as guardians who protect secret knowledge, beautiful women, or the environment, but it's not out of the question for a Sylph to cause mischief among men.

CyberPoint is no stranger to malware and malware analysis. Our work has us detecting malware, analyzing malware, and occasionally writing malware. Part of the allure of ransomware originally was low barrier of entry – an author can simply call native system APIs to encrypt the files rather than using any real trickery. But with the comparatively recent attacks on the Colonial Pipeline and other industrial systems, ransomware has clearly established itself as a serious threat, not just a quick cash grab for amateurs. Once the victims started paying, and there was real money to be made, organized crime came in with Ransomware-As-A-Service platforms like Darkside and REvil. These services offer support, sophisticated user interfaces, and other standard features, further removing any technical barriers to cybercrime.

Read More
Got MODBUS? Please Check!
Got MODBUS? Please Check!

In the past three years, we have been fortunate to have been given the opportunity to study industrial control systems (or 'control systems' for short) in excruciating detail for vulnerabilities, exploits and mitigations. While I am a relative newcomer in industrial control security when compared to people like the Dragos team, what we discovered in 2020 was worthy enough to write about even if only as a brief post.

When you are finished reading, please ask yourself and your team, "Do we have any MODBUS on our network? What are we doing to protect those devices from attack?"

Read More
Protecting Legacy Encryption from Quantum Computing: A Possible Solution
Protecting Legacy Encryption from Quantum Computing: A Possible Solution

The advent of quantum computing (QC), if it happens, will break nearly every practical application of cryptography in use today, making e-commerce and many other digital applications insecure.

Symmetric algorithms used for encryption, like AES, are still thought to be safe (with sufficient key length – e.g. AES-256 or larger); however, current asymmetric algorithms like RSA and ECDSA (Elliptic Curve Digital Signature Algorithm) will be rendered essentially useless once quantum computers reach a certain scale.

Read More
An alternative approach to quantifying cyber risk using comprehensive attack surface evaluation assessments and Value-at-Risk modeling
An alternative approach to quantifying cyber risk using comprehensive attack surface evaluation assessments and Value-at-Risk modeling.

Organizations have an imperative to protect the data that has been entrusted to them, as well as securing their digital borders against business-interrupting intrusions. The legal landscape regarding accountability for data breaches continues to develop, but it has become clear that regulators, lawmakers, and the public will hold the breached entity responsible for a cyber event and the loss of data. This trend means that a cyber event of any type has the potential to negatively affect an organization's revenue and reputation.

Read More
Worst-Case Complexity of Ford-Fulkerson
Worst-Case Complexity of Ford-Fulkerson

Ask a computer scientist the worst-case complexity of the Ford-Fulkerson algorithm1 with integral edge capacities, and you'll likely get the answer of O(E*|f|), where E is the number of edges in the graph, and |f| is the capacity of the maximum flow, f, that the algorithm seeks to find. Indeed, that would have been my answer, as well. Until I tried to exploit that worst-case behavior.

Read More
Cyberspace — the Next Utility Infrastructure
Cyberspace — the Next Utility Infrastructure

Note: This White Paper represents the exploratory thoughts and analysis of the author; the assertions and recommendations are provided for consideration and validation by our industry, academic, and government partners. The opinions expressed herein may not be the same as those held by the owners, investors, or other executives of CyberPoint who were not involved in the writing of this White Paper…but they should be!

Read More
Accelerating Capabilities Acquisition Through OTAs and PIAs: A Contractor Perspective
Accelerating Capabilities Acquisition Through OTAs and PIAs: A Contractor Perspective

OTAs (Other Transaction Agreements) are appropriate when you want prototypes (demos, validation, feasibility) of innovative capabilities directly relevant to weapons or weapons systems, and directly related to mission effectiveness (of personnel and supporting platforms, or by improvement of platforms/systems/components thereof).

Read More
Malicious Browser Extensions
Malicious Browser Extensions

As we do more and more of our day-to-day tasks online, our web browsers have become an irreplaceable tool for many people. Often, we decide to augment the default behavior of these browsers with browser extensions to provide custom functionality to our browsers in order to make the tasks that we perform online easier.

Read More

Using Compression to Compare Objects
Using Compression to Compare Objects

In my previous blog post, I discussed our endeavor to benefit from unsupervised learning on CyberPoint's malware dataset. One of the more intriguing tools I played with during that effort was the normalized compression distance (NCD).

Read More
Learning in the Dark: Lessons Learned in Unsupervised Learning
Learning in the Dark: Lessons Learned in Unsupervised Learning

CyberPoint has seen great success in using supervised machine learning for malware detection. A while back, however, some colleagues and I set out to investigate whether we could make any interesting discoveries by applying unsupervised learning to CyberPoint's malware dataset.

Read More
Logging Keystrokes with Event Tracing for Windows
Logging Keystrokes with Event Tracing for Windows (ETW)

As a follow-up to our talk at Ruxcon, "Make ETW Great Again", we wanted to go into a bit more depth than we could cover in our hour long talk. While our talk consisted of multiple examples of ETW usage, detecting ransomware, USB Keylogging, and sniffing SSL encrypted data from WinINet…

Read More
The Human Interface Device (HID) Attac
The Human Interface Device (HID) Attack, aka USB Drive-By

As a part of our effort to educate, assess and train (EAT), we want to highlight a physical host attack technique that is extremely cheap and simple to pull off, and unfortunately yields a significant return for the attacker if successful. The technique is commonly referred to as a "Human Interface Device (HID) attack" or a "USB drive-by".

Read More
Software Defined Security at CyberPoint
Software Defined Security at CyberPoint

Software-defined networking, commonly referred to as SDN, has received a lot of press recently regarding both the technology itself and the impact that it will have in the networking world. At CyberPoint, being a cyber security company, we got curious and decided to take a look at the impact that SDN could have on security.

Read More
The Minimum
The Minimum

"If the minimum weren't good enough, it wouldn't be the minimum." It's not just a rationalization of laziness. It's often the correct approach to compliance with externally mandated cyber security requirements.

Read More