Proactively Detect and Block These Exfiltration Applications


NetStandard’s Security Minute Series 

In 2011, the IT world was shocked to learn that RSA was hacked, and the seed values for SecurID tokens were stolen. This left every SecurID token in the world vulnerable and exposed – if you were in the industry at the time, you surely remember this incident. Now, 10 years later, the NDAs have expired and the full story is out: The Full Story of the Stunning RSA Hack Can Finally Be Told | WIRED

  • Spoiler alert: It began with a phishing email, containing a malicious Excel attachment titled “2011 Recruitment Plan.” It’s a trap!

Want to play with Microsoft 365 E5 in a sandbox, and really get hands-on with all of the advanced tools and functions? Get a free, renewable E5 developer subscription here (really!): Developer Program – Microsoft 365

The DarkSide ransomware gang, which was responsible for Colonial Pipeline, is believed to have made over $90 million in just nine months, based on transfers into its Bitcoin wallet. The average payment was $1.9 million: Darkside gang estimated to have made over $90 million from ransomware attacks | The Record by Recorded Future
In a ransomware incident, the attackers normally try to exfiltrate data out of the network, so they can threaten to leak that data if you don’t pay the ransom. Two ways this is done are through Rclone and MegaSync. How to proactively detect and block these applications: Rclone Wars: Transferring leverage in a ransomware attack (
CISA has published detailed technical guidance for how to evict an attacker from your network, once that attacker has breached Active Directory and/or Azure Active Directory. It includes a lot of good advice in general: Eviction Guidance for Networks Affected by the SolarWinds and Active Directory/M365 Compromise | CISA
On another note…



For over 25 years, NetStandard has been providing a wide range of technical solutions to various industries in the Kansas City metro area.