• Read

    Click here to download our Incident Response Datasheet.


    Click here to download our Corporate Datasheet.


    Click here to download our Security Intelligence White Paper.

  • News and Events
    April 30, 2013 - Dark Reading: Chinese Cyberespionage: Brazen, Prolific, And Persistent - The APT1/Comment Crew appears to have done little to change its tactics and methods of attack even after it was unmasked with key intelligence from Mandiant. Cyber Squared last week unveiled new evidence of the group targeting the defense and aerospace community using many of the same techniques and command-and-control (C&C) capabilities as before.

    April 29, 2013 - The Register: Chinese cyber-spook crew back in business, say security watchers - Cyber Squared has been tracking numerous Chinese cyber espionage threat groups within ThreatConnect.com and crowd-sourcing threat intelligence with nearly 400 global security researchers. All signs suggest that “Comment Crew" and other Chinese APT threat groups are still conducting exploitation operations. In fact, there has been little change detected within "Comment Crew" operations.

    April 26, 2013 - USA Today: Cyberspying from North Korean IP addresses spike - Speaking of which, security start-up Cyber Squared on Thursday reported that the "Comment Crew" also known as "APT1" is back in action. You may recall this spy gang with ties to the Chinese military grabbed headlines a couple of months ago when forensics firm Mandiant released a detailed report of how the gang's day-to-day activities.

    Read More

    News and Events
    Register to attend Cyber Squared’s Threat Intelligence quarterly update webinar. Spend your lunch hour with our intelligence team on Wednesday, April 17th as they review noteworthy events, case studies, and ThreatConnect updates from the first quarter.

    April 13, 2013 - CSO: Targeted social media attacks said to be underreported - Security company Cyber Squared reported this week how three Chinese political activists in and outside of the country were sent tweets from Twitter that contained links to two compromised websites.

    April 10, 2013 - ThreatPost: Rogue Twitter Account Used in Targeted Attacks Against Free Tibet Supporters - Researchers at Cyber Squared, an Arlington, Va.-based security company, published their findings this week. The links in the tweets, analyst Wes Hurd wrote, led to a Tibet WordPress blog and a Chinese-language forum; both served up Adobe Flash exploits used in the past to attack aerospace companies as well as an online payroll provider.

    Read More

    News and Events
    March 21, 2013 - Alienvault Labs: New Sykipot developments - Cyber Squared Sykipot research was mentioned in this Alienvault Labs blog post. In the post, Alienvault Labs exposes several campaigns and new versions of the backdoor they have used to access the compromised systems.

    March 21, 2013 - The Register: Cyberspies send ZOMBIES to steal DRUGS from medical research firms - Cyber-espionage crews have been targeting the lucrative medical and life science industries using custom malware and spear-phishing, according to new research. Security intelligence firm Cyber Squared said that at least three distinct groups have targeted the industry for more than two years since 2010.

    March 14, 2013 - Dark Reading: Medical Industry Under Attack By Chinese Hackers - Multiple gangs of Chinese cyberespionage hackers are now targeting the healthcare and medical/life sciences industries. Most every industry is fair game for cyberespionage these days -- so it's no surprise that the healthcare and medical industry would come up on the list -- but, to date, it has been a field more abused by cybercriminals motivated by medical identity theft and other financial fraud.

    Read More

    News and Events
    March 15, 2013 - Tenable Blog: Searching for Custom Malicious File Hashes with Nessus - Cyber Squared mentioned in Tenable blog on Nessus malicious process detection plugins were recently enhanced to allow for searching with custom file hash lists. This allows organizations to add their own sources of malicious file hashes into Tenable's set of cloud-based hashes and botnet checks.

    February 27, 2013 - USA Today: Security tools reveal cyberintruders' trickery - Cyber Squared, for one, has built openness into its business model. The security start-up recently launched ThreatConnect.com, an online exchange where some 150 security researchers and 45 organizations convene around the clock to share data and brainstorm.

    February 27, 2013 - The Register: APT1, that scary cyber-Cold War gang: Not even China's best - Shanghai hackers APT1 - outed this month in a high-profile report that linked them to the Chinese military - may not be China's top cyber-espionage team despite its moniker. Security experts say the team is more prolific than leet.

    Read More

Incident Response Services

We step in when you are a victim of cyber crime or espionage

We offer comprehensive Incident Response and Incident Handling services to help you manage any incidents of cyber-attack.  Our team of experienced analysts works to provide you with a thorough understanding of the situation.  This may include: length of time your network has been compromised, targeting techniques, malware used, motive, possible data stolen, etc.

Cyber Squared’s Incident Response and Incident Handling Services

When you have been compromised, we understand your need to contain the situation and begin an investigation as quickly as possible.  We share your sense of urgency. We are able to respond domestically within hours and work with your internal resources to help control the situation.  Internationally, we are able to respond to more than 150 countries within 8-24 hours.  Once on-site, we meet with your staff to develop a project plan and timeline, understand the situation and begin forensic collections.

Our services start by fully understanding the technical details of the intrusion and to that end, we perform forensically sound imaging of computers and servers, complete intrusion analysis, malicious code analysis, network forensics and mediation recommendations.  Our methodology revolves around our ability to collect and use cyber intelligence in an effective method during the investigation.  We utilize the network security logs, malicious code samples along with our repository of attack indicators to conduct the investigation quickly and efficiently.   Throughout the investigation we continuously provide detailed reporting and coordination whenever new findings are identified.

Additional complementary security services that we are offer in support of incident response investigations include: 

  • Malicious Code Analysis – Quick and reliable analysis of malware will determine the changes made to infected systems, functionality of the code and provide preliminary host and network-based detection signatures.
  • Cryptanalysis – Providing recovery of encrypted documents, hard drives, compressed file formats and storage containers that were utilized or created during the incident allows a better understanding of attacker attributes and potential compromises.
  • Threat Mitigation Review – Thorough examination of how sophisticated cyber threats exploit gaps in network defenses and security policies in order to identify risks to your organization’s business processes.
  • Penetration Testing – Complete wired and wireless network penetration testing services will allow active risks and threats to your enterprise.  Active exploitation of vulnerabilities can clearly depict the level of effort required by attackers to gain access to your intellectual property.

 

At Cyber Squared, our sole mission is to help defend and protect your organization.  Cyber-attacks cannot be prevented completely, but we can help you proactively manage cyber risks and contain the threats that are identified.

 

Suggested reading: