In this way, successful detection requires that you are able to determine the true identity of a given process regardless of what it claims to be. It’s important to understand these baseline attributes because adversaries rarely execute tools like MegaCmd or MegaSync under their original filename. Under normal circumstances, you can expect MegaSync to have the following attributes: This tool offers many of the same capabilities as MegaSync but from the command line. In addition to MegaSync, we’ve also observed adversaries using the interactive command line variant known as MegaCmd. One such utility is Mega’s main client application MegaSync, which is designed for routine file transfers and operates similarly to other cloud storage software such as Google Drive and Dropbox. Simply blocking network connections to Mega-related IP addresses might be a viable security control in certain environments, but detecting the actual file transfer utilities that adversaries leverage will offer better defense-in-depth against illicit data transfer. Rather than hassling with hosting their own file sharing servers, adversaries would rather make use of already existing cloud storage, especially ones that allow semi-anonymous payment via cryptocurrency like Bitcoin. Mega provides users with end-to-end encryption of files, a free basic storage tier, and a suite of tools used to transfer files remotely. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |