It’s even possible for you to sync with shared folders that other Mega users have published, which is a neat feature that’s spawned some interesting communities. One reason to do this is to create a curated folder that you can share with other Mega users. It also serves as a front end to your cloud, which means that you can download and upload files and folders manually. You can also manipulate contacts and permissions and have those settings distributed to all of your synced devices. You can even exclude file formats either globally or on a per-device basis, which means you can set MegaSync to never put an MP3 on your iPhone. If you have a folder with MP3s that don’t run on your iPhone, simply exclude that folder from that device. You can even dictate on a per-file and per-folder basis what items are uploaded and downloaded automatically. Power users will find a plethora of options to configure their personal space within the cloud as well as synchronization options. In fact, these programs will self-configure for the most part, and casual users can take a very hands-off approach if they want. Installing and configuring the various Mega clients is also very simple. You can even sync all of these different devices to a single Mega account, which is very convenient. A Mega account is platform-independent, and there are programs available for Windows, Mac, iOS, Android, and so forth. Mega is a paid service, but it offers a free account that come with 50 GB of storage space and has access to most features. It’s a proprietary program that’s used exclusively for the Mega cloud storage service. MegaSync is not an app that runs independent of a service. Set up network controls to block connections to its associated domains, such as .nz, mega.io, and mega.nz.MegaSync is a program that lets you access and synchronize devices to the cloud storage service provided by Mega. Configure EDR tools to detect or prevent its use. If your organization does not have a legitimate business case for MEGA software, consider blocking it. MEGA Log Analysis - Identifying the Attacker's AccountĪn interesting entry appears if you search for "email" or "emails." Though we could not confirm it, the entry appears to reveal the email account that the attacker used to authenticate with MEGA.Įxamining the MEGA logs is a useful for investigating data theft and and extortion incidents. We can identify these failed uploads by searching the logs for "(UPLOAD) finished with error" In our case, many files failed to upload after we severed the system's network connection. Just because a file was queued, does not mean the upload was successful. MEGA Log Analysis - Identifying Failed File Uploads These entries are important because they show the specific systems, folders, and files that the attacker targeted. We believe these events are recorded as the files are queued but are not yet uploaded. We can identify the full file locations by reading the "Async open finished" events. However, this only gives us the filenames, not the full folder path and drives that those files came from. To count the number of uploaded files, pipe the zgrep results to wc and note the first number ( zgrep 'Upload complete' * | wc): MEGA keeps track of the file successfully uploaded and logs the entries as "Upload complete:" We can search for these files using zgrep ( zgrep 'Upload complete' *): MEGA Log Analysis - Identifying Stolen Files log *) or search them as-is using zcat -f and zgrep. You can decompress the logs using gunzip ( gunzip -S. With the exception of the most recent active log file, the older logs are compressed using gzip. MEGAsync's logs are stored in a "logs" folder in the same location as the MEGAsync.exe binary. Look for it installed in places like C:\Users\\AppData\Local\MEGAsync\MEGAsync.exe and C:\ProgramData\MEGAsync\MEGAsync.exe. It installs like any other Windows application. Their MEGAsync software works how you would expect it: you point it at folders and shared drives and it uploads those files up to the cloud. MEGA is a legitimate cloud backup service that has become a favorite for RaaS threat groups.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |