FEATURED

Security Telemetry Evolution: The Year of the In-Memory Graph?

The volume of cybersecurity telemetry generated continues to explode, but so much of it is proprietary there is really no way to make all that telemetry meaningful and make decisions based on it - until now...  Read More

Latest Posts

Not All XDR is Created Equal

With so many XDR solutions available on the market today, organizations need to be careful about which one they choose. That’s because not all XDR platforms are created equal or deliver the same type of value - here's how to sort it all out...

June 29, 2022 / 4 minute read

What are the Legal Implications from a Ransomware Attack?

There are a variety of factors and risks which must be considered when deciding whether to pay a ransom, and organizations will need to be able to establish some level of attribution to know if the threat actor is subject to sanctions levied against specific nations...

June 28, 2022 / 6 minute read

Malicious Life Podcast: The Cypherpunks Who Invented Private Digital Money

Years before credit card transactions gave banks and data-brokers free access to our private financial information, a man named David Chaum became the first person to really, materially grapple with the problem of privacy in money. His ideas inspired a movement of "Crypto Anarchists" who aspired to change money forever - check it out...

June 27, 2022 /

Webinar July 14th 2022: Ransomware Labs

With the new Cybereason Ransomware Range experience, you will have the chance to witness first-hand the RansomOps techniques employed by threat groups from initial intrusion, lateral movement, privilege escalation to full network compromise. Most importantly, you’ll see where and how these operations can be predicted, detected, and stopped dead in their tracks...

June 27, 2022 / 1 minute read

Cybereason vs. Black Basta Ransomware

In just two months, Black Basta has added nearly 50 victims to their list, making them one of the more prominent ransomware gangs. The attackers infiltrate and move laterally throughout the network in a fully-developed RansomOps attack. The Cybereason Nocturnus Team assesses the threat level as HIGH SEVERITY given the destructive potential of the attacks...

June 24, 2022 / 6 minute read

THREAT ALERT: Follina/MSDT Microsoft Office Vulnerability

A Microsoft Office code execution vulnerability dubbed “Follina” allows delivery of malware without needing the victim to allow macro execution and is very likely to be mass-exploited. The Cybereason Defense Platform detects and prevents the exploitation of Follina and enables effective hunting of this vulnerability...

June 22, 2022 / 3 minute read

See All Posts
Newsletter

Never miss a blog.

Get the latest research, expert insights, and security industry news...

Subscribe Here!

Latest Videos

Improving SOC Workflows with Cybereason Role-Based Incident Response

The Cybereason Defense Platform offers multi-tenancy capabilities to enable SOC teams to divide workflows based on roles...

May 27, 2022

Cybereason vs. Quantum Locker Ransomware

The AI-driven Cybereason XDR Platform detects and blocks MountLocker ransomware which launched back in September 2020. Since then, the attackers have rebranded the operation as AstroLocker, XingLocker, and now in its current phase, the Quantum Locker...

May 9, 2022

Cybereason XDR: Intelligence-Driven Hunting and Investigation

Threat intelligence is transparently integrated into every aspect of the AI-driven Cybereason XDR Platform to enable Threat Hunting for behavioral TTPs...

March 9, 2022

Cybereason vs. BlackCat Ransomware

BlackCat Ransomware gained notoriety quickly leaving a trail of destruction behind it, among its recent victims are German oil companies, an Italian luxury fashion brand and a Swiss Aviation company. Cybereason XDR detects and blocks BlackCat Ransomware...

March 1, 2022

More Videos
Security Telemetry Evolution: The Year of the In-Memory Graph?

The volume of cybersecurity telemetry generated continues to explode, but so much of it is proprietary there is really no way to make all that telemetry meaningful and make decisions based on it - until now...

June 30, 2022 / 3 minute read

Not All XDR is Created Equal

With so many XDR solutions available on the market today, organizations need to be careful about which one they choose. That’s because not all XDR platforms are created equal or deliver the same type of value - here's how to sort it all out...

June 29, 2022 / 4 minute read

What are the Legal Implications from a Ransomware Attack?

There are a variety of factors and risks which must be considered when deciding whether to pay a ransom, and organizations will need to be able to establish some level of attribution to know if the threat actor is subject to sanctions levied against specific nations...

June 28, 2022 / 6 minute read

Malicious Life Podcast: The Cypherpunks Who Invented Private Digital Money

Years before credit card transactions gave banks and data-brokers free access to our private financial information, a man named David Chaum became the first person to really, materially grapple with the problem of privacy in money. His ideas inspired a movement of "Crypto Anarchists" who aspired to change money forever - check it out...

June 27, 2022 /

Webinar July 14th 2022: Ransomware Labs

With the new Cybereason Ransomware Range experience, you will have the chance to witness first-hand the RansomOps techniques employed by threat groups from initial intrusion, lateral movement, privilege escalation to full network compromise. Most importantly, you’ll see where and how these operations can be predicted, detected, and stopped dead in their tracks...

June 27, 2022 / 1 minute read

Cybereason vs. Black Basta Ransomware

In just two months, Black Basta has added nearly 50 victims to their list, making them one of the more prominent ransomware gangs. The attackers infiltrate and move laterally throughout the network in a fully-developed RansomOps attack. The Cybereason Nocturnus Team assesses the threat level as HIGH SEVERITY given the destructive potential of the attacks...

June 24, 2022 / 6 minute read

THREAT ALERT: Follina/MSDT Microsoft Office Vulnerability

A Microsoft Office code execution vulnerability dubbed “Follina” allows delivery of malware without needing the victim to allow macro execution and is very likely to be mass-exploited. The Cybereason Defense Platform detects and prevents the exploitation of Follina and enables effective hunting of this vulnerability...

June 22, 2022 / 3 minute read

Malicious Life Podcast: Celebrating Five Years of Malicious Life

This special Malicious Live Ask Us Anything event celebrates the 5 year anniversary of the show: How did Malicious Life come to be? How do we choose the stories we tell? Who was Ran's most memorable guest? And why does Nate keep inserting weird names into the scripts? Check it out…

June 21, 2022 /

Cybereason CEO Lior Div Named 2022 EY ‘Entrepreneur of the Year’ for New England

Cybereason CEO Lior Div has been named Ernst & Young Entrepreneur Of The Year® 2022 for New England, one of the preeminent business awards for entrepreneurs and leaders of high-growth companies...

June 21, 2022 / 2 minute read

Malicious Life Podcast: Hackers vs. Spies - The Stratfor Leaks Part 2

Hector - better known as Sabu, the ringleader of the LulzSec hacking group - knew the FBI was on to him. But it turned out that of all the people who broke or disregarded the law in this particular story, only one man had a reason to be worried: Jeremy Hammond - check it out…

June 17, 2022 /

How AI-Driven XDR Defeats Ransomware

Security teams shouldn’t need to manually triage and investigate disparate alerts from an array of solutions–they need to focus on shutting down a ransomware campaign as quickly as possible...

June 15, 2022 / 4 minute read

Defending Against the Five Stages of a Ransomware Attack

To defend against the latest threats, it is necessary to understand the scope of ransomware attacks in general and how they unfold so proactive anti-ransomware strategies can be adopted to better protect organizations from being victimized...

June 14, 2022 / 5 minute read

Malicious Life Podcast: Hackers vs. Spies - The Stratfor Leaks Part 1

George Friedman and Jeremy Hammond are two very different people: the former is a capitalist middleman, the latter an anarchist-communist hacker. A spy and a hacker; but in certain respects, they’re actually quite similar in what lines they are willing to cross to get to their goal - check it out…

June 13, 2022 /

Report: Ransomware Attacks and the True Cost to Business 2022

The study once again finds that ‘it doesn’t pay-to-pay’ a ransom demand, as 80% of organizations that paid were hit by ransomware a second time, with 68% saying the second attack came in less than a month with threat actors demanding a higher ransom amount...

June 7, 2022 / 2 minute read

Webinar June 30th 2022: Live Attack Simulation - Ransomware Threat Hunter Series

Learn how mature security teams effectively counter modern ransomware operations (RansomOps) and avoid a system-wide takeover by bad actors - all delivered through a step-by-step walkthrough of a ransomware attack...

June 3, 2022 / 1 minute read

Latest SOC Survey Anticipates Shift Toward MDR and XDR

The challenges faced by SOCs—workforce shortages, lack of visibility, tool sprawl and alert overload—will likely result in increased adoption of Managed Detection and Response (MDR) services and and Extended Detection and Response (XDR) solutions...

June 2, 2022 / 3 minute read

How to Choose the Right Endpoint Sensor

Like EDR solutions, not all endpoint sensors are created equal. The Cybereason Sensor is lightweight, low impact, universally deployable, and offers the deepest visibility of any sensor in the endpoint market...

June 1, 2022 / 5 minute read

Spear Phishing: A Technical Case Study for XDR

Unlike more traditional tools, an XDR solution cuts through the noise to deliver efficiency through context-rich correlations that leverage all of an organizations’ security telemetry from across disparate sources to quickly answer the question "are we under attack?"

June 1, 2022 / 5 minute read

Malicious Life Podcast: Catching A Cybercriminal

AbdelKader Cornelius, a German Threat Researcher and an expert on the cybercrime ecosystem, shares a story about how he helped German police put a sophisticated cybercriminal behind bars by uncovering tiny mistakes the hacker made in the past. - check it out…

May 31, 2022 /

Webinar June 23rd 2022: Live Attack Simulation - XDR vs. Modern Ransomware

Join us for an examination of what a modern ransomware attack chain looks like and how an XDR solution can be leveraged to detect and stop complex ransomware attacks at the earliest stages, long before the actual ransomware payload is delivered...

May 31, 2022 / 1 minute read

Improving SOC Workflows with Cybereason Role-Based Incident Response

The Cybereason Defense Platform offers multi-tenancy capabilities to enable SOC teams to divide workflows based on roles...

May 27, 2022 / 1 minute read

Defend Forward in the Private Sector

Proactive deterrence strategies like Defend Forward are increasingly urgent for the private-sector as they struggle to safeguard intellectual property against nation-state cyber espionage and protect their businesses from cybercrime-driven ransomware attacks...

May 26, 2022 / 2 minute read

Cybereason Taps Osamu Yamano as President of Japanese Operations

The Cybereason Team is really excited to welcome Osamu Yamano as President of Cybereason Japan. Yamano will oversee the company’s operations in the region and will be responsible for expanding Cybereason business opportunities...

May 26, 2022 / 2 minute read

Securing Your Organization’s Digital Transformation with XDR

To Defend Forward means aggressively collecting intelligence about adversaries’ tactics and strengthening proactive resiliency across the organization to make it more costly for adversaries to achieve their objectives...

May 25, 2022 / 4 minute read

Cybereason Improves Investigation, Enhances Protection and Infrastructure Management

The latest release of the Cybereason Defense Platform significantly improves investigation, enhances protection and infrastructure management...

May 25, 2022 / 3 minute read

Malicious Life Podcast: What The LinkedIn Hack Taught Us About Storing Passwords

An anonymous hacker posted a list of 6.5 Million encrypted passwords for LinkedIn users on a Russian forum. These passwords were hashed using an outdated and vulnerable hashing algorithm and were also unsalted. Lawsuits followed shortly… can we trust big organizations to keep our secrets safe? Check it out…

May 24, 2022 /

Targeted by Ransomware? Here are Three Things to Do Straight Away

The only way organizations can successfully defend against ransomware and RansomOps attacks is to be able to detect them early and end them before any data exfiltration or encryption of critical files and systems can take place...

May 24, 2022 / 4 minute read

Defend Forward

Cybereason CEO Lior Div talks about the inaugural report from the Cyber Defenders Council and why the principles of Defend Forward are important for cybersecurity...

May 23, 2022 / 2 minute read

Ransomware: What’s in a Name?

We continue to use the same name to describe a problem that has evolved over time and is significantly more complex today. Many are really unprepared to counter the threat as it exists today...

May 18, 2022 / 3 minute read

Cyber Defenders Council Report: Defend Forward - A Proactive Model for Cyber Deterrence

The Cyber Defenders Council is an independent group of preeminent cybersecurity leaders from public and private sector organizations around the world with the mission to adapt Defend Forward deterrence concepts for the private sector - read the inaugural report here...

May 17, 2022 / 1 minute read

Malicious Life Podcast: Inside Operation CuckooBees

We delve into a recently discovered cyber-espionage campaign targeting the Defense, Energy, Aerospace, Biotech and Pharma industries conducted by the Winnti Group (APT 41, BARIUM, and Blackfly) - a Chinese state-sponsored APT group known for its stealth and sophistication...

May 17, 2022 /

Cybereason Named to CNBC 2022 Disruptor 50 List for Second Consecutive Year

Cybereason has been named to the exclusive 10th Annual CNBC Disruptor 50 list of the most disruptive private global companies, joining other esteemed rapid-growth companies including Canva, Blockchain.com, Stripe, Chime and more...

May 17, 2022 / 1 minute read

Cybereason Named Overall Leader in 2022 KuppingerCole Leadership Compass

Cybereason named an Overall Leader in the 2022 KuppingerCole Leadership Compass for vendors in the Endpoint Protection, Detection & Response (EPDR) market...

May 16, 2022 / 2 minute read

Achieve Faster, More Accurate Response with Cybereason Threat Intelligence

Here's a look at the many ways Cybereason Threat Intelligence tells the difference between benign and malicious activity to keep your security team focused...

May 16, 2022 / 4 minute read

Webinar June 2nd 2022: Live Attack Simulation - Ransomware Threat Hunter Series

Learn how mature security teams effectively counter modern ransomware operations (RansomOps) and avoid a system-wide takeover by bad actors - all delivered through a step-by-step walkthrough of a ransomware attack...

May 16, 2022 / 1 minute read

Behavioral Execution Prevention: Next-Generation Antivirus Evolved

Behavioral Execution Prevention stops threats posed by malicious actors who use trusted operating system software and native processes to conduct attacks...

May 13, 2022 / 2 minute read

Russia Is Waging Cyberwar–with Little Success

Cybereason CEO Lior Div provides perspective on the cyber component of Putin's invasion of Ukraine, and why it is important for organizations to Defend Forward...

May 12, 2022 / 2 minute read

Employee Spotlight: Why People are Key to Cybereason Success

Tim Weis, who was recently promoted to Senior Talent Acquisition Partner, supports hiring for some of our US-based teams and helps each of them scale and grow. Learn more about Tim and why he says this is an exciting time to join Cybereason...

May 12, 2022 / 3 minute read

Harnessing the Power of AI-Driven XDR

AI/ML is really good at analyzing large data sets with a high degree of accuracy to identify events of concern at a scale manual human analysis can never match, relieving security teams of the tedious task of sorting the signal from the noise...

May 11, 2022 / 4 minute read

New Cybereason Incident Response and Professional Services Bundles Include Unlimited Support

Cybereason has launched subscription-based bundles for unlimited Incident Response and Professional Services that deliver the speed and agility needed to quickly identify, correlate and contain threats while reducing costs by as much as thirty percent...

May 10, 2022 / 2 minute read

Cybereason vs. Quantum Locker Ransomware

The AI-driven Cybereason XDR Platform detects and blocks MountLocker ransomware which launched back in September 2020. Since then, the attackers have rebranded the operation as AstroLocker, XingLocker, and now in its current phase, the Quantum Locker...

May 9, 2022 / 5 minute read

Malicious Life Podcast: How to Russia-Proof Your Democracy

In 2007, Estonia suffered a large-scale DDoS attack which crippled many organizations and digital services. Joseph Carson, a Security Scientist and adviser to several governments discusses the lessons learned from that event and how Estonia became 'A Cloud Country' - check it out…

May 9, 2022 /

How Do Ransomware Attacks Impact Victim Organizations’ Stock?

After all the big ransomware attack headlines, one might be inclined to think that a successful ransomware attack would also impact a victim organization’s stock price over the long term, but so far that's not the case according to several studies...

May 9, 2022 / 5 minute read

The Global Impact of Operation CuckooBees

Lior Div, co-founder and CEO of Cybereason, talks about the Operation CuckooBees revelations and the broad global impact of intellectual property theft.

May 6, 2022 / 2 minute read

How the MalOp Can Facilitate New Breach Reporting Rules

The Cybereason MalOp will be key to the ability of financial institutions to meet the new 36 hour cybersecurity incident reporting deadline...

May 5, 2022 / 2 minute read

Webinar May 25th 2022: Organizations at Risk: Ransomware Attackers Don’t Take Holidays

Join us for this live webinar as we delve into research findings about the risk to organizations from ransomware attacks that occur on weekends and holidays and how you can better prepare to defend against them...

May 5, 2022 / 1 minute read

Operation CuckooBees: Cybereason Uncovers Massive Chinese Intellectual Property Theft Operation

Cybereason recently an attack assessed to be the work of Chinese APT Winnti that operated undetected, siphoning intellectual property and sensitive data - the two companion reports examine the tactics and techniques of the overall campaign as well as more detailed analysis of the malware arsenal and exploits used...

May 4, 2022 / 4 minute read

Operation CuckooBees: Deep-Dive into Stealthy Winnti Techniques

Cybereason investigated multiple intrusions targeting technology and manufacturing companies located in Asia, Europe and North America. Based on the findings of our investigation, it appears that the goal behind these intrusions was to steal sensitive intellectual property for cyber espionage purposes...

May 4, 2022 / 11 minute read

Operation CuckooBees: A Winnti Malware Arsenal Deep-Dive

This research zeroes in on the Winnti malware arsenal and includes analysis of the observed malware and the complex Winnti infection chain, including evasive maneuvers and stealth techniques that are baked-in to the malware code...

May 4, 2022 / 19 minute read

Webinar May 19th 2022: Live Attack Simulation - XDR vs. Modern Ransomware

Join us for an examination of what a modern ransomware attack chain looks like and how an XDR solution can be leveraged to detect and stop complex ransomware attacks at the earliest stages, long before the actual ransomware payload is delivered...

May 3, 2022 / 1 minute read

The U.K. Cyber Strategy: Developing Cybersecurity Skills, Knowledge and Culture

Greg Day, Cybereason’s VP and Global Field CISO for the EMEA region, offers his perspective on developing cybersecurity skills, knowledge, and culture...

May 3, 2022 / 3 minute read

Webinar May 12th 2022: Live Attack Simulation - Ransomware Threat Hunter Series

Learn how mature security teams effectively counter modern ransomware operations (RansomOps) and avoid a system-wide takeover by bad actors - all delivered through a step-by-step walkthrough of a ransomware attack...

May 2, 2022 / 1 minute read

Malicious Life Podcast: Operation Sundevil and the Birth of the EFF

In May 1990, a massive operation carried out by hundreds of Secret Service and FBI agents was focused on a new type of crime: Hacking. But every action has an equal and opposite reaction, and the reaction to Operation Sundevil was the birth of a new power in the cybersphere: the Electronic Frontier Foundation - check it out…

May 2, 2022 /

Cybereason and Google Cloud: This is XDR Tour

Cybereason and Google executives will explain how the security industry can better defend against novel attacks through a live demonstration of how Cybereason XDR powered by Google Cloud reverses the adversary advantage and returns the high ground to Defenders...

April 28, 2022 / 1 minute read

The U.K. Cyber Strategy and Minimizing the Impact of Cybersecurity Incidents

Cybereason XDR supports the U.K. Cybersecurity Strategy objective of minimizing the impact of cybersecurity incidents...

April 28, 2022 / 2 minute read

Distributed Machine Learning Models Done Right

In this article you’ll get an overview of the key challenges common to distributed Machine Learning (ML) architectures frequently seen in IOT devices and security solutions...

April 27, 2022 / 4 minute read

Why XDR Adoption Should Be a CISO Priority

An AI-driven XDR solution allows Defenders to move from a "detect and respond" mode to a more proactive “predictive response” posture where the likely next steps in an attack are anticipated and blocked...

April 27, 2022 / 3 minute read

The State of Ransomware in the Retail Sector

Three-quarters of Retail organizations reported a significant loss of revenue after suffering a ransomware attack, more than half (58%) experienced employee layoffs, and one third were forced to temporarily suspend or halt their business operations altogether...

April 26, 2022 / 5 minute read

Malicious Life Podcast: MITRE Attack Flow Project

The MITRE Attack Flow Project is a new way to visualize, analyze and share knowledge about sequences of adversary behavior. Ingrid Skoog, Ass. Director of R&D at the Center for Threat-Informed Defense, and Cybereason CISO Israel Barak discuss the benefits of the MITRE Attack Flow project to Defenders and executives alike - check it out…

April 25, 2022 /

THREAT ANALYSIS REPORT: SocGholish and Zloader – From Fake Updates and Installers to Owning Your Systems

This report provides unique insight into SocGholish and Zloader attacks and provides an overview of the common tactics and techniques in SocGholish infections...

April 25, 2022 / 14 minute read

Seven Ways Cybereason Enhances Your Cyber Insurance Investment

If your organization needs cyber insurance or if you're up for renewal, get ready to meet these "minimum requirements." Here's seven ways Cybereason can enhance your cyber insurance investment...

April 22, 2022 / 5 minute read

Leveraging Cybereason DFIR to Contain Attacks in Minutes

Cybereason has announced the availability of Cybereason DFIR, a solution designed to automate incident response (IR) investigations by incorporating nuanced forensics artifacts into threat hunting, reducing remediation time by enabling security analysts to contain cyberattacks in minutes...

April 21, 2022 / 2 minute read

How Strategic Detections Set XDR Apart

Most XDR platforms ingest a variety of threat intelligence to spot known Indicators of Compromise (IOCs), but only an AI-driven XDR solution can detect based on the more subtle chains of activity known as Indicators of Behavior (IOBs)...

April 20, 2022 / 4 minute read

Malicious Life Podcast: The Aaron Swartz Story

When 24-year-old Aaron Swartz was caught scraping millions of science articles off of JSTOR, he faced up to 35 years in prison plus a fine of up to 1 million dollars. Did Aaron's crime justify such a harsh punishment? Check it out…

April 19, 2022 /

Ransomware Attacks: Can Cyber Insurance Protect Your Organization?

Nearly half of organizations with cyber insurance in place when they were victims of a ransomware attack said that their insurer only covered a portion of their losses, so they still needed to pay out of pocket significantly to cover the recovery costs...

April 19, 2022 / 3 minute read

SOC Modernization: Measures and Metrics for Success

To have confidence we can block the attack, we will have invested time and resources to build out the MalOp, and as such we should track our blocking controls to see which have the greater longevity against the adversary...

April 14, 2022 / 3 minute read

Everything Cybereason at the 2022 RSA Conference!

Don’t miss the immersive digital experience at Cybereason booth S-735 in the South Expo Hall packed with informative in-booth theater presentations, enjoy more briefings at the Cybereason Lounge at the Four Seasons, score some great swag like a Malicious Life Podcast T-Shirt and more...

April 13, 2022 / 3 minute read

Webinar April 26th: Profile of the Dark Economy of Ransomware

RansomOps have steadily become more sophisticated and more aligned with nation-state actors making ransomware an existential threat for enterprises - join expert Bob Bigman, former CISO for the CIA to learn more about major ransomware groups and how they operate...

April 13, 2022 /

Security Budgets Are Increasing - But So Are Attacks

An AI-driven XDR solution can correlate security telemetry from across the network to produce a complete picture of all elements of an attack to automate responses - basically eliminating the need for SIEM and SOAR tools in most circumstances...

April 13, 2022 / 4 minute read

White Paper: Inside Complex RansomOps and the Ransomware Economy

This white paper examines the growing threat from complex RansomOps, as well as the larger Ransomware Economy, and provides prescriptive guidance for organizations determined to remain undefeated by ransomware attacks...

April 12, 2022 / 1 minute read

Detecting Cyber Events is Key to U.K. Cybersecurity Strategy

Cybereason XDR supports both capability outcomes outlined in the U.K. Government Cybersecurity strategy for detecting cyber events...

April 11, 2022 / 3 minute read

Malicious Life Podcast: The Russia-Ukraine Cyberwar

Several weeks after the invasion of Ukraine by Russian forces, and the lights are still on and other important infrastructure is still operating. Cybereason CEO Lior Div, CTO Yonatan Striem-Amit, and CSO Sam Curry examine what we know so far about the cyber aspect of the conflict...

April 11, 2022 /

Webinar April 27th: Solving the Incident Response Data Problem

Join this informative webinar to learn how the combination of IBM X-Force expertise and cutting edge Cybereason security solutions and DFIR capabilities deliver a faster, more efficient approach to Incident Response...

April 7, 2022 /

Operation Bearded Barbie: APT-C-23 Campaign Targeting Israeli Officials

This APT-C-23 campaign involves of two previously undocumented malware strains dubbed Barb(ie) Downloader and BarbWire Backdoor, which use an enhanced stealth mechanism to remain undetected - in addition, Cybereason observed an upgraded version of an Android implant dubbed VolatileVenom...

April 6, 2022 / 11 minute read

Evaluating XDR Solutions? Caveat Emptor - Buyer Beware

Don’t be fooled by marketing ploys from vendors touting their latest big dollar acquisition of technologies they can’t integrate but still try to pawn off as XDR...

April 6, 2022 / 4 minute read

No Airplane Hacking Episode

Due to some controversy in the community over the airplane hacking episode, we have decided to remove it from the playlist...

April 5, 2022 /

Ransomware vs. AI: The Battle Between Machines

An AI-driven XDR solution can cut through the noise introduced by a constant flood of alerts, allowing security teams to spend less time sifting through alerts and chasing false positives and more time detecting and blocking attacks...

April 5, 2022 / 4 minute read

Cybereason and IBM: A Better Way to do Enterprise IR

Cybereason and IBM are launching a joint solution to address the most critical SOC challenges and significantly improve incident response delivery, triage, and remediation processes...

April 4, 2022 / 3 minute read

Cybereason Posts Best Results in History of MITRE ATT&CK Evaluations

Cybereason leads the industry in the MITRE ATT&CK Enterprise Evaluation 2022, achieving the best results ever in the history of these evaluations...

April 1, 2022 / 3 minute read

Lapsus$ Activity Betrays Nation-State Motivation

Cybereason CSO Sam Curry talks about the potential threat of cyberattacks from Russia in connection with the invasion of Ukraine and why Russia might engage with external cyber mercenaries to get the job done. ..

April 1, 2022 / 6 minute read

Webinar April 14th: Live Attack Simulation - Ransomware Threat Hunter Series

Learn how mature security teams effectively counter modern ransomware operations (RansomOps) and avoid a system-wide takeover by bad actors - all delivered through a step-by-step walkthrough of a ransomware attack...

April 1, 2022 / 1 minute read

Cybereason Excels in the 2022 MITRE ATT&CK® Evaluations: 100% Prevention, Visibility and Real-Time Protection

While other vendors are scrambling to cherry-pick the results and spin up some clever interpretations of the MITRE ATT&CK results, Cybereason is proud to let the evaluation results speak for themselves: Cybereason demonstrated 100% Prevention, 100% Visibility, and 100% Real-Time Protection...

March 31, 2022 / 3 minute read

How Cybereason Enables the U.K. to Defend Against Cyberattacks

The second installment of our five-part series outlining how Cybereason XDR maps to each of the objectives in the U.K. Government Cybersecurity Strategy...

March 31, 2022 / 3 minute read

CISO Stories Podcast: CISO Priorities for 2022

What issues should CISOs be prioritizing, and how can they get the most bang for their buck? An esteemed panel of accomplished security leaders discuss the challenges for 2022 and more - check it out...

March 31, 2022 /

Four Ways XDR Optimizes Your Security Stack

An AI-driven XDR solution enables organizations to embrace an operation-centric approach that delivers the visibility required to be confident they can halt attack progressions at the earliest stages...

March 30, 2022 / 4 minute read

SOC Modernization: A Mission to Block or to Disrupt?

Periodically, every business steps back and asks itself a number of questions around its security resilience, and at the top of the list is the question: Are my response processes still fit for purpose?

March 29, 2022 / 5 minute read

How to Create an Effective Ransomware Response Plan

Organizations need to be capable of responding effectively to a ransomware attack in order to minimize impact to the business. Here are three things they should consider along the way...

March 29, 2022 / 4 minute read

MITRE ATT&CK: Wizard Spider and Sandworm Evaluations Explained

MITRE is the preeminent third-party security solution evaluator. We explain the key metrics to look for in their upcoming Enterprise ATT&CK Evaluation...

March 28, 2022 / 4 minute read

Malicious Life Podcast: DIE - A New Paradigm for Cybersecurity

DIE, an acronym for Distributed, Immutable and Ephemeral, is a framework for designing secure systems where we should treat our precious data less like pets and more like cattle. Sound confusing? New paradigms always are - check it out…

March 28, 2022 /

Webinar April 7th: 2022 MITRE ATT&CK Evaluations Explained

The MITRE ATT&CK evaluations test security vendors’ ability to quickly detect and stop tactics and techniques used by today’s threat actors. In this webinar, we strip down the complexity of the MITRE ATT&CK framework so your organization can leverage it for success...

March 25, 2022 / 1 minute read

CEO Blog Series: No Sector Is Off-Limits for Russian Cyberattacks

The risk of cyberattacks from Russia or threat actors aligned with Russia is high and every organization, regardless of industry or geographic location, needs to be prepared to defend against them...

March 25, 2022 / 2 minute read

CISO Stories Podcast: Why Are We Still Failing at Security?

Wayman Cummings, VP of Security Operations at Unisys, examines how industry stagnation impacts the security for our critical infrastructure, the value true public-private partnerships can bring and more - check it out...

March 24, 2022 /

Cybereason Support for the U.K. Cybersecurity Strategy Part 1

This is the first installment of a five-part blog series in which we will outline how Cybereason XDR maps to each of the five objectives contained in the U.K. Government Cybersecurity Strategy...

March 24, 2022 / 4 minute read

Operational Resilience: Bridging the Communications Gap

The most valuable conversations today are focused on operational resilience, a newer term for the CSO, but less so for most Boards who already know what the processes are to achieve key business outcomes...

March 23, 2022 / 4 minute read

AI-Driven XDR: Defeating the Most Complex Attack Sequences

Unlike pseudo-XDR offerings that are really just EDR tools with a cloud extension, an AI-driven XDR solution does not require that valuable telemetry be filtered out due to a platform’s inability to handle the volume of intelligence available...

March 23, 2022 / 4 minute read

Cybereason Taps Frank Koelmel as EMEA Region General Manager

Cybereason continues its exponential growth and expansion of the team by naming Frank Koelmel as EMEA Region General Manager where he will be overseeing all Cybereason EMEA operations, leading future growth and expansion in the region...

March 23, 2022 / 2 minute read

Authentication Platform Okta Confirms Breach Impacts Customer Base

Authentication platform Okta has confirmed they were breached and customer base impacted after threat actors Lapsus$ gained access to the company’s internal environment...

March 22, 2022 / 3 minute read

Malicious Life Podcast: Cyber PTSD

We usually count the damage from a cyberattack in Dollars and Euros, but the psychological damage to the victims is rarely discussed. Can scams, hacks, and breaches lead to Cyber Post-Traumatic Stress Disorder? Check it out…

March 22, 2022 /

The State of Ransomware in the Manufacturing Sector

Sixty percent of manufacturing organizations said they were struggling to defend against ransomware attacks due to their growing sophistication, while just under half noted that they were likely to get hit at some point...

March 22, 2022 / 3 minute read

Cybereason vs. Carbon Black: Why Delayed Detections Matter

In a recent MITRE ATT&CK test, Carbon Black had a 9% delayed detection rate - delayed detections leave organizations open to ransomware and other attacks...

March 22, 2022 / 5 minute read

Cybereason and Motorola Mobility: Real-Time Network Visibility

The Cybereason MalOp (malicious operation) detection engine allowed a single Lenovo analyst to manage up to 200,000 endpoints, almost three times their current network needs...

March 18, 2022 / 3 minute read

Webinar March 31st: Live Attack Simulation - XDR vs. Modern Ransomware

Join us for an examination of what a modern ransomware attack chain looks like and how an XDR solution can be leveraged to detect and stop complex ransomware attacks at the earliest stages, long before the actual ransomware payload is delivered...

March 17, 2022 / 1 minute read

Enriching Raw Telemetry with the Cybereason Historical Data Lake

The Cybereason Historical Data Lake ingests all available telemetry collected for analysis for two primary use cases: Historical Threat Hunting and Deep Investigation...

March 17, 2022 / 2 minute read

CISO Stories Podcast: The CISO Six Minute Rule

Renee Guttmann needed a way to determine and communicate the right decisions to the organization, so she developed the “Six-Minute Rule” as a guide - Renee explains how to help stakeholders make informed risk/reward decisions - check it out...

March 17, 2022 /

CEO Blog Series: Microsoft Can’t Protect Themselves—How Will They Protect You?

Still considering Microsoft for your security needs? They issued patches for 234 vulnerabilities in just the first Quarter of 2022: 23 are rated Critical and 10 are zero-days--that’s an average of about 8 Critical vulnerabilities and 3 zero-days per month...

March 16, 2022 / 3 minute read

Malicious Life Podcast: How Resilient Is Our Banking System?

What is the most critical of all critical infrastructure? According to Jeff Engles, it's our Banking and Finance systems - Jeff joins us to discuss the resilience of our financial system and potential worst-case scenarios - check it out…

March 16, 2022 /

Leveraging the X in XDR: Correlating Across Multiple Sources of Telemetry

One good way to spot pseudo-XDR offerings is to ask the provider if the tool has the ability to ingest and analyze all available telemetry, or if the platform has limitations that requires "smart filtering" of some or most of the telemetry...

March 16, 2022 / 3 minute read

Webinar April 5th: Assessing the Cyberattack Risk in the Russia-Ukraine Conflict

Cyberattacks by groups supporting Russian interests have been observed, but experts have noted that we likely have not seen the full potential of a Russian cyber offensive yet. A panel of experts will explore the increased risk stemming from the conflict in Ukraine...

March 16, 2022 / 1 minute read

How to Prevent ‘Out of Memory’ Errors in Java-Based Kubernetes Pods

One way to avoid out-of-memory errors is by configuring metrics and alerts that will tell us the story of our app overtime and notify us when something bad may be happening - before it reaches the customer...

March 15, 2022 / 4 minute read

Leveraging Artificial Intelligence to Prevent RansomOps Attacks

Crowdstrike and SentinelOne platforms are forced to filter out critical event telemetry--and while they try to pawn off this deficit as a "feature" by calling it Smart Filtering, eliminating critical telemetry undermines their ability to detect complex RansomOps attacks at the earliest stages...

March 15, 2022 / 4 minute read

Defend Forward: Taking the Fight to the Adversary

Defend Forward means assuming an offensive mindset for proactive defense to disrupt malicious operations earlier...

March 14, 2022 / 2 minute read

Malicious Life Podcast: Crypto AG Part 3 - The Truth is Revealed

This final episode of the series is going to explore how the Crypto AG spying operation was kept secret for over 70 years from governments, military and intelligence services, and even the company’s own personnel - check it out…

March 10, 2022 /

CISO Stories Podcast: Lessons Learned from Building an ISAC

ISACs were formed to promote the centralized sharing of threat intel within a particular sector. Grant Sewell, Director of Security at AHEAD, shares his experience in working with an ISAC and how this benefited his organization - check it out...

March 10, 2022 /

Threat Hunting: From LOLBins to Your Crown Jewels

In certain combinations, some chains of behavior represent an advantage to an attacker - your team must be able to differentiate between benign use vs. the abuse of legitimate tools and processes...

March 9, 2022 / 7 minute read

Cybereason XDR: Intelligence-Driven Hunting and Investigation

Threat intelligence is transparently integrated into every aspect of the AI-driven Cybereason XDR Platform to enable Threat Hunting for behavioral TTPs...

March 9, 2022 / 1 minute read

SecOps: Getting Behind the Wheel with XDR

An AI-driven XDR solution enables SecOps teams to embrace an operation-centric approach that delivers the visibility required to halt attack progressions at the earliest stages...

March 9, 2022 / 3 minute read

International Women’s Day: Defenders Share Advice on How to #BreaktheBias

Cybereason is celebrating International Women’s Day and Women’s History Month through education, activities and events, and we invite all Defenders to join us as we work together to #BreaktheBias...

March 8, 2022 / 4 minute read

CEO Blog Series: Our People are the Secret to the Success of Cybereason

Cybereason CEO Lior Div honors Employee Appreciation Day and reflects on the core values of Cybereason and why it's important to appreciate employees 365 days a year.

March 8, 2022 / 2 minute read

Threat Detection: Making the Complicated Simple Again

Consider how much time your business would allow you for an ALLOW or BLOCK decision in the event of a ransomware attack, and then challenge your team to determine if they have the processes and the skills to achieve it...

March 8, 2022 / 4 minute read

The Impact of Ransomware in the Healthcare Sector

Healthcare organizations need to assume that they’ll be hit, and it’s better to be prepared and never be the victim of a ransomware attack than it is to start the process of bolstering defenses after an attack has been successful...

March 8, 2022 / 3 minute read

Cybereason Taps Security Industry Veteran Greg Day as Global Field CISO

Cybereason continues its exponential growth and expansion of the team by welcoming Greg Day to the company as Vice President and Global Field Chief Information Security Officer (CISO) for the EMEA region...

March 8, 2022 / 1 minute read

DFIR Demystified: Understanding Digital Forensics Incident Response

While not needed for every event and every investigation, DFIR (Digital Forensic Incident Response) is an essential component of the modern security toolkit...

March 7, 2022 / 6 minute read

THREAT ALERT: Emotet Targeting Japanese Organizations

The surge of Emotet attacks targeting Japanese organizations in the first quarter of 2022 is a continuation of the earlier Emotet activity, with some changes in the malware deployment process. The Cybereason XDR Platform detects and blocks Emotet malware...

March 7, 2022 / 3 minute read

Malicious Life Podcast: Quantum Cybersecurity

Quantum Computing is a revolutionary technology, but what's the threat posed by Quantum attacks on encryption, and is the first major attack even closer than most of us think? Check it out…

March 7, 2022 /

Cybereason vs. HermeticWiper and IsaacWiper

Sophisticated multi-stage attacks are delivering highly damaging wipers dubbed HermeticWiper and IsaacWiper. The Anti-Malware capability in the Cybereason XDR Platform detects and blocks these destructive wipers...

March 3, 2022 / 2 minute read

Cybereason and MITRE Engenuity Center for Threat-Informed Defense Launch the Attack Flow Project

Cybereason and the MITRE Engenuity Center for Threat-Informed Defense launch the Attack Flow Project to develop a common data format for describing adversary behavior and improve defensive capabilities...

March 3, 2022 / 2 minute read

CISO Stories Podcast: Richard Clarke - Getting the Board on Board with Security

Richard Clarke, who spent several decades serving Presidents of both parties, provides some pragmatic tips for effectively communicating the need to invest in security in terms the Board of Directors can support - check it out...

March 3, 2022 /

XDR is Here: How and Why to Get Started

AI-driven XDR automatically correlates telemetry from across endpoints, data centers, application suites, user identities and more, freeing security teams from the need to constantly triage a flood of non-contextual threat alerts and false positives...

March 2, 2022 / 3 minute read

Cybereason vs. BlackCat Ransomware

BlackCat Ransomware gained notoriety quickly leaving a trail of destruction behind it, among its recent victims are German oil companies, an Italian luxury fashion brand and a Swiss Aviation company. Cybereason XDR detects and blocks BlackCat Ransomware...

March 1, 2022 / 7 minute read

What’s Next in the Evolution of Complex RansomOps?

Remember, the actual ransomware payload is the tail end of a RansomOps attack, so there are weeks or even months of detectable activity where a ransomware attack can be disrupted before there is serious impact...

March 1, 2022 / 3 minute read

CEO Blog Series: Ukraine Conflict Confirms Russian Cybercrime Connection

Cybereason CEO Lior Div looks at events unfolding with the Russian invasion of Ukraine and what it has revealed about the connection between Russia and the most notorious cybercrime and ransomware gangs...

February 28, 2022 / 2 minute read

Malicious Life Podcast: Crypto AG Part 2 - The Death of Bo Jr.

How did Boris Hagelin succeed in selling compromised cipher machines to half the world over more than 50 years? Was there some kind of backdoor - or it was more clever than that? Check it out…

February 28, 2022 /

How Black History Icon Bessie Coleman Exemplifies Our Core Values

Customer Success Manager Michelle Winters discusses her favorite Black History icon, Bessie Coleman, and how this world-changing leader reflects our Core Values: Daring, UbU, Never Give Up, Ever Evolving, Win As One...

February 24, 2022 / 2 minute read

Two Things Every Zero Trust Initiative Must Have

Achieving Zero Trust requires planetary-scale telemetry and the ability to analyze and correlate it all in real-time - that means Cybereason XDR powered by Google Cloud....

February 24, 2022 / 2 minute read

CISO Stories Podcast: Understanding and Preparing for the Next Log4j

What was the Log4j vulnerability really, what can be done to reduce the risk it poses to organizations, and how can we better prepare for the next Log4j-level event? Benny Lakunishok, CEO of Zero Networks, takes us deeper - check it out...

February 24, 2022 /

Why Telemetry Correlations are Essential to XDR

Most EDRs can’t even handle all the telemetry available from endpoints, so jamming even more data into these tools that can’t actually correlate any of it effectively then trying to pass it off as XDR is simply a fool's errand...

February 23, 2022 / 3 minute read

Three Questions to Ask about Ransomware Preparedness

Organizations need to think strategically and be proactive about ransomware preparedness - here are three questions you should be asking in order to avoid being the victim of a successful RansomOps attack...

February 22, 2022 / 4 minute read

Malicious Life Podcast: Why Do APTs Use Ransomware?

Threat Research lead Assaf Dahan discusses new discoveries about Iranian APTs Moses Staff and Phosphorus that blur the line between state-sponsored attacks and criminal activity - check it out…

February 22, 2022 /

Everything Cybereason at Cybertech Tel Aviv 2022!

Join Cybereason at Cybertech 2022 March 1-3 in Tel Aviv--the cyber ecosystem's foremost networking platform conducting industry-related events all around the globe...

February 22, 2022 / 1 minute read

Shields Up: Is Your Ransomware Protection What It Should Be?

Cybersecurity and Infrastructure Security Agency (CISA) is warning businesses to prepare for ransomware attacks if Russia invades Ukraine - learn how your organizations can be prepared...

February 18, 2022 / 2 minute read

Watch Now: Top CISO Priorities for 2022

What issues should CISOs be prioritizing, and how can they get the most bang for their buck while minimizing risk and maximizing outcomes? Join our panel of esteemed CISOs from multiple industries as they share their perspectives...

February 18, 2022 / 1 minute read

Cybereason Named to 10 Hottest XDR Companies to Watch List for 2022

“Cybereason XDR delivers deep contextual correlations without the need to craft complex syntax queries, which is just one of the many reasons we are seeing rapid adoption of our platform...”

February 17, 2022 / 1 minute read

CISO Stories Podcast: A Cost-Effective Approach to Security Risk Management

How does the CISO establish the value proposition for an investment? Jack Jones, Chief Risk Scientist at RiskLens, discusses using a well-tested risk framework to evaluate current state of loss exposure - check it out...

February 17, 2022 /

Webinar March 17th 2022: Live Attack Simulation - XDR vs. RansomOps

Join us for a look at top ransomware attack trends we’ll see in 2022, what an attack chain looks like, and the Defender’s view inside our AI-driven Extended Detection and Response...

February 17, 2022 / 1 minute read

Securing Critical Infrastructure with XDR

There is the potential for these attacks to cross the cyber-physical divide by inadvertently or purposefully disrupting crucial systems that govern assets that are vital to the economy, national security, or protecting lives...

February 16, 2022 / 4 minute read

Addressing the Risk from Cyberattacks in the Russia-Ukraine Conflict

While cyberwarfare operations are expected to be leveraged in order to distract, disrupt, and destroy systems critical to Ukraine's defense capabilities locally, there is a high probability that Russian operatives might also target organizations beyond the region...

February 15, 2022 / 3 minute read

Cybereason vs. WhisperGate and HermeticWiper

Ukrainian officials attributed the attack to Russia “preparing the ground” for a military invasion with nasty wipers dubbed WhisperGate and HermeticWiper. Cybereason Anti-Ransomware and Anti-MBR corruption technology detects and blocks WhisperGate and HermeticWiper...

February 15, 2022 / 2 minute read

How to Prevent Ransomware Attacks at the Earliest Stages

This ongoing evolution of complex ransomware operations highlights the need to be strategic with RansomOps defense. Specifically, it underscores the importance of an operation-centric approach to RansomOps prevention...

February 15, 2022 / 4 minute read

Cybereason Partners with EGUARDIAN to Defend Organizations Against Complex Cyberattacks

“With Cybereason, I am confident we will be able to give Sri Lankan enterprises the right tools and technologies to successfully overcome increasing global cyber threats..."

February 14, 2022 / 1 minute read

Malicious Life Podcast: Crypto AG - The Greatest Espionage Operation Ever Part 1

General McArthur, Egypt's Anwar Sadat, and Iran's Ayatollah Khomeini: these are just a few of the dozens (likely hundreds) of targets in the biggest, most ambitious hacking operation ever - check it out…

February 14, 2022 /

THREAT ANALYSIS REPORT: All Paths Lead to Cobalt Strike - IcedID, Emotet and QBot

The Cybereason GSOC delivers details on three recently observed attack scenarios where fast-moving malicious actors used the malware loaders IcedID, QBot and Emotet to deploy the Cobalt Strike framework on the compromised systems...

February 10, 2022 / 13 minute read

Cybereason Executives Abigail Maines and Stephan Tallent Named 2022 CRN Channel Chiefs

CRN’s annual Channel Chiefs project identifies top IT channel vendor executives who continually demonstrate expertise, influence and innovation in channel leadership...

February 10, 2022 / 2 minute read

CISO Stories Podcast: Creating Security Budget Where There is No Budget

Security departments need to acquire tool after tool over - Kevin Richards walks through a very creative method for getting the budget you need and explains how to leverage the current environment to “find” new sources of funding...

February 10, 2022 /

Cybereason XDR for Cloud Workloads: A New Approach to Cloud Security

Cybereason XDR for Cloud Workloads secures cloud workloads, containers and hosts at unparalleled speed and scale...

February 9, 2022 / 2 minute read

Debunking Three Common Misconceptions about XDR

An AI-driven XDR solution provides Defenders with the ability to predict, detect and respond to cyberattacks across the entire enterprise network, including endpoints, identities, the cloud, application suites and more...

February 9, 2022 / 4 minute read

Webinar March 9th 2022: Protecting Containers at Runtime with Cybereason XDR for Cloud Workloads

Learn how Cybereason XDR for Cloud Workloads delivers prevention, detection and response capabilities to defend cloud workloads and containers at runtime...

February 9, 2022 / 1 minute read

Cybereason vs. Lorenz Ransomware

Prior to the deployment of the Lorenz ransomware, the attackers attempt to infiltrate and move laterally throughout the organization, carrying out a fully-developed RansomOps attack - the Cybereason XDR Platform fully detects and prevents the Lorenz ransomware...

February 8, 2022 / 7 minute read

Financial Services and the Evolving Ransomware Threat

Attackers’ interest in targeting financial institutions aligns with larger trends that are shaping the ransomware threat landscape, like the increasing complexity of some ransomware operations–or RansomOps...

February 8, 2022 / 3 minute read

Webinar February 24th 2022: Live Attack Simulation - Ransomware Threat Hunter Series

Learn how mature security teams effectively counter modern ransomware operations (RansomOps) and avoid a system-wide takeover by bad actors - all delivered through a step-by-step walkthrough of a ransomware attack...

February 8, 2022 / 1 minute read

Malicious Life Podcast: Why Aren't SMBs Investing in Cybersecurity?

Attacks against Small-to-Medium size businesses (SMBs) accounts for 40% to 50% of all data breaches. Josh Ablett, founder and CISO of Adelia Risk, discusses security for SMBs - spoiler: it's not a pretty picture - check it out…

February 7, 2022 /

Iranian Threat Actors Turn Up Heat on Cyber Cold War

Cybereason CEO Lior Div highlights new research on Iranian threat actors and how attacks blend nation-state adversary and cybercrime threat actor tactics and motives...

February 4, 2022 / 2 minute read

Responding to Multi-Endpoint Threats with XDR

The Cybereason XDR Platform provides a unified view of your endpoints, allowing analysts to quickly remediate complex threats across multiple machines...

February 4, 2022 / 1 minute read

Employee Spotlight: Developing a Unified Security Platform

The Cybereason XDR Platform quickly detects chains of behavior that are either rare or present a strategic advantage to an attacker, allowing analysts to stop attacks before they cause damage...

February 3, 2022 / 4 minute read

CISO Stories Podcast: Do It Internally or Hire a Consultant?

When a particular skill is needed that is not available, what do you do? Should you hire someone externally or bring in a consultant? CISO John Iatonna discusses his experience in making these tough decisions - check it out...

February 3, 2022 /

How Cybereason XDR Supports Zero Trust Initiatives

Cybereason XDR addresses the five core pillars of Zero Trust: device, identity, network, application workload and data...

February 2, 2022 / 3 minute read

XDR: The Key to Empowering Your SOC

XDR can evolve with the changing threat landscape, can allow complex attack operations to be identified at the earliest stages, and can automate responses for a faster mean time to remediation at scale...

February 2, 2022 / 3 minute read

Cybereason XDR: Achieving 10X Reduction in False Positives

The Cybereason MalOp detection engine to identify malicious behaviors with extremely high confidence levels, reducing false positives by a factor of 10...

February 2, 2022 / 2 minute read

StrifeWater RAT: Iranian APT Moses Staff Adds New Trojan to Ransomware Operations

Cybereason discovered an undocumented RAT dubbed StrifeWater attributed to Iranian APT Moses Staff who deploy destructive ransomware following network infiltration and the exfiltration of sensitive data...

February 1, 2022 / 7 minute read

PowerLess Trojan: Iranian APT Phosphorus Adds New PowerShell Backdoor for Espionage

Cybereason discovered a new toolset developed by Iranian APT Phosphorus which revealed a connection to Memento ransomware and includes the newly discovered PowerLess Backdoor that evades detection by running PowerShell in a .NET context...

February 1, 2022 / 8 minute read

Malicious Life Podcast: The Bloody Origins of Israel's Cybersecurity Industry

In this episode, we go back to the Yom Kippur War of 1973 to discover how a national trauma and an intelligence failure paved the way for Israel to become a cybersecurity mini-empire - check it out…

January 31, 2022 /

CISO Stories Podcast: Designing a Shared Vision with IT and the Business

The locus of control has been slipping away from IT teams - and by default Security teams. Scott King, CISO at Encore Capital Group joins the podcast to discuss strategies to remain agile in the face of rapid change - check it out...

January 27, 2022 /

Employee Spotlight: On Values and Culture at Cybereason

"When I first joined, I heard about the 'Defender' concept so much I almost felt skeptical, but the Defender vibe is real, it’s in the DNA of the company - the people here really believe in what we do..."

January 26, 2022 / 3 minute read

The Fog of Cyberwar

As tensions escalate between Russia and the United States over the situation in Ukraine, it is more important than ever for Defenders to be prepared to protect against cyberattacks...

January 25, 2022 / 2 minute read

Three Reasons XDR Should Drive Your Security Strategy

Security teams are short-staffed, network complexity continues to increase and the cost of data breaches is growing - XDR offers an opportunity to reverse these trends and more...

January 25, 2022 / 4 minute read

The Private Infrastructure Security Renaissance

Although it seems counterintuitive and  a throwback to Enterprise IT setups from nearly a decade ago, private infrastructure is in a Renaissance period...

January 24, 2022 / 3 minute read

Ten of the Biggest Ransomware Attacks of 2021

Researchers estimated there would be about 714 million ransomware attacks by the end of 2021, a 134% year-over-year increase from 2020. Let’s take a moment now to examine ten of the biggest ransomware attacks of 2021...

January 24, 2022 / 4 minute read

Malicious Life Podcast: Hacker Highschool

Pete Herzog, co-founder of ISECOM and Hacker Highschool, wants our kids to learn about cybersecurity - especially the more advanced stuff like security analysis and hacking - check it out...

January 24, 2022 /

Cybereason XDR: 10X Faster Threat Hunting

Cybereason XDR connects the dots between seemingly disparate or innocuous events to power 10X improvements in threat hunting...

January 20, 2022 / 3 minute read

CISO Stories Podcast: Moving to the Cloud? Don’t Forget Hardware Security

Steve Orrin, Federal CTO at Intel, joins the podcast to discuss approaches to remaining compliant with the various laws when moving to the cloud - check it out...

January 20, 2022 /

Five Ransomware Myths that Leave Businesses Vulnerable

Remember, the actual ransomware payload is the very tail end of a RansomOps attack, so there are weeks to months of detectable activity prior to the payload where an attack can be intercepted...

January 19, 2022 / 5 minute read

Evaluating Open XDR vs. Native XDR

Open XDR can leverage multiple security tools, vendors and telemetry types, all integrated into a single detection and response platform that centralizes behavior analysis...

January 19, 2022 / 3 minute read

Employee Spotlight: On Becoming a Defender at Cybereason

"My focus is on our North American partners - I empower them to provide a solution that gives their customers the desired outcomes and protect their environments, companies, and livelihoods..."

January 19, 2022 / 4 minute read

Webinar February 3rd 2022: Live Attack Simulation - Ransomware Threat Hunter Series

Understand how mature security teams effectively counter modern ransomware operations and avoid a system-wide takeover by bad actors - all delivered through a step-by-step walkthrough of an attack...

January 19, 2022 / 1 minute read

Malicious Life Podcast: The Mystery of Cicada 3301

A cryptic message posted on 4Chan in January 2012 started thousands of crypto-lovers competing to be the first to crack the puzzles created by the mysterious Cicada 3301. Who is Cicada3301, and what are their goals? Check it out...

January 18, 2022 /

Cybereason Launches  ‘Pay As You Grow’ Program to Nurture Managed Security Services Partners

The PAYG program for Managed Security Services Providers (MSSPs) provides the most trusted solution providers with financial flexibility to increase their margins and profitability...

January 18, 2022 / 1 minute read

New Year, Same Old Microsoft Issues

The New Year is a clean slate and an opportunity to be better than the year before, but Microsoft kicked off 2022 with 97 new security updates, including 6 zero-day vulnerabilities.

January 14, 2022 / 2 minute read

Ukraine Government and Embassy Websites Attacked

Government and embassy websites in Ukraine were defaced in a broad attack that could lead to an escalation of tension as Russia continues to mass military power on the border.

January 14, 2022 / 2 minute read

The MalOp Severity Score: Because Every Second Counts

Cybereason MDR leverages a technology called the MalOp Severity Score (MOSS), which enables security teams conduct lightning-quick triage and remediation...

January 14, 2022 / 2 minute read

CISO Stories Podcast: Privacy Hunger Games - Change the Rules

Organization's may be leaking information without proper procedures in place - CCO/CPO Samantha Thomas explains how she changed this and the law in the process - check it out...

January 13, 2022 /

Employee Spotlight: On Defending Clients and Promoting Growth

There’s a real community here. We’re all working toward a common goal and with a shared mission: to help businesses stop being targets, to help people do business without getting hacked or falling victim to ransomware...

January 13, 2022 / 4 minute read

Achieve 10X Faster Response Time with Cybereason XDR

Cybereason XDR delivers an operation-centric approach to security that enables analysts of all skill levels to quickly understand an attack without crafting complicated queries...

January 12, 2022 / 3 minute read

What Are the Differences Between EDR, MDR and XDR?

Shortcomings in traditional tools explain why XDR is generating a lot of buzz - it extends the capabilities of EDR beyond endpoints to an organization’s cloud workloads, application suites, and user personas...

January 12, 2022 / 4 minute read

Threat Analysis Report: DatopLoader Exploits ProxyShell to Deliver QBOT and Cobalt Strike

After exploitation of ProxyShell, attackers used Exchange to distribute phishing emails with the QBot payload and DatopLoader, a loader previously used to distribute the Cobalt Strike malware...

January 11, 2022 / 10 minute read

The State of Ransomware in the Public Sector

Things escalated even further in June of 2021, when public sector entities experienced 10 times as many ransomware attempts as organizations in other sectors, an increase of 917% year over year...

January 11, 2022 / 3 minute read

FBI Warns US Companies to Avoid Malicious USB Devices

The FBI issued a warning following a string of attacks allegedly by the FIN7 cybercrime group involving sending malicious USB thumb drives to targets...

January 10, 2022 / 3 minute read

Malicious Life Podcast: How the Internet Changed the NSA

Jeff Man was one of the first people at the NSA to make the transition from hardware to software, and he shares with us his experiences from that period - check it out…

January 10, 2022 /

Building Enterprise Immunity with XDR

Robust protection mechanisms are not as binary as saying “good file” and “bad file” or “good user” and “bad user.” You must understand the interactions between malicious actors (or even suspicious actors) and your environment...

January 10, 2022 / 2 minute read

Cybereason XDR: 10X Productivity Boost From Unified Investigations

Explore two common attacks that illustrate the benefit of the Cybereason operation-centric approach: A 10X productivity boost from unified investigations...

January 7, 2022 / 3 minute read

CISO Stories Podcast: Server Room to War Room - Enterprise Incident Response

Dawn-Marie Hutchinson, CISO at BAT, has navigated organizations during crises with a “play like you practice” Incident Response approach - check it out...

January 6, 2022 /

Automating the “R” in Your XDR Strategy

Advanced XDR doesn’t rely on a flood of non-contextual threat alerts from across disparate assets, but instead delivers deep context and correlations between assets to detect sooner and automates responses to mitigate faster...

January 5, 2022 / 5 minute read