FEATURED

Malicious Life Podcast: How to NOT Build a Cybersecurity Startup

When it was founded in 2011, Norse Corp. had everything going for it, but the startup blew up in smoke less than six years later. Malicious Life explores what went so horribly wrong.   Read More

Latest Posts

Malicious Life Podcast: Jailbreaking Tractors

An Australian white hat hacker demonstrated how easily hackers can take over farming equipment and the risks this creates for global food supplies.

November 28, 2022 /

The Russian Business Network

Find out how the Russian Business Network, a once legitimate ISP, became the largest player in the Russian cybercrime world and a key component of Putin's attacks on democracy and misinformation campaigns in this episode of the Malicious Life podcast.

November 25, 2022 /

What Can Chess Grandmasters Teach Us About Cyber

Find out what cybersecurity professionals can learn from MMA wrestlers and Chess Grand Champions about peak performance in this episode of Malicious Life, featuring Chris Cochran and Ron Eddings, the co-founders of Hacker Valley Media.

November 24, 2022 /

THREAT ALERT: Aggressive Qakbot Campaign and the Black Basta Ransomware Group Targeting U.S. Companies

This threat alert describes an aggressive new attack campaign operated by the Black Basta ransomware group. The fast-moving campaign is targeting U.S. companies, and in many cases, is causing serious damage to their IT infrastructures.

November 23, 2022 / 11 minute read

Malicious Life Podcast: What Would Happen If CBS Got Hacked?

Information security executives explain how media companies can be hacked and why we, as consumers, should care in this Malicious Life BSide podcast.

November 22, 2022 /

Malicious Life Podcast: LabMD vs. The FTC

One day in 2008, Michael Daugherty got a call from cybersecurity company TiVera, saying private medical data of some 9000 LabMD patients had been discovered online. When Michael refused to pay for TiVersa's hefty "consultation fee", a ten-year legal battle began that led to the demise of LabMD, but also cost the FTC dearly.

November 18, 2022 /

See All Posts
Newsletter

Never miss a blog.

Get the latest research, expert insights, and security industry news...

Subscribe Here!

Latest Videos

THREAT ALERT: Inside the Redeemer 2.0 Ransomware

A new and improved Redeemer 2.0 ransomware version was released on an underground forum and is described by the developers as a “C++ no dependency ransomware with no privacy intrusions” targeting the Windows OS with support for Windows 11 systems...

August 19, 2022

Improving SOC Workflows with Cybereason Role-Based Incident Response

The Cybereason Defense Platform offers multi-tenancy capabilities to enable SOC teams to divide workflows based on roles...

May 27, 2022

Cybereason vs. Quantum Locker Ransomware

The AI-driven Cybereason XDR Platform detects and blocks MountLocker ransomware which launched back in September 2020. Since then, the attackers have rebranded the operation as AstroLocker, XingLocker, and now in its current phase, the Quantum Locker...

May 9, 2022

Cybereason XDR: Intelligence-Driven Hunting and Investigation

Threat intelligence is transparently integrated into every aspect of the AI-driven Cybereason XDR Platform to enable Threat Hunting for behavioral TTPs...

March 9, 2022

More Videos

All Posts

Malicious Life Podcast: How to NOT Build a Cybersecurity Startup

When it was founded in 2011, Norse Corp. had everything going for it, but the startup blew up in smoke less than six years later. Malicious Life explores what went so horribly wrong.

November 29, 2022 /

Malicious Life Podcast: Jailbreaking Tractors

An Australian white hat hacker demonstrated how easily hackers can take over farming equipment and the risks this creates for global food supplies.

November 28, 2022 /

The Russian Business Network

Find out how the Russian Business Network, a once legitimate ISP, became the largest player in the Russian cybercrime world and a key component of Putin's attacks on democracy and misinformation campaigns in this episode of the Malicious Life podcast.

November 25, 2022 /

What Can Chess Grandmasters Teach Us About Cyber

Find out what cybersecurity professionals can learn from MMA wrestlers and Chess Grand Champions about peak performance in this episode of Malicious Life, featuring Chris Cochran and Ron Eddings, the co-founders of Hacker Valley Media.

November 24, 2022 /

THREAT ALERT: Aggressive Qakbot Campaign and the Black Basta Ransomware Group Targeting U.S. Companies

This threat alert describes an aggressive new attack campaign operated by the Black Basta ransomware group. The fast-moving campaign is targeting U.S. companies, and in many cases, is causing serious damage to their IT infrastructures.

November 23, 2022 / 11 minute read

Malicious Life Podcast: What Would Happen If CBS Got Hacked?

Information security executives explain how media companies can be hacked and why we, as consumers, should care in this Malicious Life BSide podcast.

November 22, 2022 /

Malicious Life Podcast: LabMD vs. The FTC

One day in 2008, Michael Daugherty got a call from cybersecurity company TiVera, saying private medical data of some 9000 LabMD patients had been discovered online. When Michael refused to pay for TiVersa's hefty "consultation fee", a ten-year legal battle began that led to the demise of LabMD, but also cost the FTC dearly.

November 18, 2022 /

Holiday, Weekend Ransomware Attacks Continue to Hit Companies Hard

Traditional Monday through Friday staffing models are out of step with cyber threats and leave companies vulnerable on weekends and holidays, according to the results of a recent survey from Cybereason.

November 16, 2022 / 5 minute read

NGAV Redefined: 9 Layers of Unparalleled Attack Protection

Cybereason NGAV combines 9 independent yet complimentary prevention layers ensuring that your business achieves its goals and bad actors don’t.

November 14, 2022 / 15 minute read

A Message to All Defenders This Veterans Day

Veterans have made, and continue to make, outstanding contributions to cybersecurity. With cybersecurity playing an increasingly important role in national security, Cybereason extends its gratitude to all Defenders.

November 11, 2022 / 2 minute read

Machine Timeline Enhancements Improve Investigation Workflows

Cybereason has released a series of enhancements in the Machine Timeline feature (formerly known as Process Timeline) to improve investigation workflows.

November 1, 2022 / 2 minute read

THREAT ANALYSIS REPORT: DLL Side-Loading Widely (Ab)Used

This Threat Analysis Report explores widely used DLL Side-Loading attack techniques, outlines how threat actors leverage these techniques, describes how to reproduce an attack, and reports on how defenders can detect and prevent these attacks...

October 26, 2022 / 13 minute read

Cybereason Announces Organizational Updates

I am grateful for your resilience, your fight, and your willingness to join me in our ongoing work to reverse the adversary advantage. Together, we are building a strong company that is helping our customers as they face unprecedented cyber challenges.

October 26, 2022 / 2 minute read

Operationalizing MITRE ATT&CK: A New Wave is Here

The Tidal Platform makes it efficient to research adversary techniques using MITRE ATT&CK, and now Cybereason has joined the Tidal Product Registry to deliver a visual view of our out-of-the-box detection capabilities...

October 19, 2022 / 2 minute read

Malicious Life Podcast: Hacking Stock Markets Part 2

Financial markets make good targets for criminals - after all, that's where the big money is. Surprisingly, many of these criminals are not your run-of-the-mill black hat hacker, but brokers registered with the SEC: genuine finance industry professionals – check it out...

October 18, 2022 /

Telcos: The Supply Chain Attack You're Not Ready For

The potential impact from cyberattacks can be very far reaching–not just for the compromised Telcos, but also for their vast customer base whose data is also at risk...

October 18, 2022 / 3 minute read

Indicators of Behavior and the Diminishing Value of IOCs

IOBs describe the subtle chains of malicious activity derived from correlating enriched telemetry from across all network assets - but unlike backward-looking IOCs, IOBs offer a proactive means to leverage real-time telemetry to identify attack activity earlier, and they offer more longevity value than IOCs...

October 12, 2022 / 4 minute read

Why NGAV Displaced Traditional Antivirus Tools

NGAV can work to prevent the early stages of a ransomware attack that precede the delivery of the ransomware payload, and offers further protection by also assuring that payload is not detonated on the target machine in the case where the first stages of the attack were not detected...

October 11, 2022 / 4 minute read

Malicious Life Podcast: Vishing Voice Scams

Rachel Tobac is a hacker and CEO of SocialProof Security, where she helps people and companies keep their data safe by training and pentesting them on social engineering threats like Vishing and the many psychological tricks attackers employ to hack people – check it out...

October 11, 2022 /

Cybersecurity Accountability Regulation? Your Opinion Matters…

CISOs and CSOs are already on the hook and are the first ones to take the fall for breaches regardless of whether they fought for additional investments in people, processes, and technology. But what about accountability for the C-Suite and BOD?

October 6, 2022 / 1 minute read

Ten Ways to Make Your Security Operations More Efficient

Here are Cybereason's 10 Ways to Make Your Security Operations More Efficient and Effective...

October 6, 2022 / 4 minute read

Container Escape: All You Need is Cap (Capabilities)

Container Escape is considered the 'Holy Grail' of the container attack world - it allows an attacker to escape from a container to the underlying host, and by doing so the attacker can move laterally to other containers from the host or perform actions on the host itself...

October 5, 2022 / 9 minute read

Leveraging Indicators of Behavior for Early Detection

The key to early detection of advanced operations such as the SolarWinds attacks is in leveraging Indicators of Behavior (IOBs) to level-up to a more efficient and effective Operation-Centric approach to detecting the whole of an attack as opposed to responding to individual, uncorrelated alerts...

October 5, 2022 / 4 minute read

Blue Teaming on macOS with eslogger

In this edition of the Blue Team Chronicles, we assess the capabilities of eslogger, a new built-in macOS tool, and show how defenders can use this tool to better understand malicious activities on macOS and build new detection approaches...

October 4, 2022 / 8 minute read

Malicious Life Podcast: Hacking Stock Markets Part 1

Some stock traders are willing to go to great lengths to get information before anyone else, even hacking into trading technologies to gain an unfair advantage and make a fortune along the way–check it out...

October 4, 2022 /

THREAT ALERT: ProxyNotShell - Two Critical Vulnerabilities Affecting MS Exchange

The Cybereason GSOC Managed Detection and Response (MDR) Team is investigating incidents that involve exploitation of the critical Microsoft Exchange vulnerabilities (CVE-2022–41040 and CVE-2022–41082) dubbed ProxyNotShell after finding them being exploited in the wild...

October 3, 2022 / 5 minute read

A Guide to More Efficient and Effective SOC Teams

Cybereason has released a new white paper, Eliminate Alert Fatigue: A Guide to More Efficient and Effective SOC Teams...

October 3, 2022 / 1 minute read

Malicious Life Wins Big at the 17th Annual People's Choice Podcast Awards

The Malicious Life Podcast Team is excited to announce that we won the This Week in Tech Technology Category honor at the 17th Annual People's Choice Podcast Awards...

October 3, 2022 / 1 minute read

Webinar October 18th 2022: The True Cost of Ransomware - Evaluating Risk and How to Avoid Attacks

In this webinar, Cybereason CSO Sam Curry is joined by Cody Queen to dig into the data from the Ransomware: The True Cost to Business 2022 report and how to quantify the true cost to business of ransomware attacks and what cybersecurity leaders can do to mitigate against them...

September 30, 2022 / 1 minute read

Cloud Authentication: A Guide to Choosing the Right Solution

Authentication is one of the main elements of a cloud application, as it provides the ability to control access to your application. Need to pick an authentication solution and don't know where to start? This write-up will guide you in choosing an authentication solution that will suit your needs...

September 29, 2022 / 5 minute read

Webinar October 13th 2022: Ten Considerations for More Efficient Security

Join us on October 13th to hear from-the-field tips on how to create world-class efficiencies, including ways to find efficiencies within your tech stack, tips on how to recruit and manage a successful team, practical tips any team can take to reduce event burden, how the Cybereason Defense Platform can create a 10x boost in efficiencies and more...

September 29, 2022 / 1 minute read

Malicious Life Podcast: What It’s Like to Fight LulzSec

As their name implies, LulzSec was known for trolling their victims:, and while their childish behavior might have fooled some people into thinking that LulzSec was harmless, the story you’re about to hear will show they were anything but – check it out...

September 28, 2022 /

White Paper: Operation-Centric Security - Leveraging Indicators of Behavior for Early Detection

This paper details the Operation-Centric approach and how it can foster earlier detections based on Indicators of Behavior that empowers security operations to dynamically adapt and predictively respond more swiftly than attackers can modify their tactics to circumvent defenses...

September 27, 2022 / 1 minute read

Defending Against Supply Chain and Ransomware Attacks

Attacks on organizations that originate from third-party partners and service providers are expected to rise in the coming years as attackers look for weak links in software supply chains in an effort to “attack one to attack all..."

September 27, 2022 / 4 minute read

Cybereason Announces Private Infrastructure Protection Version 21.2

The release of Cybereason Private Infrastructure Protection v. 21.2 includes security hardening improvements, new features and improvements to existing features...

September 26, 2022 / 3 minute read

Next Generation Antivirus Prevention Redefined

Traditional antivirus tools from legacy vendors spot the easy stuff but struggle to prevent novel threats from causing damage. That is why Cybereason is announcing its latest prevention technologies to detect and block all threats from commodity malware to the never before seen...

September 22, 2022 / 1 minute read

How XDR Reduces the Total Cost of Security Operations

AI-driven XDR solution unifies telemetry analysis to optimize efficacy, improves operational efficiency at scale, and eliminates detection blind spots by generating deeply contextual correlations from endpoints, identity management, workspaces, application suites, the cloud and more...

September 21, 2022 / 3 minute read

Webinar October 26th 2022: NGAV Redefined

In this webinar we will hear from Cybereason CTO and co-founder Yonatan Striem-Amit about how threats are changing; Tim Amey, Field CTO about how Cybereason prevention layers stop malware in its tracks; and Cody Queen, Product Marketing Manager share the latest prevention tools developed by Cybereason to stop the most novel attack techniques...

September 21, 2022 / 1 minute read

Cyber Defenders Council: Is it Time for Cybersecurity Regulation?

The report showcases best practices that Council members have used to align business executives around a common understanding of cyber risk and also explores a potentially controversial solution to the business-cybersecurity alignment gap: cybersecurity accountability regulation...

September 20, 2022 / 2 minute read

Preparing Your Organization for a Ransomware Attack

You cannot defend against RansomOps in traditional ways because it’s not a traditional threat, and a focus on detecting the ransomware executable alone is risky because that is the tail-end of a longer attack sequence, where the adversary already has unfettered access to your network...

September 20, 2022 / 4 minute read

Workforce Challenges are Here to Stay: Time to Think about MDR

The worst of the COVID-19 pandemic may be behind us, but its impact on the global cybersecurity workforce will force many enterprises to consider Managed Detection and Response (MDR) services...

September 20, 2022 / 2 minute read

Malicious Life Podcast: King Kimble - Kim DotCom

The US government says that Kim Schmitz, better known as Kim DotCom, is the leader of a file sharing crime ring. He sees himself as an internet freedom fighter: a fugitive on the run from vindictive overly-powerful governments. Can King Kimble escape the wrath of the USA? Check it out...

September 19, 2022 /

Ransomware Head to Head: Don't Follow the CRWD

When ransomware threatens to shut down your business, the most critical measures of success is the ability to detect malicious activity in real time...

September 15, 2022 / 4 minute read

THREAT ANALYSIS REPORT: Abusing Notepad++ Plugins for Evasion and Persistence

Cybereason GSOC team analysts have analyzed a specific technique that abuses Notepad++ plugins to evade security mechanisms, achieve persistence and deploy backdoors on targeted machines...

September 14, 2022 / 4 minute read

AI/ML as a Security Team Force Multiplier

AI/ML is critical to automatically analyzing telemetry and correlating it at a rate of millions of events per second. Instead of manually querying data, analysts can spend more time acting on the insights produced by an AI/ML solution across disparate assets on the network...

September 14, 2022 / 4 minute read

Reimagining the SOC: A Lesson From the Military on 9/11

To sustain the fight against a decentralized global enemy in cyberspace, the modern SOC must engage in a change management experiment to become more agile.

September 14, 2022 / 5 minute read

Leveraging XDR for Cloud Workload Protection

An XDR solution for Cloud Workloads is ideal for hybrid, multi-cloud and containers to secure all of an organization's cloud-based assets, including microservices-oriented and serverless architectures...

September 14, 2022 / 4 minute read

Malicious Life Podcast: Hacking Multi-Factor Authentication

Multi-Factor Authentication (MFA) is usually considered a better solution for authentication – but Roger Grimes, a veteran security professional and a Data-Driven Defense Evangelist claims that the sense of security current MFA solutions provide us is false - check it out...

September 13, 2022 /

THREAT ANALYSIS REPORT: PlugX RAT Loader Evolution

PlugX is a post-exploitation modular RAT (Remote Access Trojan), which is known for its multiple functionalities such as data exfiltration, keystroke grabbing, backdoor functionality, and utilizing DLL-Sideloading techniques for evading security solutions...

September 8, 2022 / 10 minute read

The Cybereason Approach to Sensor Tamper Protection

Cybereason leverages two distinct paths to protect deployed sensors in a customer environment: Self Protection and Intelligent/Proactive Protection...

September 7, 2022 / 2 minute read

How XDR Solves Key Challenges Facing Security Teams

With an AI-driven XDR solution, finding one component and being able to quickly ascertain relevant chains of potentially malicious behavior allows Defenders to see the entire operation from the root cause across every impacted user, device, and application...

September 7, 2022 / 5 minute read

Malicious Life Podcast: Hacking Language Models

Language models are everywhere today, and most interestingly they are available via several experiential projects trying to emulate natural conversations such as OpenAI’s GPT-3 and Google’s LaMDA. Can these models be hacked to gain access to the sensitive information they learned from their training data? Check it out...

September 6, 2022 /

RansomOps vs. Extended Detection and Response

RansomOps describes the entire multi-stage ransomware operation with an ensemble of players who contribute to these highly targeted attacks from initial ingress to lateral movement in the network to delivery of the final encryption payload...

September 6, 2022 / 6 minute read

Attack on Montenegro Further Evidence of Nation-State and Cybercriminal Crossover

Given the reckless attacks on Montenegro, all nations should be on high alert regardless of how close they are geographically or politically to the Ukrainian-Russian conflict. Why else would reports surface that the FBI rushed a team of cybersecurity experts to Montenegro if there wasn't a clear indication of Russian involvement?

September 1, 2022 / 2 minute read

THREAT ANALYSIS REPORT: Ragnar Locker Ransomware Targeting the Energy Sector

Ragnar Locker is a ransomware family with security evasion capabilities which is targeting the energy sector and recently claimed to have breached DESFA, a Greek pipeline company...

September 1, 2022 / 8 minute read

Malicious Life Podcast: Software Bill of Materials (SBOM)

In May 2021, following the SolarWinds and the Colonial Pipeline attacks, the Biden administration published a presidential Executive Order mandating the use of SBOMs - Software Bill of Materials - in all government agencies. What are SBOMs and how useful are they in cybersecurity? Nate Nelson talks to two experts: Allan Friedman (CISA) and Chris Blask (Cybeats) - check it out...

August 31, 2022 /

The Importance of Actionable Threat Intelligence

The challenge with threat hunting is the fidelity of the detections. How does a threat analyst have trust in the tools they use–and of course, if they don’t trust them, then how long does it take them to verify manually?

August 31, 2022 / 6 minute read

Webinar Thursday September 8th 2022: Ransomware Impact on Incident Response Strategies

Over the last five years ransomware operations evolved both in capabilities and the degree of organizational structure behind it. In this webinar, we’ll cover the changes, what they mean and how cybersecurity strategies need to adapt to match this changing threat. But most importantly, have we learned from our past mistakes?

August 30, 2022 / 1 minute read

Hackers vs. Attackers: It’s Not Always Black and White

Fire – good or bad? What about the internet? Taxes? Technology? If your answer is, “it depends,” you’re right, of course. And it’s the same for those with keen hacking skills - it all depends on how they are used...

August 30, 2022 / 4 minute read

Cybereason MDR: Fast, Efficient, Effective

The MalOp Severity Score and Extended Response enable threat detection in less than 1 minute, triage in less than 5 minutes, and remediation in less than 30 minutes. ..

August 25, 2022 / 3 minute read

THREAT ALERT: HavanaCrypt Ransomware Masquerading as Google Update

First observed in June 2022 in the wild, HavanaCrypt Ransomware masquerades as a legitimate Google Chrome update with sophisticated anti-analysis techniques and other functionality that may be used for data exfiltration and privilege escalation...

August 22, 2022 / 5 minute read

Malicious Life Podcast: Leo Kuvayev– The Czar of Spammers

A ruthless person for whom the end truly justifies the means, Leo Kuvayev was very successful as a cybercriminal. But even a genius criminal can go just one step too far - check it out...

August 22, 2022 /

THREAT ALERT: Inside the Redeemer 2.0 Ransomware

A new and improved Redeemer 2.0 ransomware version was released on an underground forum and is described by the developers as a “C++ no dependency ransomware with no privacy intrusions” targeting the Windows OS with support for Windows 11 systems...

August 19, 2022 / 2 minute read

THREAT ANALYSIS REPORT: Bumblebee Loader – The High Road to Enterprise Domain Control

Cybereason GSOC observed distribution of the Bumblebee Loader and post-exploitation activities including privilege escalation, reconnaissance and credential theft. Bumblebee operators use the Cobalt Strike framework throughout the attack and abuse credentials for privilege escalation to access Active Directory, as well as abusing a domain administrator account to move laterally, create local user accounts and exfiltrate data...

August 17, 2022 / 10 minute read

Why Detection Efficacy Should Be in Your Top Metrics

Next time you are looking at an alert, how confident are you in what you are seeing? 20%, 40%, 70%? If that figure isn’t high enough, you will always need to ask a human to validate it, and this operational inefficiency prevents us from being able to scale along with the threats...

August 16, 2022 / 4 minute read

Malicious Life Podcast: A CISO's Nightmare - Israel Baron on Railway Security

Railway systems are a mess of old systems built on top of older systems, running ancient operating systems. Why are railway systems so difficult to defend, and what are the most probable attack vectors against them? Israel Railway's first ever CISO discusses why - check it out...

August 15, 2022 /

Webinar August 25th 2022: Leveraging MITRE ATT&CK to Bolster Your Security

The MITRE ATT&CK Framework is one of the most powerful resources security practitioners can use to develop robust defenses against adversaries. This webinar is designed to show you how you can take the framework and build more powerful defenses without requiring decades of cybersecurity experience...

August 15, 2022 / 1 minute read

Introducing Cybereason MDR Mobile App: The Power of the SOC at Your Fingertips

With anytime, anywhere access to the Cybereason Defense Platform UI, the new Cybereason MDR Mobile App allows Defenders to gain speed and efficiency in responding to malicious operations (MalOps) with around-the-clock remediation capabilities and always-available access to the Cybereason Global SOC Team...

August 10, 2022 / 2 minute read

Rundll32: The Infamous Proxy for Executing Malicious Code

In this article we take a deeper dive into an often abused Microsoft-signed tool, the infamous rundll32.exe, which allows adversaries to execute malicious code during their offensive operations through a technique which we explain in detail...

August 9, 2022 / 10 minute read

Malicious Life Podcast: Operation Trojan Shield - Designed by Criminals for Criminals

The Anom was the holy grail of dark, illegal communication: a mobile phone that could send encrypted messages that even included a secret Kill-Switch to foil attempts by law enforcement agents to get to its contents. Thousands of criminals used the Anom, certain that they were completely safe from the police - they were wrong - check it out...

August 8, 2022 /

Four Reasons to Implement an XDR Solution Today

So, you have a lot of visibility into your network and you know it because you have a ton of security alerts coming in - but that’s almost worse than having none if they lack the context and correlations required to really understand the scope of an attack...

August 3, 2022 / 3 minute read

Defending the Retail Sector Against Ransomware Attacks

One in three retailers attacked will pay the ransom, but less than ten percent will receive all their data back, and 80% of victims who pay the ransom end up getting hit with another attack Why are retailers such an attractive target when it comes to ransomware?

August 2, 2022 / 4 minute read

Malicious Life Podcast: Andrew Ginter - A 40-Year-Old Backdoor

Ken Thompson is a legendary computer scientist who also made a seminal contribution to computer security in 1983 when he described a nifty hack that could allow an attacker to plant almost undetectable malicious code inside a C compiler. Surprisingly, it turns out a very similar hack was also used in the SolarWinds attack - check it out...

August 1, 2022 /

Webinar August 11th 2022: Ransomware Labs

With the new Cybereason Ransomware Range experience, you will have the chance to witness first-hand the RansomOps techniques employed by threat groups from initial intrusion, lateral movement, privilege escalation to full network compromise. Most importantly, you’ll see where and how these operations can be predicted, detected, and stopped dead in their tracks...

July 27, 2022 / 1 minute read

Five of the Most Advanced RansomOps Gangs

Ransomware has transformed significantly over the past several years, and it is forcing security to evolve with it. These complex and highly targeted ransomware operations – or RansomOps – seek to infiltrate entire networks in order to extort multi-million dollar ransoms from targets...

July 27, 2022 / 4 minute read

How XDR Can Play a Key Role in Achieving Zero Trust

The first step in the Zero Trust journey begins with removing trust blinders and truly instrumenting, monitoring, and seeing malicious behaviors hiding in plain sight behind trusted identities and applications without disrupting or causing harm to IT and the business–XDR provides this capability...

July 26, 2022 / 4 minute read

Five Steps to Improve Defenses with MITRE ATT&CK

MITRE ATT&CK has become a gold standard in the endpoint security space. Here are 5 steps you can take to improve your defenses...

July 25, 2022 / 2 minute read

Malicious Life Podcast: Silk Road - The Amazon of Drugs Part 2

Silk Road’s success did more than bring the site more sellers and buyers, it also brought it more attention from law enforcement agencies as well as malicious hackers and other shady characters. Some of these shady characters, it turns out, were part of the task force aiming to shut down Silk Road - check it out...

July 25, 2022 /

Ransomware Attacks by the Numbers - and How to Defend Against Them

These complex, low and slow attacks that seek to infiltrate as much of the targeted network as possible before detonating the ransomware payload means the task of successfully defending against RansomOps attack has never been more challenging, and the stakes for organizations are high...

July 20, 2022 / 5 minute read

Cybereason and TruVisor Partner to Protect ASEAN Enterprises from Advanced Cyber Threats

Cybereason and TruVisor today announced a partnership that will protect ASEAN region organizations from sophisticated cyberattacks. As part of the partnership, TruVisor will expand Cybereason’s reach with the region’s top resellers and MSSPs across Southeast Asia...

July 20, 2022 / 2 minute read

Achieving High-Fidelity Detections with XDR

Attackers exploit gaps in visibility and hide in the network seams while security teams struggle to get actionable intelligence from a complex security stack. So where can security teams turn to reduce alert fatigue and increased operational efficacy and efficiency?

July 19, 2022 / 5 minute read

Malicious Life Podcast: Kurtis Minder - Ransomware Negotiations

Your organization was hit by ransomware, and it is now time to negotiate the terms of a deal that will bring back your data and (hopefully) won’t leave the company’s coffers empty. But are you sure you know what you’re doing? Are you certain that you won’t screw up the negotiations and do more harm than good? Check it out...

July 18, 2022 /

Protecting Your Org from Collateral Damage Through Operational Resilience

What would the business do if they are caught in the crossfire of a targeted attack, and key digital processes are taken offline? This starts by recognising what those key digital processes are that the business requires to function, and what dependencies exist behind these processes...

July 14, 2022 / 3 minute read

How an Integrated Approach is Key for Security Operations

XDR provides security teams with comprehensive visibility across the kill chain, all without requiring security analysts and incident response teams to manually investigate a flood of individual alerts. XDR allows security trams to move detection further to the left in the kill chain to reduce dwell time and disrupt attacks earlier in the attack sequence...

July 13, 2022 / 4 minute read

Malicious Life Podcast: Silk Road - The Amazon of Drugs Part 1

Ross Ulbricht always had a thing with testing his limits. He was also an avid libertarian who wanted to change the world. So, in 2010, he came up with the idea to build a truly free market: a website where anybody can buy and sell anything anonymously - including illegal drugs - check it out...

July 12, 2022 /

RansomOps: Not Your Parent’s Ransomware

Ransomware purveyors are moving away from high-volume attacks with low ransom demands in favor of more focused, custom attacks aimed at individual organizations selected for the ability to pay multi-million dollar ransom demands...

July 12, 2022 / 4 minute read

Webinar August 4th 2022: Ransomware Impact on Incident Response Strategies

Over the last five years ransomware operations evolved both in capabilities and the degree of organizational structure behind it. In this webinar, we’ll cover the changes, what they mean and how cybersecurity strategies need to adapt to match this changing threat. But most importantly, have we learned from our past mistakes?

July 8, 2022 / 1 minute read

Everything Cybereason at the Black Hat 2022 Conference!

The Cybereason Team is excited to be part of Black Hat 2022, both virtually and in-person on August 10th and 11th! Be sure to stop by the Cybereason booth #1820 to get a custom printed Cybereason hoodie, a collectible Malicious Life Podcast tee shirt, enjoy deep-dive in-booth theater presentations, demos and more...

July 7, 2022 / 2 minute read

THREAT ANALYSIS REPORT: LockBit 2.0 - All Paths Lead to Ransom

LockBit 2.0 ransomware attackers are constantly evolving and making detection, investigation, and prevention more complex by disabling EDR and other security products and deleting the evidence to stifle forensics attempts...

July 7, 2022 / 16 minute read

THREAT ALERT: Raspberry Robin Worm Abuses Windows Installer and QNAP Devices

Raspberry Robin involves a worm that spreads over USB devices or shared folders, leveraging compromised QNAP (Network Attached Storage or NAS) devices as stagers and an old but still effective method of using “LNK” shortcut files to lure its victims...

July 7, 2022 / 5 minute read

What's New with Ransomware Gangs?

New ransomware gangs have surfaced recently, bringing new techniques with them. As ransomware continues its quick pace of evolution, understanding the risk from complex RansomOps attacks and their impact to the business is key to preventing them...

July 7, 2022 / 5 minute read

Webinar July 21st 2022: Leveraging MITRE ATT&CK to Bolster Your Security Posture

The MITRE ATT&CK Framework is one of the most powerful resources security practitioners can use to develop robust defenses against adversaries. This webinar is designed to show you how you can take the framework and build more powerful defenses without requiring decades of cybersecurity experience...

July 7, 2022 / 1 minute read

Malicious Life Wins Best Security Vendor Podcast

Cybereason is thrilled to announce that Malicious Life won best Security Vendor Podcast at the 2022 European Security Bloggers Network Awards during the Infosecurity Europe Conference...

July 6, 2022 / 1 minute read

Accelerate Investigations with the New Cybereason Process Timeline Feature

The Cybereason Process Timeline view provides threat hunters with a unified timeline of events and full visibility of activity that happened on the endpoint...

July 6, 2022 / 2 minute read

Malicious Life Podcast: Jacob Goldstein on the Future Of BitCoin

Will Bitcoin and the other cryptocurrencies be able to replace money as we know it today? Will governments embrace a future where they have no control over their currencies? Jacob Goldstein (Planet Money, What's Your Problem) talks to Nate Nelson about what the future holds for Bitcoin - check it out...

July 5, 2022 /

Security Telemetry Evolution: The Year of the In-Memory Graph?

The volume of cybersecurity telemetry generated continues to explode, but so much of it is proprietary there is really no way to make all that telemetry meaningful and make decisions based on it - until now...

June 30, 2022 / 3 minute read

Not All XDR is Created Equal

With so many XDR solutions available on the market today, organizations need to be careful about which one they choose. That’s because not all XDR platforms are created equal or deliver the same type of value - here's how to sort it all out...

June 29, 2022 / 4 minute read

What are the Legal Implications from a Ransomware Attack?

There are a variety of factors and risks which must be considered when deciding whether to pay a ransom, and organizations will need to be able to establish some level of attribution to know if the threat actor is subject to sanctions levied against specific nations...

June 28, 2022 / 6 minute read

Malicious Life Podcast: The Cypherpunks Who Invented Private Digital Money

Years before credit card transactions gave banks and data-brokers free access to our private financial information, a man named David Chaum became the first person to really, materially grapple with the problem of privacy in money. His ideas inspired a movement of "Crypto Anarchists" who aspired to change money forever - check it out...

June 27, 2022 /

Webinar July 14th 2022: Ransomware Labs

With the new Cybereason Ransomware Range experience, you will have the chance to witness first-hand the RansomOps techniques employed by threat groups from initial intrusion, lateral movement, privilege escalation to full network compromise. Most importantly, you’ll see where and how these operations can be predicted, detected, and stopped dead in their tracks...

June 27, 2022 / 1 minute read

Cybereason vs. Black Basta Ransomware

In just two months, Black Basta has added nearly 50 victims to their list, making them one of the more prominent ransomware gangs. The attackers infiltrate and move laterally throughout the network in a fully-developed RansomOps attack. The Cybereason Nocturnus Team assesses the threat level as HIGH SEVERITY given the destructive potential of the attacks...

June 24, 2022 / 6 minute read

THREAT ALERT: Follina/MSDT Microsoft Office Vulnerability

A Microsoft Office code execution vulnerability dubbed “Follina” allows delivery of malware without needing the victim to allow macro execution and is very likely to be mass-exploited. The Cybereason Defense Platform detects and prevents the exploitation of Follina and enables effective hunting of this vulnerability...

June 22, 2022 / 3 minute read

Malicious Life Podcast: Celebrating Five Years of Malicious Life

This special Malicious Live Ask Us Anything event celebrates the 5 year anniversary of the show: How did Malicious Life come to be? How do we choose the stories we tell? Who was Ran's most memorable guest? And why does Nate keep inserting weird names into the scripts? Check it out…

June 21, 2022 /

Cybereason CEO Lior Div Named 2022 EY ‘Entrepreneur of the Year’ for New England

Cybereason CEO Lior Div has been named Ernst & Young Entrepreneur Of The Year® 2022 for New England, one of the preeminent business awards for entrepreneurs and leaders of high-growth companies...

June 21, 2022 / 2 minute read

Malicious Life Podcast: Hackers vs. Spies - The Stratfor Leaks Part 2

Hector - better known as Sabu, the ringleader of the LulzSec hacking group - knew the FBI was on to him. But it turned out that of all the people who broke or disregarded the law in this particular story, only one man had a reason to be worried: Jeremy Hammond - check it out…

June 17, 2022 /

How AI-Driven XDR Defeats Ransomware

Security teams shouldn’t need to manually triage and investigate disparate alerts from an array of solutions–they need to focus on shutting down a ransomware campaign as quickly as possible...

June 15, 2022 / 4 minute read

Defending Against the Five Stages of a Ransomware Attack

To defend against the latest threats, it is necessary to understand the scope of ransomware attacks in general and how they unfold so proactive anti-ransomware strategies can be adopted to better protect organizations from being victimized...

June 14, 2022 / 5 minute read

Malicious Life Podcast: Hackers vs. Spies - The Stratfor Leaks Part 1

George Friedman and Jeremy Hammond are two very different people: the former is a capitalist middleman, the latter an anarchist-communist hacker. A spy and a hacker; but in certain respects, they’re actually quite similar in what lines they are willing to cross to get to their goal - check it out…

June 13, 2022 /

Report: Ransomware Attacks and the True Cost to Business 2022

The study once again finds that ‘it doesn’t pay-to-pay’ a ransom demand, as 80% of organizations that paid were hit by ransomware a second time, with 68% saying the second attack came in less than a month with threat actors demanding a higher ransom amount...

June 7, 2022 / 2 minute read

Webinar June 30th 2022: Live Attack Simulation - Ransomware Threat Hunter Series

Learn how mature security teams effectively counter modern ransomware operations (RansomOps) and avoid a system-wide takeover by bad actors - all delivered through a step-by-step walkthrough of a ransomware attack...

June 3, 2022 / 1 minute read

Latest SOC Survey Anticipates Shift Toward MDR and XDR

The challenges faced by SOCs—workforce shortages, lack of visibility, tool sprawl and alert overload—will likely result in increased adoption of Managed Detection and Response (MDR) services and and Extended Detection and Response (XDR) solutions...

June 2, 2022 / 3 minute read

How to Choose the Right Endpoint Sensor

Like EDR solutions, not all endpoint sensors are created equal. The Cybereason Sensor is lightweight, low impact, universally deployable, and offers the deepest visibility of any sensor in the endpoint market...

June 1, 2022 / 5 minute read

Spear Phishing: A Technical Case Study for XDR

Unlike more traditional tools, an XDR solution cuts through the noise to deliver efficiency through context-rich correlations that leverage all of an organizations’ security telemetry from across disparate sources to quickly answer the question "are we under attack?"

June 1, 2022 / 5 minute read

Malicious Life Podcast: Catching A Cybercriminal

AbdelKader Cornelius, a German Threat Researcher and an expert on the cybercrime ecosystem, shares a story about how he helped German police put a sophisticated cybercriminal behind bars by uncovering tiny mistakes the hacker made in the past. - check it out…

May 31, 2022 /

Webinar June 23rd 2022: Live Attack Simulation - XDR vs. Modern Ransomware

Join us for an examination of what a modern ransomware attack chain looks like and how an XDR solution can be leveraged to detect and stop complex ransomware attacks at the earliest stages, long before the actual ransomware payload is delivered...

May 31, 2022 / 1 minute read

Improving SOC Workflows with Cybereason Role-Based Incident Response

The Cybereason Defense Platform offers multi-tenancy capabilities to enable SOC teams to divide workflows based on roles...

May 27, 2022 / 1 minute read

Defend Forward in the Private Sector

Proactive deterrence strategies like Defend Forward are increasingly urgent for the private-sector as they struggle to safeguard intellectual property against nation-state cyber espionage and protect their businesses from cybercrime-driven ransomware attacks...

May 26, 2022 / 2 minute read

Cybereason Taps Osamu Yamano as President of Japanese Operations

The Cybereason Team is really excited to welcome Osamu Yamano as President of Cybereason Japan. Yamano will oversee the company’s operations in the region and will be responsible for expanding Cybereason business opportunities...

May 26, 2022 / 2 minute read

Securing Your Organization’s Digital Transformation with XDR

To Defend Forward means aggressively collecting intelligence about adversaries’ tactics and strengthening proactive resiliency across the organization to make it more costly for adversaries to achieve their objectives...

May 25, 2022 / 4 minute read

Cybereason Improves Investigation, Enhances Protection and Infrastructure Management

The latest release of the Cybereason Defense Platform significantly improves investigation, enhances protection and infrastructure management...

May 25, 2022 / 3 minute read

Malicious Life Podcast: What The LinkedIn Hack Taught Us About Storing Passwords

An anonymous hacker posted a list of 6.5 Million encrypted passwords for LinkedIn users on a Russian forum. These passwords were hashed using an outdated and vulnerable hashing algorithm and were also unsalted. Lawsuits followed shortly… can we trust big organizations to keep our secrets safe? Check it out…

May 24, 2022 /

Targeted by Ransomware? Here are Three Things to Do Straight Away

The only way organizations can successfully defend against ransomware and RansomOps attacks is to be able to detect them early and end them before any data exfiltration or encryption of critical files and systems can take place...

May 24, 2022 / 4 minute read

Defend Forward

Cybereason CEO Lior Div talks about the inaugural report from the Cyber Defenders Council and why the principles of Defend Forward are important for cybersecurity...

May 23, 2022 / 2 minute read

Ransomware: What’s in a Name?

We continue to use the same name to describe a problem that has evolved over time and is significantly more complex today. Many are really unprepared to counter the threat as it exists today...

May 18, 2022 / 3 minute read

Cyber Defenders Council Report: Defend Forward - A Proactive Model for Cyber Deterrence

The Cyber Defenders Council is an independent group of preeminent cybersecurity leaders from public and private sector organizations around the world with the mission to adapt Defend Forward deterrence concepts for the private sector - read the inaugural report here...

May 17, 2022 / 1 minute read

Malicious Life Podcast: Inside Operation CuckooBees

We delve into a recently discovered cyber-espionage campaign targeting the Defense, Energy, Aerospace, Biotech and Pharma industries conducted by the Winnti Group (APT 41, BARIUM, and Blackfly) - a Chinese state-sponsored APT group known for its stealth and sophistication...

May 17, 2022 /

Cybereason Named to CNBC 2022 Disruptor 50 List for Second Consecutive Year

Cybereason has been named to the exclusive 10th Annual CNBC Disruptor 50 list of the most disruptive private global companies, joining other esteemed rapid-growth companies including Canva, Blockchain.com, Stripe, Chime and more...

May 17, 2022 / 1 minute read

Cybereason Named Overall Leader in 2022 KuppingerCole Leadership Compass

Cybereason named an Overall Leader in the 2022 KuppingerCole Leadership Compass for vendors in the Endpoint Protection, Detection & Response (EPDR) market...

May 16, 2022 / 2 minute read

Achieve Faster, More Accurate Response with Cybereason Threat Intelligence

Here's a look at the many ways Cybereason Threat Intelligence tells the difference between benign and malicious activity to keep your security team focused...

May 16, 2022 / 4 minute read

Webinar June 2nd 2022: Live Attack Simulation - Ransomware Threat Hunter Series

Learn how mature security teams effectively counter modern ransomware operations (RansomOps) and avoid a system-wide takeover by bad actors - all delivered through a step-by-step walkthrough of a ransomware attack...

May 16, 2022 / 1 minute read

Behavioral Execution Prevention: Next-Generation Antivirus Evolved

Behavioral Execution Prevention stops threats posed by malicious actors who use trusted operating system software and native processes to conduct attacks...

May 13, 2022 / 2 minute read

Russia Is Waging Cyberwar–with Little Success

Cybereason CEO Lior Div provides perspective on the cyber component of Putin's invasion of Ukraine, and why it is important for organizations to Defend Forward...

May 12, 2022 / 2 minute read

Employee Spotlight: Why People are Key to Cybereason Success

Tim Weis, who was recently promoted to Senior Talent Acquisition Partner, supports hiring for some of our US-based teams and helps each of them scale and grow. Learn more about Tim and why he says this is an exciting time to join Cybereason...

May 12, 2022 / 3 minute read

Harnessing the Power of AI-Driven XDR

AI/ML is really good at analyzing large data sets with a high degree of accuracy to identify events of concern at a scale manual human analysis can never match, relieving security teams of the tedious task of sorting the signal from the noise...

May 11, 2022 / 4 minute read

New Cybereason Incident Response and Professional Services Bundles Include Unlimited Support

Cybereason has launched subscription-based bundles for unlimited Incident Response and Professional Services that deliver the speed and agility needed to quickly identify, correlate and contain threats while reducing costs by as much as thirty percent...

May 10, 2022 / 2 minute read

Cybereason vs. Quantum Locker Ransomware

The AI-driven Cybereason XDR Platform detects and blocks MountLocker ransomware which launched back in September 2020. Since then, the attackers have rebranded the operation as AstroLocker, XingLocker, and now in its current phase, the Quantum Locker...

May 9, 2022 / 5 minute read

Malicious Life Podcast: How to Russia-Proof Your Democracy

In 2007, Estonia suffered a large-scale DDoS attack which crippled many organizations and digital services. Joseph Carson, a Security Scientist and adviser to several governments discusses the lessons learned from that event and how Estonia became 'A Cloud Country' - check it out…

May 9, 2022 /

How Do Ransomware Attacks Impact Victim Organizations’ Stock?

After all the big ransomware attack headlines, one might be inclined to think that a successful ransomware attack would also impact a victim organization’s stock price over the long term, but so far that's not the case according to several studies...

May 9, 2022 / 5 minute read

The Global Impact of Operation CuckooBees

Lior Div, co-founder and CEO of Cybereason, talks about the Operation CuckooBees revelations and the broad global impact of intellectual property theft.

May 6, 2022 / 2 minute read

How the MalOp Can Facilitate New Breach Reporting Rules

The Cybereason MalOp will be key to the ability of financial institutions to meet the new 36 hour cybersecurity incident reporting deadline...

May 5, 2022 / 2 minute read

Webinar May 25th 2022: Organizations at Risk: Ransomware Attackers Don’t Take Holidays

Join us for this live webinar as we delve into research findings about the risk to organizations from ransomware attacks that occur on weekends and holidays and how you can better prepare to defend against them...

May 5, 2022 / 1 minute read

Operation CuckooBees: Cybereason Uncovers Massive Chinese Intellectual Property Theft Operation

Cybereason recently an attack assessed to be the work of Chinese APT Winnti that operated undetected, siphoning intellectual property and sensitive data - the two companion reports examine the tactics and techniques of the overall campaign as well as more detailed analysis of the malware arsenal and exploits used...

May 4, 2022 / 4 minute read

Operation CuckooBees: Deep-Dive into Stealthy Winnti Techniques

Cybereason investigated multiple intrusions targeting technology and manufacturing companies located in Asia, Europe and North America. Based on the findings of our investigation, it appears that the goal behind these intrusions was to steal sensitive intellectual property for cyber espionage purposes...

May 4, 2022 / 11 minute read

Operation CuckooBees: A Winnti Malware Arsenal Deep-Dive

This research zeroes in on the Winnti malware arsenal and includes analysis of the observed malware and the complex Winnti infection chain, including evasive maneuvers and stealth techniques that are baked-in to the malware code...

May 4, 2022 / 19 minute read

Webinar May 19th 2022: Live Attack Simulation - XDR vs. Modern Ransomware

Join us for an examination of what a modern ransomware attack chain looks like and how an XDR solution can be leveraged to detect and stop complex ransomware attacks at the earliest stages, long before the actual ransomware payload is delivered...

May 3, 2022 / 1 minute read

The U.K. Cyber Strategy: Developing Cybersecurity Skills, Knowledge and Culture

Greg Day, Cybereason’s VP and Global Field CISO for the EMEA region, offers his perspective on developing cybersecurity skills, knowledge, and culture...

May 3, 2022 / 3 minute read

Webinar May 12th 2022: Live Attack Simulation - Ransomware Threat Hunter Series

Learn how mature security teams effectively counter modern ransomware operations (RansomOps) and avoid a system-wide takeover by bad actors - all delivered through a step-by-step walkthrough of a ransomware attack...

May 2, 2022 / 1 minute read

Malicious Life Podcast: Operation Sundevil and the Birth of the EFF

In May 1990, a massive operation carried out by hundreds of Secret Service and FBI agents was focused on a new type of crime: Hacking. But every action has an equal and opposite reaction, and the reaction to Operation Sundevil was the birth of a new power in the cybersphere: the Electronic Frontier Foundation - check it out…

May 2, 2022 /

Cybereason and Google Cloud: This is XDR Tour

Cybereason and Google executives will explain how the security industry can better defend against novel attacks through a live demonstration of how Cybereason XDR powered by Google Cloud reverses the adversary advantage and returns the high ground to Defenders...

April 28, 2022 / 1 minute read

The U.K. Cyber Strategy and Minimizing the Impact of Cybersecurity Incidents

Cybereason XDR supports the U.K. Cybersecurity Strategy objective of minimizing the impact of cybersecurity incidents...

April 28, 2022 / 2 minute read

Distributed Machine Learning Models Done Right

In this article you’ll get an overview of the key challenges common to distributed Machine Learning (ML) architectures frequently seen in IOT devices and security solutions...

April 27, 2022 / 4 minute read

Why XDR Adoption Should Be a CISO Priority

An AI-driven XDR solution allows Defenders to move from a "detect and respond" mode to a more proactive “predictive response” posture where the likely next steps in an attack are anticipated and blocked...

April 27, 2022 / 3 minute read

The State of Ransomware in the Retail Sector

Three-quarters of Retail organizations reported a significant loss of revenue after suffering a ransomware attack, more than half (58%) experienced employee layoffs, and one third were forced to temporarily suspend or halt their business operations altogether...

April 26, 2022 / 5 minute read

Malicious Life Podcast: MITRE Attack Flow Project

The MITRE Attack Flow Project is a new way to visualize, analyze and share knowledge about sequences of adversary behavior. Ingrid Skoog, Ass. Director of R&D at the Center for Threat-Informed Defense, and Cybereason CISO Israel Barak discuss the benefits of the MITRE Attack Flow project to Defenders and executives alike - check it out…

April 25, 2022 /

THREAT ANALYSIS REPORT: SocGholish and Zloader – From Fake Updates and Installers to Owning Your Systems

This report provides unique insight into SocGholish and Zloader attacks and provides an overview of the common tactics and techniques in SocGholish infections...

April 25, 2022 / 14 minute read

Seven Ways Cybereason Enhances Your Cyber Insurance Investment

If your organization needs cyber insurance or if you're up for renewal, get ready to meet these "minimum requirements." Here's seven ways Cybereason can enhance your cyber insurance investment...

April 22, 2022 / 5 minute read

Leveraging Cybereason DFIR to Contain Attacks in Minutes

Cybereason has announced the availability of Cybereason DFIR, a solution designed to automate incident response (IR) investigations by incorporating nuanced forensics artifacts into threat hunting, reducing remediation time by enabling security analysts to contain cyberattacks in minutes...

April 21, 2022 / 2 minute read

How Strategic Detections Set XDR Apart

Most XDR platforms ingest a variety of threat intelligence to spot known Indicators of Compromise (IOCs), but only an AI-driven XDR solution can detect based on the more subtle chains of activity known as Indicators of Behavior (IOBs)...

April 20, 2022 / 4 minute read

Malicious Life Podcast: The Aaron Swartz Story

When 24-year-old Aaron Swartz was caught scraping millions of science articles off of JSTOR, he faced up to 35 years in prison plus a fine of up to 1 million dollars. Did Aaron's crime justify such a harsh punishment? Check it out…

April 19, 2022 /

Ransomware Attacks: Can Cyber Insurance Protect Your Organization?

Nearly half of organizations with cyber insurance in place when they were victims of a ransomware attack said that their insurer only covered a portion of their losses, so they still needed to pay out of pocket significantly to cover the recovery costs...

April 19, 2022 / 3 minute read

SOC Modernization: Measures and Metrics for Success

To have confidence we can block the attack, we will have invested time and resources to build out the MalOp, and as such we should track our blocking controls to see which have the greater longevity against the adversary...

April 14, 2022 / 3 minute read

Everything Cybereason at the 2022 RSA Conference!

Don’t miss the immersive digital experience at Cybereason booth S-735 in the South Expo Hall packed with informative in-booth theater presentations, enjoy more briefings at the Cybereason Lounge at the Four Seasons, score some great swag like a Malicious Life Podcast T-Shirt and more...

April 13, 2022 / 3 minute read

Webinar April 26th: Profile of the Dark Economy of Ransomware

RansomOps have steadily become more sophisticated and more aligned with nation-state actors making ransomware an existential threat for enterprises - join expert Bob Bigman, former CISO for the CIA to learn more about major ransomware groups and how they operate...

April 13, 2022 /

Security Budgets Are Increasing - But So Are Attacks

An AI-driven XDR solution can correlate security telemetry from across the network to produce a complete picture of all elements of an attack to automate responses - basically eliminating the need for SIEM and SOAR tools in most circumstances...

April 13, 2022 / 4 minute read

White Paper: Inside Complex RansomOps and the Ransomware Economy

This white paper examines the growing threat from complex RansomOps, as well as the larger Ransomware Economy, and provides prescriptive guidance for organizations determined to remain undefeated by ransomware attacks...

April 12, 2022 / 1 minute read

Detecting Cyber Events is Key to U.K. Cybersecurity Strategy

Cybereason XDR supports both capability outcomes outlined in the U.K. Government Cybersecurity strategy for detecting cyber events...

April 11, 2022 / 3 minute read

Malicious Life Podcast: The Russia-Ukraine Cyberwar

Several weeks after the invasion of Ukraine by Russian forces, and the lights are still on and other important infrastructure is still operating. Cybereason CEO Lior Div, CTO Yonatan Striem-Amit, and CSO Sam Curry examine what we know so far about the cyber aspect of the conflict...

April 11, 2022 /

Webinar April 27th: Solving the Incident Response Data Problem

Join this informative webinar to learn how the combination of IBM X-Force expertise and cutting edge Cybereason security solutions and DFIR capabilities deliver a faster, more efficient approach to Incident Response...

April 7, 2022 /

Operation Bearded Barbie: APT-C-23 Campaign Targeting Israeli Officials

This APT-C-23 campaign involves of two previously undocumented malware strains dubbed Barb(ie) Downloader and BarbWire Backdoor, which use an enhanced stealth mechanism to remain undetected - in addition, Cybereason observed an upgraded version of an Android implant dubbed VolatileVenom...

April 6, 2022 / 11 minute read

Evaluating XDR Solutions? Caveat Emptor - Buyer Beware

Don’t be fooled by marketing ploys from vendors touting their latest big dollar acquisition of technologies they can’t integrate but still try to pawn off as XDR...

April 6, 2022 / 4 minute read

No Airplane Hacking Episode

Due to some controversy in the community over the airplane hacking episode, we have decided to remove it from the playlist...

April 5, 2022 /

Ransomware vs. AI: The Battle Between Machines

An AI-driven XDR solution can cut through the noise introduced by a constant flood of alerts, allowing security teams to spend less time sifting through alerts and chasing false positives and more time detecting and blocking attacks...

April 5, 2022 / 4 minute read

Cybereason and IBM: A Better Way to do Enterprise IR

Cybereason and IBM are launching a joint solution to address the most critical SOC challenges and significantly improve incident response delivery, triage, and remediation processes...

April 4, 2022 / 3 minute read

Cybereason Posts Best Results in History of MITRE ATT&CK Evaluations

Cybereason leads the industry in the MITRE ATT&CK Enterprise Evaluation 2022, achieving the best results ever in the history of these evaluations...

April 1, 2022 / 3 minute read

Lapsus$ Activity Betrays Nation-State Motivation

Cybereason CSO Sam Curry talks about the potential threat of cyberattacks from Russia in connection with the invasion of Ukraine and why Russia might engage with external cyber mercenaries to get the job done. ..

April 1, 2022 / 6 minute read

Webinar April 14th: Live Attack Simulation - Ransomware Threat Hunter Series

Learn how mature security teams effectively counter modern ransomware operations (RansomOps) and avoid a system-wide takeover by bad actors - all delivered through a step-by-step walkthrough of a ransomware attack...

April 1, 2022 / 1 minute read

Cybereason Excels in the 2022 MITRE ATT&CK® Evaluations: 100% Prevention, Visibility and Real-Time Protection

While other vendors are scrambling to cherry-pick the results and spin up some clever interpretations of the MITRE ATT&CK results, Cybereason is proud to let the evaluation results speak for themselves: Cybereason demonstrated 100% Prevention, 100% Visibility, and 100% Real-Time Protection...

March 31, 2022 / 3 minute read

How Cybereason Enables the U.K. to Defend Against Cyberattacks

The second installment of our five-part series outlining how Cybereason XDR maps to each of the objectives in the U.K. Government Cybersecurity Strategy...

March 31, 2022 / 3 minute read

CISO Stories Podcast: CISO Priorities for 2022

What issues should CISOs be prioritizing, and how can they get the most bang for their buck? An esteemed panel of accomplished security leaders discuss the challenges for 2022 and more - check it out...

March 31, 2022 /

Four Ways XDR Optimizes Your Security Stack

An AI-driven XDR solution enables organizations to embrace an operation-centric approach that delivers the visibility required to be confident they can halt attack progressions at the earliest stages...

March 30, 2022 / 4 minute read

SOC Modernization: A Mission to Block or to Disrupt?

Periodically, every business steps back and asks itself a number of questions around its security resilience, and at the top of the list is the question: Are my response processes still fit for purpose?

March 29, 2022 / 5 minute read

How to Create an Effective Ransomware Response Plan

Organizations need to be capable of responding effectively to a ransomware attack in order to minimize impact to the business. Here are three things they should consider along the way...

March 29, 2022 / 4 minute read

MITRE ATT&CK: Wizard Spider and Sandworm Evaluations Explained

MITRE is the preeminent third-party security solution evaluator. We explain the key metrics to look for in their upcoming Enterprise ATT&CK Evaluation...

March 28, 2022 / 4 minute read

Malicious Life Podcast: DIE - A New Paradigm for Cybersecurity

DIE, an acronym for Distributed, Immutable and Ephemeral, is a framework for designing secure systems where we should treat our precious data less like pets and more like cattle. Sound confusing? New paradigms always are - check it out…

March 28, 2022 /

Webinar April 7th: 2022 MITRE ATT&CK Evaluations Explained

The MITRE ATT&CK evaluations test security vendors’ ability to quickly detect and stop tactics and techniques used by today’s threat actors. In this webinar, we strip down the complexity of the MITRE ATT&CK framework so your organization can leverage it for success...

March 25, 2022 / 1 minute read

CEO Blog Series: No Sector Is Off-Limits for Russian Cyberattacks

The risk of cyberattacks from Russia or threat actors aligned with Russia is high and every organization, regardless of industry or geographic location, needs to be prepared to defend against them...

March 25, 2022 / 2 minute read

CISO Stories Podcast: Why Are We Still Failing at Security?

Wayman Cummings, VP of Security Operations at Unisys, examines how industry stagnation impacts the security for our critical infrastructure, the value true public-private partnerships can bring and more - check it out...

March 24, 2022 /

Cybereason Support for the U.K. Cybersecurity Strategy Part 1

This is the first installment of a five-part blog series in which we will outline how Cybereason XDR maps to each of the five objectives contained in the U.K. Government Cybersecurity Strategy...

March 24, 2022 / 4 minute read

Operational Resilience: Bridging the Communications Gap

The most valuable conversations today are focused on operational resilience, a newer term for the CSO, but less so for most Boards who already know what the processes are to achieve key business outcomes...

March 23, 2022 / 4 minute read

AI-Driven XDR: Defeating the Most Complex Attack Sequences

Unlike pseudo-XDR offerings that are really just EDR tools with a cloud extension, an AI-driven XDR solution does not require that valuable telemetry be filtered out due to a platform’s inability to handle the volume of intelligence available...

March 23, 2022 / 4 minute read

Cybereason Taps Frank Koelmel as EMEA Region General Manager

Cybereason continues its exponential growth and expansion of the team by naming Frank Koelmel as EMEA Region General Manager where he will be overseeing all Cybereason EMEA operations, leading future growth and expansion in the region...

March 23, 2022 / 2 minute read

Authentication Platform Okta Confirms Breach Impacts Customer Base

Authentication platform Okta has confirmed they were breached and customer base impacted after threat actors Lapsus$ gained access to the company’s internal environment...

March 22, 2022 / 3 minute read

Malicious Life Podcast: Cyber PTSD

We usually count the damage from a cyberattack in Dollars and Euros, but the psychological damage to the victims is rarely discussed. Can scams, hacks, and breaches lead to Cyber Post-Traumatic Stress Disorder? Check it out…

March 22, 2022 /

The State of Ransomware in the Manufacturing Sector

Sixty percent of manufacturing organizations said they were struggling to defend against ransomware attacks due to their growing sophistication, while just under half noted that they were likely to get hit at some point...

March 22, 2022 / 3 minute read

Cybereason vs. Carbon Black: Why Delayed Detections Matter

In a recent MITRE ATT&CK test, Carbon Black had a 9% delayed detection rate - delayed detections leave organizations open to ransomware and other attacks...

March 22, 2022 / 5 minute read

Cybereason and Motorola Mobility: Real-Time Network Visibility

The Cybereason MalOp (malicious operation) detection engine allowed a single Lenovo analyst to manage up to 200,000 endpoints, almost three times their current network needs...

March 18, 2022 / 3 minute read

Webinar March 31st: Live Attack Simulation - XDR vs. Modern Ransomware

Join us for an examination of what a modern ransomware attack chain looks like and how an XDR solution can be leveraged to detect and stop complex ransomware attacks at the earliest stages, long before the actual ransomware payload is delivered...

March 17, 2022 / 1 minute read

Enriching Raw Telemetry with the Cybereason Historical Data Lake

The Cybereason Historical Data Lake ingests all available telemetry collected for analysis for two primary use cases: Historical Threat Hunting and Deep Investigation...

March 17, 2022 / 2 minute read

CISO Stories Podcast: The CISO Six Minute Rule

Renee Guttmann needed a way to determine and communicate the right decisions to the organization, so she developed the “Six-Minute Rule” as a guide - Renee explains how to help stakeholders make informed risk/reward decisions - check it out...

March 17, 2022 /

CEO Blog Series: Microsoft Can’t Protect Themselves—How Will They Protect You?

Still considering Microsoft for your security needs? They issued patches for 234 vulnerabilities in just the first Quarter of 2022: 23 are rated Critical and 10 are zero-days--that’s an average of about 8 Critical vulnerabilities and 3 zero-days per month...

March 16, 2022 / 3 minute read