<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=116645602292181&amp;ev=PageView&amp;noscript=1">

Digital Forensic Breadcrumbs at the 2020 Grace Hopper Celebration

Events

Digital Forensic Breadcrumbs at the 2020 Grace Hopper Celebration

With 25,000 participants expected to attend, and keynotes from Serena Williams and Megan Rapinoe, the Grace Hopper Celebration brings together women in STEM across the globe, in the first ever virtual edition of the conference.

Cybereason’s Commitment to Inclusion in Cybersecurity

Cybersecurity

Cybereason’s Commitment to Inclusion in Cybersecurity

Cybereason is focusing internal efforts on one of our Company values we call “UbU” which strives to embrace and encourage employees who exemplify our Company's commitment to diversity in all its forms.

No Rest for the Wicked: Evilnum Unleashes PyVil RAT

Threat Intelligence

No Rest for the Wicked: Evilnum Unleashes PyVil RAT

In this article, we dive into the recent activity of the Evilnum group and explore its new infection chain and tools.

Time for an Upgrade: How to Switch from Symantec to Cybereason

Endpoint Detection and Response

Time for an Upgrade: How to Switch from Symantec to Cybereason

If you are still using Symantec, you’re most likely tired of the complex workflows, the gaps in detection, and a resource-heavy solution that inhibits workflows and productivity. If so, it’s time to level up to a better solution that’s leading the industry.

Operation Blackout Virtual Edition: Election Security Tabletops

Events

Operation Blackout Virtual Edition: Election Security Tabletops

With looming 2020 elections across the world over the next few months and a global pandemic underway, on August 20, 2020, Cybereason hosted Operation Blackout 2020, its latest virtual election security tabletop exercise with participants from the FBI, CISA, and other government organizations.

Cyber Security Tips for Allowing Employees to Work From Home

Cybersecurity

Cyber Security Tips for Allowing Employees to Work From Home

While the ability to allow staff to work remotely when needed gives greater flexibility to corporations, it also comes with cybersecurity risks. Not only can remote workers put their own privacy at risk, but working remotely could result in a breach in the company’s security.

Deepfakes: Novelty Trend or Novel Threat?

Insights

Deepfakes: Novelty Trend or Novel Threat?

Deepfakes, a rapidly advancing technique for generating very realistic media, has the potential to be very disruptive when misused.

Hacker Summer Camp is Cancelled, Long Live Virtual Hacker Summer Camp

Events

Hacker Summer Camp is Cancelled, Long Live Virtual Hacker Summer Camp

A few months ago, in light of the ongoing pandemic, fears that hacker summer camp would be cancelled were realized. However, festivities still continued for some conferences, albeit in a virtual format.

Protecting Against Potential Cybersecurity Threats Brought on by Remote Work

Endpoint Detection and Response

Protecting Against Potential Cybersecurity Threats Brought on by Remote Work

In pivoting an entire workforce to remote work, employers need to be prepared for the cybersecurity risks involved. To guard against these threats, employers should have a remote work policy that all employees are aware of and comply with.

Increase in Remote Work Spurs Demand for EDR Cybersecurity

Endpoint Detection and Response

Increase in Remote Work Spurs Demand for EDR Cybersecurity

With the sudden increase in telework, the traditional approach of reacting to cyber threats and security issues only after a breach is discovered is no longer sufficient.

The 5 Sessions We Are Most Excited for at Virtual Black Hat USA 2020

Events

The 5 Sessions We Are Most Excited for at Virtual Black Hat USA 2020

We are still on course for an interesting Black Hat so we thought it would be helpful to highlight some of the sessions we are the most excited for. 

4 Challenges Faced by Organizations Transitioning to Remote Work

Vulnerabilities

4 Challenges Faced by Organizations Transitioning to Remote Work

During the past few months, many companies have contacted us with various questions and requests about remote security. In our conversations with them, we’ve noticed four key challenges that we wanted to explore.

Remote Work Because of a Pandemic Could Give Your Company a Different Kind of Virus

Vulnerabilities

Remote Work Because of a Pandemic Could Give Your Company a Different Kind of Virus

Cyber attackers seeking to take advantage of the influx of employees working from home will increase phishing attacks and start attacking online services that are being used more than usual.

Need a Boost? Stretch Your Skills with the Cybereason Summer CTF!

Hacking

Need a Boost? Stretch Your Skills with the Cybereason Summer CTF!

Are you feeling cooped up after months of social distancing? Suffering from video conferencing meeting fatigue? Do you need to reawaken your curious analyst? Come capture flags and win prizes with Cybereason!

What Is a VPN, and How Can It Help Enterprises with Remote Workers?

Endpoint Protection Platform

What Is a VPN, and How Can It Help Enterprises with Remote Workers?

With the recent surge of employees working from home, the use of a VPN tool has become an important topic within many companies.

Ensuring Data Privacy: Update on EU Court of Justice Ruling

Endpoint Protection Platform

Ensuring Data Privacy: Update on EU Court of Justice Ruling

Cybereason is the only EPP vendor that gives you full control of your data and protects your data wherever it is.

A Bazar of Tricks: Following Team9’s Development Cycles

Malware

A Bazar of Tricks: Following Team9’s Development Cycles

In this analysis, our Nocturnus research team shows how the Bazar malware is sent via phishing emails that take advantage of the ongoing coronavirus pandemic, employee payroll reports, and customer complaints.

Certified Business Security!

Prevention

Certified Business Security!

We are proud to announce the Cybereason Defense Platform has attained the AV Comparatives “Business Security” product certification!

Post-incident Review and the Big Data Problem

Incident Response

Post-incident Review and the Big Data Problem

Security teams that have accepted the post-breach mindset focus on reducing risk as much as possible through visibility and automation, instead of searching for a one-size-fits-all solution.

What Modern Ransomware Looks Like

Ransomware

What Modern Ransomware Looks Like

Over the past year, we have seen many different types of ransomware attacks evolving, especially evolving into multistage ransomware that not only ransoms data, but also exfiltrates as much data as possible. This blog explores three of the most common modern ransomware attacks we are seeing today. 

FakeSpy Masquerades as Postal Service Apps Around the World

Malware

FakeSpy Masquerades as Postal Service Apps Around the World

The Cybereason Nocturnus team is investigating a new campaign involving FakeSpy, an Android mobile malware used to steal SMS messages, send SMS messages, steal financial data, read account information and contact lists, steal application data, and do much more.

Ransomware: Weapons of Mass Disruption

Ransomware: Weapons of Mass Disruption

Whenever there’s a decline in ransomware cases, or other more popular threats seem to be on the rise, new innovative techniques and even offerings seem to emerge.

How to Design a Prevention Stack to Stop Ransomware

Ransomware

How to Design a Prevention Stack to Stop Ransomware

Ransomware attacks are an efficient and effective weapon for criminals who want to harm any business through crucial data loss, damaged productivity, and injured brand reputation.

Next-generation Antivirus 101: Layers of Prevention

Next Generation Antivirus

Next-generation Antivirus 101: Layers of Prevention

Next-generation antivirus combines traditional antivirus with behavioral-based prevention to find prevent more evasive threats than legacy antivirus alone.

308% ROI by Using Cybereason, According to Forrester Total Economic Impact Study

Endpoint Detection and Response

308% ROI by Using Cybereason, According to Forrester Total Economic Impact Study

With Cybereason, customers are able to protect themselves from cyber threats that are both known and unknown, minimize their overall security risks, all while reducing their overall security costs by $4.2M and attaining a ROI of 308% over three years!

UbU: Championing Diversity, Equity, and Inclusion at Cybereason

Insights

UbU: Championing Diversity, Equity, and Inclusion at Cybereason

UbU (“you be you”) is the value that sits front and center at Cybereason. Acceptance of every person is at the heart of who we are as a company.

Cybereason’s Newest Honeypot Shows How Multistage Ransomware Attacks Should Have Critical Infrastructure Providers on High Alert

Ransomware

Cybereason’s Newest Honeypot Shows How Multistage Ransomware Attacks Should Have Critical Infrastructure Providers on High Alert

Earlier this year, Cybereason launched its latest honeypot to analyze the tactics, techniques, and procedures used by state-sponsored groups and cyber crime actors to target critical infrastructure providers.

How I made my company’s office into a fancy internet cafe and why should you too

Cybereason

How I made my company’s office into a fancy internet cafe and why should you too

In this article I describe a security strategy that helped my organization avoid this scenario by simply ignoring the perimeter, making us indifferent to the location our employees are working from.

What are Adversary Emulation Plans?

MITRE ATT&CK Framework

What are Adversary Emulation Plans?

Though AEPs are especially important when testing and building a strong defense, they are often overlooked for TTPs by security practitioners versed in the “trench warfare” of day-to-day security operations.

Why Not Detect Every TTP in the MITRE ATT&CK Framework?

MITRE ATT&CK Framework

Why Not Detect Every TTP in the MITRE ATT&CK Framework?

One could argue that, if you can detect all the TTPs in ATT&CK, you should also be able to defend against all of the adversaries in ATT&CK. While technically true, many TTPs are not inherently malicious. 

Valak: More than Meets the Eye

Malware

Valak: More than Meets the Eye

The Valak Malware is a sophisticated malware that can steal enterprise mailing information and passwords along with the enterprise certificate. This has the potential to access critical enterprise accounts, causing damage to organizations, brand degradation, and ultimately a loss of consumer trust. 

Love Your Enemies Before You Destroy Them — Hacking for Good

Cybersecurity

Love Your Enemies Before You Destroy Them — Hacking for Good

Proactive defense is about predicting, understanding, and preventing as many moves as possible that an attacker could make against you. You have to stay a step ahead of the enemy and lure them into a trap of your own.

IOCs vs. IOBs

Malware

IOCs vs. IOBs

IOCs are valuable when preventing known malware, but over 350,000 new strains of malware are detected every day, and fileless malware attacks are on the rise. IOCs are no longer an innovative or sufficient standalone method for defense. 

Why a Cloud-native EPP is Critical for Futureproof Security Operations

Endpoint Protection Platform

Why a Cloud-native EPP is Critical for Futureproof Security Operations

Among endpoint solutions, there’s a staggeringly clear distinction between solutions that are cloud-native and those whose cloud capabilities are either non-existent or partial at best.

Legacy A/V Is So Last Year

Next Generation Antivirus

Legacy A/V Is So Last Year

Since the acquisition of Symantec in September, Cybereason has received a flood of requests from concerned customers interested in making the switch to Cybereason.

What is the MITRE ATT&CK Framework?

MITRE ATT&CK Framework

What is the MITRE ATT&CK Framework?

MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (MITRE ATT&CK) is a model and knowledge base of adversary behavior that has become a staple of the endpoint security space.

Is On-Premise For Endpoint Protection Still A Thing?

Endpoint Protection Platform

Is On-Premise For Endpoint Protection Still A Thing?

At Cybereason, we want to assure our customers and prospects that we support various on-premise deployment options to address their entire endpoint protection security needs.

To Pay or Not to Pay

Ransomware

To Pay or Not to Pay

It might be appealing to have a clear-cut, black-and-white measure for when to talk or when to shut down talks; but the nuances of when it makes sense to enter into negotiations and when it makes sense to pay ransoms for hostages or not is not as straightforward as a five-word policy.

Converging Endpoint and Mobile Security

Insights

Converging Endpoint and Mobile Security

In this blog, I'll be exploring the traditional approaches to protecting and managing both endpoint and mobile devices and identify how both approaches have evolved.

2 Metrics to Evaluate MITRE ATT&CK Results

MITRE ATT&CK Framework

2 Metrics to Evaluate MITRE ATT&CK Results

Ultimately, the goal of MITRE ATT&CK and other product evaluations is to identify which products can best contain attacks and provide you with actionable threat detection to reduce overall Mean Time To Respond.

EventBot: A New Mobile Banking Trojan is Born

Research

EventBot: A New Mobile Banking Trojan is Born

The Cybereason Nocturnus team is investigating EventBot, a new type of Android mobile malware. EventBot abuses accessibility features to steal user data from financial applications, read user SMS messages, and steal SMS messages to allow the malware to bypass two-factor authentication. 

Smart Filtering, Smart Sampling and Smart Scaling

Research

Smart Filtering, Smart Sampling and Smart Scaling

In security data analysis, hunting and AI-driven automated detection, the quality of your results depends heavily on the quality of your data. In this blog, I’d like to discuss a few strategies for handling the data and the advantages and disadvantages of each approach.

Cybereason Mobile: Another Step Towards Our Vision to Protect it All

Endpoint Protection Platform

Cybereason Mobile: Another Step Towards Our Vision to Protect it All

Today, we take another step towards our vision to protect it all by releasing a new offering to defend mobile devices: Cybereason Mobile.

MITRE ATT&CK Evaluations Showcase Cybereason’s Detailed Context and Visibility

Endpoint Protection Platform

MITRE ATT&CK Evaluations Showcase Cybereason’s Detailed Context and Visibility

Today, we are happy to announce that the Cybereason Defense Platform has been evaluated by MITRE ATT&CK to illustrate how we approach threat detection in the context of the MITRE ATT&CK framework.

Understanding the MITRE ATT&CK APT29 (Round 2) Product Evaluations

MITRE ATT&CK Framework

Understanding the MITRE ATT&CK APT29 (Round 2) Product Evaluations

Get a refresher on the MITRE ATT&CK APT29 Evaluations.

Q&A: Maintaining Secure Business Continuity with Lior Div

Insights

Q&A: Maintaining Secure Business Continuity with Lior Div

I have been actively counseling CEOs on how best to secure business continuity during this difficult time, and wanted to make those recommendations available to everyone.

Recommended Reading During a Pandemic

Cybereason

Recommended Reading During a Pandemic

At Cybereason, we are finding different ways to stay healthy during the COVID-19 pandemic. In conversations across the team, we realized we have the basis for an awesome recommended reading list we can share with the community.

Incident Response: Don’t Let That Data Age-out

Incident Response

Incident Response: Don’t Let That Data Age-out

“56% of breaches took months or longer to discover." Unfortunately, this is not earth shattering news. The current state of time to detect and respond being unacceptable across the industry, regardless of who you ask.

Q&A: Cybereason CEO Lior Div on Responding to COVID-19

Insights

Q&A: Cybereason CEO Lior Div on Responding to COVID-19

'Responding to the unknown is part of our DNA.' Read more of a Q&A with Lior Div on how Cybereason responded to the COVID-19 pandemic.

Insights from a Fireside Chat on Ransomware, Cloud Adoption, & CISOs

Cybersecurity

Insights from a Fireside Chat on Ransomware, Cloud Adoption, & CISOs

Executive teams from Sprint and Cybereason recently sponsored an on-stage chat between Sam Curry, CISO of Cybereason and Ed Amoroso, CEO of TAG Cyber. The ground rules were simple: Our experts were to openly address serious issues in cyber security with no holding-back – and they certainly did not disappoint.

3 Straightforward Ways to Build a SOC

Cybersecurity

3 Straightforward Ways to Build a SOC

When trying to address the question “Is my SOC as effective as possible?”, one of the most challenging components you will face is staffing. In this blog, I'll be covering how to answer some of the more difficult questions when it comes to building a SOC.

Perspectives on Maintaining Secure Business Continuity: A Guide

Insights

Perspectives on Maintaining Secure Business Continuity: A Guide

In this blog, you'll find perspectives from several of our experts with experience in managing crises across security and business functions.

Coronavirus Panic, Security, and You

Insights

Coronavirus Panic, Security, and You

While it is important to stay vigilant, wash our hands, and maintain social distancing policies, it is also important that we talk about another kind of hygiene, (and I know this sounds corny): our cyber hygiene.

Why We Created Remote Workforce Protection

Insights

Why We Created Remote Workforce Protection

Cybereason Remote Workforce Protection is built to help organizations secure their new, evolving-everywhere office, and to ease the burden on IT and security teams. 

Remote Work is the New Normal

Insights

Remote Work is the New Normal

With more and more employees encouraged to isolate and stay in their homes, a big question on every CEO’s mind is how to ensure her business is able to continue to function when all employees are remote.

‘AA’ Rated Advanced Endpoint Protection

Endpoint Protection Platform

‘AA’ Rated Advanced Endpoint Protection

Cybereason is proud to announce the Cybereason Defense Platform has achieved the ‘AA’ product rating in NSS Labs, Inc 2020 Advanced Endpoint Protection (AEP) testing.

Eagle vs. Panda: Does COVID-19 Rhetoric Have Us On The Brink Of War?

Eagle vs. Panda: Does COVID-19 Rhetoric Have Us On The Brink Of War?

A disturbing polemic is emerging against the background noise of coronavirus reports from around the world: the cause of the problem is the other, the foreign.

Meet the ‘Futureproofed’ EDR Product With a Vision for Where the Market is Still Going

Company

Meet the ‘Futureproofed’ EDR Product With a Vision for Where the Market is Still Going

We are excited to announce that Cybereason has been named a strong performer, with the highest score in the “current offering” category amongst 11 other vendors in The Forrester Wave™: Endpoint Detection & Response Q1 2020.

Launching Now: Cybereason Remote Workforce Protection

Prevention

Launching Now: Cybereason Remote Workforce Protection

Cybereason Remote Workforce Protection combines Cybereason NGAV multi-layered prevention, EDR analysis and response, with Cybereason MDR to manage it all for you, and remote incident response services across workstations, laptops, and mobile devices.

Just Because You’re Home Doesn’t Mean You’re Safe

Research

Just Because You’re Home Doesn’t Mean You’re Safe

Cybereason’s Nocturnus team is continuing to observe hundreds of phishing attacks that use coronavirus-themed files and domains to distribute malware and infect victims all over the world.

A Note of Support to our Customers During the COVID-19 Pandemic

Company

A Note of Support to our Customers During the COVID-19 Pandemic

As an organization, our top priority continues to be providing a seamless defense for all of our customers, especially in these difficult times. As attackers take advantage of the ongoing crisis, this becomes more important than ever.

Ghost in the Machine: Reconciling AI and Trust in the Connected World

Insights

Ghost in the Machine: Reconciling AI and Trust in the Connected World

This blog is a summary of the research and perspective of Cybereason CSO Sam Curry and Dr. Alon Kaufman of Duality on AI and Privacy titled: Ghost in the Machine, reconciling AI and Trust in the Connected World.

Who's Hacking the Hackers: No Honor Among Thieves

Trojan

Who's Hacking the Hackers: No Honor Among Thieves

Cybereason Nocturnus is investigating a campaign where attackers are trojanizing multiple hacking tools with njRat, a well known RAT. Once the files are downloaded and opened, the attackers are able to completely take over the victim’s machine.

Code Integrity in the Kernel: A Look Into ci.dll

Research

Code Integrity in the Kernel: A Look Into ci.dll

This blog demonstrates how to use a subgroup of the CI API. This lets us validate Authenticode signatures in Kernel mode without implementing it ourselves.

New Cyber Espionage Campaigns Targeting Palestinians - Part 2: The Discovery of the New, Mysterious Pierogi Backdoor

Research

New Cyber Espionage Campaigns Targeting Palestinians - Part 2: The Discovery of the New, Mysterious Pierogi Backdoor

Cybereason's Nocturnus team has been tracking recent espionage campaigns specifically directed at entities and individuals in the Palestinian territories.

New Cyber Espionage Campaigns Targeting Palestinians - Part 1: The Spark Campaign

Research

New Cyber Espionage Campaigns Targeting Palestinians - Part 1: The Spark Campaign

Cybereason's Nocturnus team has been tracking recent espionage campaigns specifically directed at entities and individuals in the Palestinian territories.

The Hole in the Bucket: Attackers Abuse Bitbucket to Deliver an Arsenal of Malware

Malware

The Hole in the Bucket: Attackers Abuse Bitbucket to Deliver an Arsenal of Malware

Cybereason is following an active campaign to deliver seven different types of malware that are able to steal data, mine for cryptocurrency, and deliver ransomware to victims all over the world.

Why is Emotet So Popular and Who is it Targeting Now?

Insights

Why is Emotet So Popular and Who is it Targeting Now?

The malware previously described by DHS as the most destructive ever is surging yet again. Why is Emotet so popular and who is it targeting now?

6 of the Best Malicious Life Cybersecurity History Stories from 2019

Insights

6 of the Best Malicious Life Cybersecurity History Stories from 2019

To close out the year and celebrate seventy episodes of Malicious Life, we’re listing the best cybersecurity podcast episodes we’ve released in 2019.

Is Cyber Retaliation from Iran Imminent?

Insights

Is Cyber Retaliation from Iran Imminent?

We are three days into 2020, and the world is already on high alert. Yesterday evening, the US government killed prominent Maj. Gen. Qasem Soleimani in an overnight airstrike at the Baghdad airport.

Mobile Malware: From Consumer Fraud to Enterprise Espionage

Insights

Mobile Malware: From Consumer Fraud to Enterprise Espionage

The data is telling us that it’s time to secure mobile, and yet our understanding of these threats is severely lacking.

Election Hacking

Guides

Election Hacking

How credible is the threat, and how do we stop it?

How Geopolitical Events Will Change Cybersecurity in 2020

Cybersecurity

How Geopolitical Events Will Change Cybersecurity in 2020

As we enter the New Year, we need to keep in mind how nation state evolution, new targets, and security vendor stagnation will serve as motivation for hackers.

How to Prevent the Next Big POS Breach

Malware

How to Prevent the Next Big POS Breach

A new malware discovered in October called Anchor is being used to target financial, manufacturing, and retail businesses across North America and Europe. The threat actor has been leveraging Anchor and TrickBot together to infect, explore, and exploit high-value targets that implement point of sale systems.

Dropping Anchor: From a TrickBot Infection to the Discovery of the Anchor Malware

Hacking

Dropping Anchor: From a TrickBot Infection to the Discovery of the Anchor Malware

Cybereason Nocturnus detected a series of targeted attacks against high-profile targets that uses a new variant of Anchor_DNS and a new malware dubbed Anchor.

Phoenix: The Tale of the Resurrected Keylogger

Next Generation Antivirus

Phoenix: The Tale of the Resurrected Keylogger

Cybereason’s Nocturnus team is tracking a new keylogger gaining traction among cybercriminals called Phoenix. Read about it and its reception in the underground here.

Working Remote: How Universities Secure Open Networks

Prevention

Working Remote: How Universities Secure Open Networks

Security teams at universities face a difficult task: how to reconcile full cybersecurity protection with an open IT environment.

Hunting Raccoon: The New Masked Bandit on the Block

Next Generation Antivirus

Hunting Raccoon: The New Masked Bandit on the Block

Since April 2019, the Cybereason Nocturnus team has investigated infections of the Raccoon stealer in the wild across organizations. Read about it here.

5 Capabilities of a Modern Endpoint Protection Platform

Endpoint Detection and Response

5 Capabilities of a Modern Endpoint Protection Platform

In order to address the evolving threat landscape, the security industry has turned to more comprehensive endpoint protection platforms. What are they?

The Timeline to Consolidation of Endpoint Protection Platforms and EDR

Endpoint Detection and Response

The Timeline to Consolidation of Endpoint Protection Platforms and EDR

The endpoint security market is in the midst of a consolidation of EDR and EPP. How did we get here? Read on to find out.

Fileless Malware 101: Understanding Non-Malware Attacks

Malware

Fileless Malware 101: Understanding Non-Malware Attacks

Unlike attacks carried out using traditional malware, fileless malware attacks don’t entail attackers installing software on a victim’s machine. Instead, tools that are built-in to Windows are hijacked by adversaries and used to carry out attacks. Essentially, Windows is turned against itself.

Explaining Fileless Malware Succinctly with Examples from our Research

Antivirus

Explaining Fileless Malware Succinctly with Examples from our Research

In Q1 2018, fileless attacks were up 94%. Learn about what fileless malware is with common examples from the Cybereason Nocturnus team's research.

Glupteba Expands Operation and Toolkit with LOLBins And Cryptominer

LOLbins

Glupteba Expands Operation and Toolkit with LOLBins And Cryptominer

The Nocturnus team has identified variants of Glupteba that made use of an extensive arsenal, including LOLBins and a cryptocurrency miner.

Sodinokibi: The Crown Prince of Ransomware

Research

Sodinokibi: The Crown Prince of Ransomware

In April 2019, the Cybereason Nocturnus team analyzed a new type of evasive ransomware dubbed Sodinokibi.

Exploit Kits “Shade” Into New Territory

LOLbins

Exploit Kits “Shade” Into New Territory

We take a closer look at the Spelevo exploit, its infection method, and the new direction attackers are taking the Shade ransomware to make money while avoiding publicity.

Watch Where You Browse - The Fallout Exploit Kit Stays Active

Vulnerabilities

Watch Where You Browse - The Fallout Exploit Kit Stays Active

Attackers are turning even the most common activities into a possible threat. Read about the latest example of this trend here.

Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers

Advanced Persistent Threat

Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers

In 2018, the Cybereason Nocturnus team identified an advanced, persistent attack targeting global telecommunications providers.

Adobe Worm Faker Uses LOLbins And Dynamic Techniques To Deliver Customized Payloads

Vulnerabilities

Adobe Worm Faker Uses LOLbins And Dynamic Techniques To Deliver Customized Payloads

We have found an active malware that uses LOLBins and delivers customized payloads called Adobe Worm Faker.

New Pervasive Worm Exploiting Linux Exim Server Vulnerability

Cybersecurity

New Pervasive Worm Exploiting Linux Exim Server Vulnerability

There’s an active, ongoing campaign exploiting a widespread vulnerability in linux email servers. Read about the attack first here.

Excel4.0 Macros - Now with Twice The Bits!

Vulnerabilities

Excel4.0 Macros - Now with Twice The Bits!

In this research, we outline how to enable the execution of 64-bit shellcode via Excel 4.0 macros and previous research on 32-bit shellcode.

GandCrab's new Evasive Infection Chain

Research

GandCrab's new Evasive Infection Chain

Ransomware is not a new form of attack, but GandCrab has upgraded it to be more dynamic and harder to resolve.

Threat Actor TA505 Targets Financial Enterprises Using LOLBins and a New Backdoor Malware

LOLbins

Threat Actor TA505 Targets Financial Enterprises Using LOLBins and a New Backdoor Malware

In this research, we introduce a meticulously planned, malicious operation against a financial institution in April of 2019 by TA505.

How to Generate a Hypothesis for a Threat Hunt

Threat Hunting

How to Generate a Hypothesis for a Threat Hunt

Many find the process of threat hunting to be too demanding. What are you supposed to hunt? Where do you even begin?

A One-two Punch of Emotet, TrickBot, & Ryuk Stealing & Ransoming Data

Trojan

A One-two Punch of Emotet, TrickBot, & Ryuk Stealing & Ransoming Data

The Cybereason team has identified a malware campaign that combines Emotet, TrickBot, and Ryuk to steal and ransom data.

Triple Threat: Emotet Deploys TrickBot to Steal Data & Spread Ryuk

Trojan

Triple Threat: Emotet Deploys TrickBot to Steal Data & Spread Ryuk

The Cybereason team has uncovered a severe threat that adapts Emotet to drop TrickBot, and adapts TrickBot to not only steal data but also download the Ryuk ransomware.

Use SIEM and EDR Together to Improve Defenses and Save Money

Cybersecurity

Use SIEM and EDR Together to Improve Defenses and Save Money

Our white paper explores the complementary and interdependent uses of SIEM, SOAR, and EDR technologies. By using these tools in conjunction with clearly defined roles, security operations teams can reduce costs, improve security, and assist human intelligence in a repeatable, reliable way.

Delayed Detections in MITRE ATT&CK: What Do They Mean for a Business?

MITRE ATT&CK Framework

Delayed Detections in MITRE ATT&CK: What Do They Mean for a Business?

During the recent MITRE evaluations, it became apparent that many security vendors, while able to detect threats, were doing so well after the fact. It's important to consider what these delayed detections would mean for a SOC experiencing a real breach.

New Ursnif Variant Comes with Enhanced Information Stealing Features

Research

New Ursnif Variant Comes with Enhanced Information Stealing Features

The Cybereason research team observed a new campaign involving Ursnif in the beginning of 2019 attacking users in Japan across multiple customer environments. This Ursnif variant has enhanced stealing modules focused on taking data from mail clients and email credentials stored in browsers.

New Ursnif Variant Targets Japan Packed with New Features

Trojan

New Ursnif Variant Targets Japan Packed with New Features

In this research we dissect a recent campaign that uses language checks and steganography to evade detection. The new variant features a stealthy persistence mechanism, revamped information-stealing modules focusing on mail clients and cryptocurrency, and targets Japanese security products.

Defensive Gap Assessment with MITRE ATT&CK

MITRE ATT&CK Framework

Defensive Gap Assessment with MITRE ATT&CK

Our white paper shares five essential stages you should be following to implement a closed-loop, tactical security effort with MITRE ATT&CK. Combining techniques, tactics, and procedures with adversary emulation plans, this white paper gives you background to build an effective, iterative defense.

MITRE ATT&CK Evaluations Prove Cybereason Best Enables Defenders to Avoid Material Harm

MITRE ATT&CK Framework

MITRE ATT&CK Evaluations Prove Cybereason Best Enables Defenders to Avoid Material Harm

The Cybereason Defense Platform has been evaluated by MITRE to show how we approach threat detection in the context of the MITRE ATT&CK framework. Check out how we did.

The Newest Variant of the Astaroth Trojan Evades Detection in the Sneakiest Way

Next Generation Antivirus

The Newest Variant of the Astaroth Trojan Evades Detection in the Sneakiest Way

In this overview, we explain one of the most recent and unique campaigns involving the Astaroth trojan. This spam campaign targeted Brazil and was able to infiltrate systems in a unique way - using processes in some security products.

Astaroth Malware Uses Legitimate OS and Antivirus Processes to Steal Passwords and Personal Data

Malware

Astaroth Malware Uses Legitimate OS and Antivirus Processes to Steal Passwords and Personal Data

In this research, we explain one of the most recent and unique campaigns involving the Astaroth trojan. This Trojan and information stealer was recognized in Europe and chiefly affected Brazil through the abuse of native OS processes and the exploitation of security-related products.

What the government shutdown of 2019 meant for our collective cybersecurity

Insights

What the government shutdown of 2019 meant for our collective cybersecurity

After five weeks, the partial U.S. government shutdown of 2019 just came to a close. In its wake comes a pinch of American labor and a delay in federal employees receiving their salaries. Additionally, transportation security and other vital federal services exhibited the strain of the prolonged impasse in Washington, D.C. During this time, cyber readiness emerged as a hot conversation topic for fear of a potentially devastating cyber attack.

AI in cybersecurity: the IDC AI Innovators Report and what it means for security practitioners

Artificial Intelligence

AI in cybersecurity: the IDC AI Innovators Report and what it means for security practitioners

Back in 2017, Cybereason CSO Sam Curry and CTO Yonatan Striem-Amit spoke to a crowded room at the RSA Conference about the hype and hope of AI and Machine Learning. Fast forward a year later, Cybereason was recently named an IDC Innovator in the AI Intelligence-Infused Security Solutions report.

LOLbins and trojans: How the Ramnit Trojan spreads via sLoad in a cyberattack

Phishing

LOLbins and trojans: How the Ramnit Trojan spreads via sLoad in a cyberattack

Cybereason detected an evasive infection technique used to spread a variant of the Ramnit banking Trojan as part of an Italian spam campaign. We investigate this attack, its use of sLoad, and its adoption of LOLbins to minimize discovery.

The Round I MITRE ATT&CK Product Evaluations: A Guide By Security Experts

MITRE ATT&CK Framework

The Round I MITRE ATT&CK Product Evaluations: A Guide By Security Experts

The MITRE ATT&CK framework is a complex solution to a complex problem. Rather than simply scoring vendors on a linear scale, it offers a more profound view of capabilities, applicability, and use-case. This is what you need to know about the way MITRE uses ATT&CK to evaluate security vendors, and how threat hunting factors into the ATT&CK framework.

Pervasive Brazilian financial malware targets bank customers in Latin America and Europe

Research

Pervasive Brazilian financial malware targets bank customers in Latin America and Europe

Cybereason’s Nocturnus team analyzed numerous campaigns related to Brazilian financial malware and found that these programs have become pervasive and infected 60 banks in nearly a dozen countries throughout South America, Spain and Portugal.

How to navigate events that can either make or a break a CISO's career: maturity shift and management briefings

CISO

How to navigate events that can either make or a break a CISO's career: maturity shift and management briefings

Security leaders need to approach management briefings and maturity shifts with a business mindset and show how the security department will help the organization. Remember to omit the technical details. They'll only portray the CISO or CSO as a technologist who isn't ready for the C-suite, said Cybereason CSO Sam Curry.

Irresistible forces must be met with immovable objects

IoT

Irresistible forces must be met with immovable objects

Cybereason and ARM are teaming up to secure IoT devices. Here's how the two companies plan on using threat hunting powered by artificial intelligence to detect attackers that use connected devices as infiltration points to move laterally to networks.

New Betabot campaign under the microscope

New Betabot campaign under the microscope

The Cybereason SOC has detected multiple Betabot infections in customer environments. In this blog, Cybereason researchers study Betabot’s infection chain and self-defense mechanisms using data gathered from customer environments.

Why hacking electronic voting machines isn't the only way to impact an election

Cybersecurity

Why hacking electronic voting machines isn't the only way to impact an election

Cybereason held a tabletop exercise to see how attackers could influence elections and how elected officials would protect the vote.

VAI MALANDRA: A LOOK INTO THE LIFECYCLE OF BRAZILIAN FINANCIAL MALWARE: Part one

VAI MALANDRA: A LOOK INTO THE LIFECYCLE OF BRAZILIAN FINANCIAL MALWARE: Part one

Cybereason's Nocturnus Research team analyzes campaigns targeting the Brazilian financial sector, focusing on infection vectors and the threat actor's toolset and techniques.

Wannamine cryptominer that uses EternalBlue still active

Wannamine cryptominer that uses EternalBlue still active

The Wannamine cryptominer, which uses the EternalBlue exploits, is still active although a patch that fixes these well-known vulnerabilities was released last March. Amit Serper, Cybereason's head of security research, examines this variant and makes the case for patching your systems.

The anatomy of a .NET malware dropper

Cybersecurity

The anatomy of a .NET malware dropper

Attackers don't need sophisticated tools to create effective malware. Basic tools work just fine. Case in point: Cybereason researchers discovered a .NET dropper/crypter. Here's how they reverse engineered it.

Cybereason CISO Interview Series: Protecting all the news that’s fit to print and the peacock network

CISO

Cybereason CISO Interview Series: Protecting all the news that’s fit to print and the peacock network

Mike Higgins, who's served as CSO of The New York Times and CISO of NBC Universal, talks about why nation-states were interested in attacking the paper of record, why media companies were slow to realize the importance of information security and why you don’t have to be a technical expert to pursue a security career.

Stopping the bad guys, part two

Events

Stopping the bad guys, part two

Cybereason is launching our Ai Hunting Tour - a cross-country road show - in just a few short weeks. We’re scheduled to visit 34 cities and more always seem to be added. If you’re a CISO, an analyst, or anything in between - there’s going to be something for everyone.

Your questions answered from the AI Hunting in Action webinar

Artificial Intelligence

Your questions answered from the AI Hunting in Action webinar

From does Cybereason detect fileless malware attacks that use PowerShell to how Cybereason uses artificial intelligences to detect advanced attacks, here are answers to some of the questions we received after our AI Hunting in Action webinar.

ICS Threat Broadens: Nation-State Hackers Are No Longer The Only Game In Town

IoT

ICS Threat Broadens: Nation-State Hackers Are No Longer The Only Game In Town

APT actors and nation states aren't the only adversaries interested in ICS environments. Threat actors who use sophisticated techniques but are also amateurish are now targeting utility providers. That's according to the data from a honeypot Cybereason setup to emulate the power transmission substation of a major electricity provider.

How to navigate events that can either make or a break a CISO's career: large-scale projects and tech replacement

CISO

How to navigate events that can either make or a break a CISO's career: large-scale projects and tech replacement

Large-scale and tech projects require CISOs to be the voice of risk, foster change and demonstrate operational excellence. But even the most talented security leaders can’t excel in all three areas. Sam Curry, Cybereason's CSO, explains how security leaders can pull off these projects without losing their jobs.

Cybereason CISO Interview Series: From protecting the president to securing bitcoin wallets

CISO

Cybereason CISO Interview Series: From protecting the president to securing bitcoin wallets

Tom Pageler protected the president as a Secret Service agent, helped detect fraudulent credit card transactions at Visa and holds three graduate degrees. In this interview he explains how this diverse background prepared him for the job of CSO at blockchain security company BitGo.

From CISO to CISO: Sam Curry answers security executives top leadership questions

CISO

From CISO to CISO: Sam Curry answers security executives top leadership questions

From how security departments can be brought into large projects early on to what are some the biggest career mistakes as CISO can make to what events should security leaders attend, Cybereason CSO Sam Curry fielded several questions on security leadership

How to navigate events that can either make or a break a CISO's career: mergers and acquisitions and audits and penetration testing

CISO

How to navigate events that can either make or a break a CISO's career: mergers and acquisitions and audits and penetration testing

Mergers and acquisitions mean that two companies are making a massive bet on their futures. For CISOs, their futures are also at stake. The joining of two organizations brings security risks that could hurt the merger or impact the revenue of the organizations involved. Cybereason CSO Sam Curry, a veteran of 14 mergers and acquisitions, discusses how security leaders can handle these events in a way that doesn't impact their careers.

Securing Our Democracy: Why Talking Election Meddling During the Trump-Putin Summit is a Detriment to Security

Cybersecurity

Securing Our Democracy: Why Talking Election Meddling During the Trump-Putin Summit is a Detriment to Security

When Trump and Putin discuss cybersecurity at next week's summit, the focus shouldn't be on Russia's meddling with the 2016 presidential election. This would be a wasted opportunity to discuss cyberissues of greater consequence, such as Russian activity against critical infrastructure, writes Ross Rustici, Cybereason's Senior Director for Intelligence Services.

How to navigate events that can either make or a break a CISO's career: management change and a data breach

CISO

How to navigate events that can either make or a break a CISO's career: management change and a data breach

A data breach and a management change can either hurt or help a CISO's career. Cybereason CSO Sam Curry explains how security leaders can navigate both of these events in a way that helps both them and their organizations.

Attackers incriminate a signed Oracle process for DLL hijacking, running Mimikatz

Cybersecurity

Attackers incriminate a signed Oracle process for DLL hijacking, running Mimikatz

With application whitelisting being integrated into an OS’s security stack, attackers need more creative ways to use their tools without getting detected. In this incident observed by Cybereason, DLL hijacking was used to run Mimikatz using a process that was signed and verified by Oracle.

The associated expenses that add to the cost of a ransomware attack

Ransomware

The associated expenses that add to the cost of a ransomware attack

We reviewed a few prominent ransomware attacks to see how much these incidents really cost organizations. While security executives factor in the ransom and the cost of recovering data, there are additional expenses - like business lost due to downtime - that need to be considered.

China increases attacks against US companies as trade war looms

Cybersecurity

China increases attacks against US companies as trade war looms

The looming trade war with the U.S. could have prompted China to resume cyberespionage attacks against U.S. companies, violating a 2015 agreement that banned such campaigns. Does this mean that China has abandoned the deal, or will it once again honor the terms if the trade dispute is settled? We talked to Ross Rustici, Cybereason's Senior Director of Intelligence Services, to get his take.

Cybereason CISO Interview Series: Why security leaders need more than technical skills

CISO

Cybereason CISO Interview Series: Why security leaders need more than technical skills

Mario Duarte, vice president of security at Snowflake Computing, learned the importance of aligning security and the business very early in his career. As a 20-something new to security, he thought his keen technical skills would be enough to help him thrive. Then the dotcom bubble burst.

Now that security leaders have been invited into the boardroom, what do they say?

CISO

Now that security leaders have been invited into the boardroom, what do they say?

SEC guidance around cybersecurity means that security leaders will be talking to their boards and fellow executives more on how to mitigate cyberrisk. But having a seat at the table presents CISOs and CSOs with a new challenge: what do they say to show that they're aligned with the business?

How information security departments can prepare to meet GDPR’s 72-hour breach reporting deadline

Regulations

How information security departments can prepare to meet GDPR’s 72-hour breach reporting deadline

The General Data Protection Regulation’s breach notification mandate is likely to impact an organization’s information security program. Under GDPR, once a breach is discovered, organizations have 72 hours to provide authorities with extensive details on the incident, including what type of data was stolen, who was impacted and what remediation measures are being taken. Here are the technical and procedural steps that companies should take to meet this deadline and avoid GDPR’s substantial fines.

How the Israel Defense Forces' approach to diversity can help ease the security talent crunch

Security Career Development

How the Israel Defense Forces' approach to diversity can help ease the security talent crunch

Unit 8200, an elite division in the Israel Defense Forces, doesn't look for typical backgrounds when recruiting for security positions. Here's what the security industry can learn from this practice and how it can help ease the talent crunch.

Color Revolutions, Broken Promises and Hubris: Why North Korea Cannot Survive Under Orange-Tinted Glasses

Nation-state Attack

Color Revolutions, Broken Promises and Hubris: Why North Korea Cannot Survive Under Orange-Tinted Glasses

The complete eradication of nuclear weapons and ICBMs from North Korea as a precondition for economic relief and other enticements creates an untenable position for Kim Jong-Un. Every step along the path to denuclearization reduces the regime’s ability to compel the U.S. to abide by its end of the bargain while increasing the U.S.’ ability to operate as it sees fit.

How ransomware attacks have changed one year after Wannacry and NotPetya

WannaCry

How ransomware attacks have changed one year after Wannacry and NotPetya

Nearly a year after the NotPetya and Wannacry attacks, ransomware is no longer used in widespread attacks against indiscriminate targets. Instead, attackers are using this malware in more focused, targeted campaigns.

No Win32_Process Needed – Expanding the WMI Lateral Movement Arsenal

No Win32_Process Needed – Expanding the WMI Lateral Movement Arsenal

Cybereason researchers have discovered new lateral movement techniques that abuse WMI. They also created a tool that lets analysts see the potential harm attackers could cause if they used these techniques.

Cybereason Launches Technology Partner Program

Cybereason Launches Technology Partner Program

The Most Dangerous Game: North Korea bets the house

Cybersecurity

The Most Dangerous Game: North Korea bets the house

North Korea's decision to drop the withdrawal of U.S. troops from the Korean peninsula as a precondition to denuclearization changes the paradigm around the upcoming talks. This move increases the chances that the U.S. and North Korea will meet but makes no strategic sense from Kim Jong Un's perspective.

Cybereason named Israel’s most promising startup

Cybersecurity

Cybereason named Israel’s most promising startup

Cybereason was named Israel’s most promising startup by Calcalist, the country's leading financial newspaper.

7 Best Movies About Cybersecurity and Hacking

Cybersecurity

7 Best Movies About Cybersecurity and Hacking

Most films about cybersecurity over-fictionalize or idolize hackers, cyber attacks, and cyber crime. While some of our favorite movies mix action and suspense with the cyber realm, we've chosen to feature a small selection that are both authentic and entertaining.

Attackers use botnets to break into networks faster

Attackers use botnets to break into networks faster

No one likes grunt work, including attackers, who have turned to bots to automatically handle menial tasks like exploiting vulnerabilities. If exploit automation wasn’t enough of a concern for security teams, this technique has grown even more potent with attackers using bots that can automatically exploit vulnerabilities, create backdoors, dump passwords, conduct network reconnaissance, and laterally move in seconds.

Cybereason CISO Interview Series: It’s only information security (but I like it)

Cybersecurity

Cybereason CISO Interview Series: It’s only information security (but I like it)

Sometimes the career path to security and IT leadership doesn’t involve an undergraduate degree in computer science. Sometimes reaching the ranks of CIO and CISO involves an English degree and a desire to play rock-and-roll for a living.

Kim Kowtows: Attempting to build a hub and spoke negotiation while still staying deferential

Nation-state Attack

Kim Kowtows: Attempting to build a hub and spoke negotiation while still staying deferential

Kim Jong-un is seeking to subvert the six-party talks paradigm with a hub-and-spoke model that places North Korea at the center of all negotiations.

ESG Solution Showcase: The Cybereason Endpoint Security Platform

Endpoint Detection and Response

ESG Solution Showcase: The Cybereason Endpoint Security Platform

An ESG report outlines how Cybereason meets the requirements for a next-generation endpoint security platform by delivering protection through NGAV and endpoint detection and response.

Trade war could motivate China to trade hide and bide for attack and retaliate against US companies

Cybersecurity

Trade war could motivate China to trade hide and bide for attack and retaliate against US companies

China has substantially decreased cyberattacks against U.S. companies in recent years. But that doesn't mean the threat has disappeared. China just needs a reason to ramp up attacks. And a trade war could serve as that catalyst.

What are Supply Chain Attacks?

Cybersecurity

What are Supply Chain Attacks?

A supply chain attack aims to damage an organization by targeting less secure elements in its supply network. Exploiting a service provider's supply chain, data supply chain or traditional manufacturer supply chain has been seen in a litany of major data breaches in the past few years.

4 Things to Consider When Assessing NGAV Solutions

Next Generation Antivirus

4 Things to Consider When Assessing NGAV Solutions

Before you purchased a NGAV tool, here are four points to consider.

Negotiations Alter North Korea’s Hacking Threat

Cybersecurity

Negotiations Alter North Korea’s Hacking Threat

The upcoming talks between the U.S., South Korea and North Korea could see the DPRK change its hacking tactics to focus more on espionage campaigns against the U.S. in an attempt to figure out how the Trump administration will approach the potential meeting.

Ransomware: Down but by no means out

Ransomware

Ransomware: Down but by no means out

In this blog, Ross Rustici, Cybereason’s Senior Director for Intelligence Services, debunks a few common ransomware myths, talks about what other threats attackers may use instead and explains why organizations still need to remain vigilant against ransomware.

Fauxpersky: CredStealer malware written in AutoHotKey masquerades as Kaspersky Antivirus, spreading through infecting USB drives

Antivirus

Fauxpersky: CredStealer malware written in AutoHotKey masquerades as Kaspersky Antivirus, spreading through infecting USB drives

Cybereason researchers discovered a credstealer written with AutoHotKey that masquerades as Kaspersky Antivirus and spreads through infected USB drives. We’ve named it Fauxpersky.

$1.2 Billion Crime Spree Ends with Arrests of Carbanak Cybercrime Gang

$1.2 Billion Crime Spree Ends with Arrests of Carbanak Cybercrime Gang

Carbanak's downfall was brought on by what ends up bringing down most organized crime groups: accounting. What remains to be seen is whether this arrest will result in a serious degradation of Carbanak’s capabilities or merely a short term hindrance while the group refocuses its activity.

GDPR's noble intentions could lead to attackers blackmailing enterprises

Regulations

GDPR's noble intentions could lead to attackers blackmailing enterprises

The specter of hefty GDPR fines may motivate attackers to ask breached companies to pay them to keep the incident quiet, allowing organizations to avoid the scrutiny and penalties that the regulation imposes on businesses that expose personal data.

A tale of two destructive attacks

Cybersecurity

A tale of two destructive attacks

Destructive attacks don't have to be sophisticated to cause major damage. While one targeting a petrochemical plant in Saudi Arabia was advanced, it ultimately failed. Meanwhile, NotPetya, a destructive attack that used basic techniques, significantly damaged major companies around the world.

How CISOs should talk to the board about security

How CISOs should talk to the board about security

Many security leaders are now briefing the board of directors on how they’re mitigating risks that the company faces. But how can technically-minded CISOs connect with revenue-focused board members? We talked to various security executives to find out.

Attackers include ransom note in amplified DDoS attacks that use memcached servers

Attackers include ransom note in amplified DDoS attacks that use memcached servers

Cybereason's security team on Thursday discovered that the same memcached servers used in the largest DDoS attack to date are including a ransom note in the payload that they’re serving.

GDPR Questions and Answers

Regulations

GDPR Questions and Answers

From is a ransomware attack considered a data breach under GDPR to how much can a company be fined for violating GDPR, security professionals have several questions on how the regulation impacts them. This blog answers some of them.

Attackers turn to masquerading icons to boost phishing attack’s success

Phishing

Attackers turn to masquerading icons to boost phishing attack’s success

Cybereason has observed thousands of malicious file executions masquerading as a popular programs such as Adobe PDF Reader, MS Word and Chrome.

Olympic Destroyer: Calculated Provocation or an Amateur's best shot?

Olympic Destroyer: Calculated Provocation or an Amateur's best shot?

Olympic Destroyer was designed to cause destruction, and while some systems were impacted, the malware didn’t lead to massive disruptions during the Winter Olympics’ opening ceremonies.

The challenges of detecting compromised public Web servers

Cybersecurity

The challenges of detecting compromised public Web servers

Compromised Web application servers have been a security issue since the dawn of the Internet but many security solutions don't detect this threat.

Cybereason CISO Interview Series: Security’s appeal lies in the challenge

CISO

Cybereason CISO Interview Series: Security’s appeal lies in the challenge

Challenges are what drive Jason Callahan. He pursued a career in cybersecurity over other areas of IT because the field required obtaining extensive knowledge on an assortment of technologies. His latest challenge: developing a cybersecurity program at Illumina, which designs and manufactures machines used for genetic analysis.

How to Mitigate Adobe Flash Player Zero-Day Vulnerability APSA18-01

How to Mitigate Adobe Flash Player Zero-Day Vulnerability APSA18-01

The South Korean Computer Emergency Response Team (KR-CERT) issued a warning Wednesday about a new Adobe Flash Player zero-day spotted in the wild. The security bulletin warns that the attacks target South Korean organizations and involves malicious Microsoft Word documents.

Iran strikes back?

Nation-state Attack

Iran strikes back?

Iran could launch a cyberattack against the U.S. but likely won't unless the situation around the nuclear deal sours.

New lateral movement techniques abuse DCOM technology

New lateral movement techniques abuse DCOM technology

Cybereason researchers discovered new lateral movement methods that abuse the DCOM functionality of Windows applications.

What to Expect from the Biggest Threat Actors During the Winter Olympics

Phishing

What to Expect from the Biggest Threat Actors During the Winter Olympics

Over the last decade, the number and severity of cybersecurity events pertaining to the Olympic Games has steadily increased. Here's what to expect from the major threat actors during next month's Winter Games in South Korea.

Cybereason CISO Interview Series: Peraton’s Phil Mazzocco

Cybersecurity

Cybereason CISO Interview Series: Peraton’s Phil Mazzocco

The career path to security leadership doesn’t have to start with a background in technology, as Peraton CSO Phil Mazzocco, a history major, shows.

What is an Advanced Persistent Threat (APT)?

Advanced Persistent Threat

What is an Advanced Persistent Threat (APT)?

An advanced persistent threat is a stealthy cyberattack in which a person or group gains unauthorized access to a network and remains undetected for an extended period. The term APT was traditionally associated with nation state sponsorship, but over the last few years we’ve seen multiple instances of non-nation state groups conducting large-scale targeted intrusions for specific goals.

Meltdown and Spectre Questions Answered

Cybersecurity

Meltdown and Spectre Questions Answered

Cybereason CTO Yonatan Striem-Amit answers questions on how to mitigate threats posed by Meltdown and Spectre.

What are the Spectre and Meltdown CPU vulnerabilities

Cybersecurity

What are the Spectre and Meltdown CPU vulnerabilities

Cybereason explains what the Spectre and Meltdown bugs mean for endpoint security and offers mitigation measures that users can implement.

8 Steps to Start Threat Hunting

Threat Hunting

8 Steps to Start Threat Hunting

With every vendor offering some type of threat hunting service, security professionals may wonder if hunting can actually benefit a company or if it’s just a fad. But threat hunting isn’t based on flashy technology that will become irrelevant in a few months.

Our Top 6 Security Research Stories of 2017

Cybersecurity

Our Top 6 Security Research Stories of 2017

Goodbye, 2017...and hello 2018! This year was a landmark year for cybersecurity. 2017 brought with it calamity like the biggest security breach ever affecting almost half of all Americans, but it also gave our researchers inspiration (and time) to publish some amazing work.

Endpoint Detection and Response (EDR) 101

Endpoint Detection and Response

Endpoint Detection and Response (EDR) 101

Endpoint detection and response (EDR) platforms are a category of endpoint security tools, built to provide endpoint visibility, and are used to detect and respond to cyber threats.

Cybereason named to AI 100

Artificial Intelligence

Cybereason named to AI 100

Cybereason was only one of six cybersecurity companies to make the AI 100, a ranking of the top 100 artificial intelligence companies in the world.

Breaking the mold: North Korea is unlikely to be behind the WannaCry attack

WannaCry

Breaking the mold: North Korea is unlikely to be behind the WannaCry attack

On December 18, 2017, U.S. Homeland Security Advisor Thomas P. Bossert asked the entire world to trust the U.S. government’s assertion that North Korea was behind May’s WannaCry attack while offering absolutely no evidence to support this attribution. Instead, Bossert, in a Wall Street Journal opinion piece, implies that the U.S. government’s attribution was based on information used by the U.K. government and Microsoft.

Your questions from the Year of the Defender webinar answered

CISO

Your questions from the Year of the Defender webinar answered

From tips on how to help business executives better understand risk acceptance to defining supply chain attacks to insight on how to overcome the security talent shortage, Cybereason CSO Sam Curry fielded several participant questions following our webinar on security trends for 2018.

Cybereason CISO Interview Series: The CISO as a Business Enabler

CISO

Cybereason CISO Interview Series: The CISO as a Business Enabler

Purchasing tools and implementing technology are just part of a security program. For a truly successful program, security leaders need to connect with their C-suite colleagues.

OSX.Pirrit Mac Adware Part III: The DaVinci Code

OSX.Pirrit

OSX.Pirrit Mac Adware Part III: The DaVinci Code

OSX.Pirrit’s code had the potential to carry out much more malicious activities. As a result of the report, some of Pirrit’s servers and a few distribution websites were taken down. But the story doesn’t end there.

What you need to know about PowerShell attacks

Malware

What you need to know about PowerShell attacks

PowerShell is a powerful scripting language that provide unprecedented access to a machine’s inner core, including unrestricted access to Windows APIs

What is Code Red

What is Code Red

North Korea's Newfound Position of Power After Missile Launch

Nation-state Attack

North Korea's Newfound Position of Power After Missile Launch

On November 28, North Korea launched its first ballistic missile in months. North Korea’s increasing operational tempo and brazen activities have positioned them as a legitimate Tier 1 threat.

Five Predictions for Cybersecurity in 2018

Cybersecurity

Five Predictions for Cybersecurity in 2018

So, what does 2018 hold in store for the defenders? Cybereason’s researchers and analysts identified the following as some of the bigger security trends in the new year:

Who watches the watchers? Thoughts about the Uber breach

Data Breaches

Who watches the watchers? Thoughts about the Uber breach

According to Bloomberg, about a year ago hackers stole the personal data of 57 million Uber customers and drivers. After finding out about this breach, Uber leaders not only decided against disclosing it to employees, customers and state and federal regulators but also paid $100,000 to the attackers to keep it a secret.

How new threats curb the effectiveness of antivirus and next-generation antivirus

Endpoint Detection and Response

How new threats curb the effectiveness of antivirus and next-generation antivirus

For several years, protecting endpoints meant using antivirus software. These programs, which are commonly referred to as AV, are designed to detect malicious programs, prevent them from executing and provide security analysts with a way to remove malware.

How boards can take responsibility for cybersecurity

Cybersecurity

How boards can take responsibility for cybersecurity

Cybersecurity has crept its way into earnings calls. Listening to CEOs and CFOs explain to investors how malware like NotPetya cost organizations millions in quarterly revenue is becoming as common as hearing about earnings per share.

A CISO’s biggest concern? Better alignment between security and business

CISO

A CISO’s biggest concern? Better alignment between security and business

The biggest concern for CISOs isn’t necessarily a nation-state attack or a user unknowingly clicking on a link in a phishing email or protecting their company from a new, nasty piece of malware. Instead, the biggest challenge for security leader is figuring out how to get the security department’s priorities aligned with the business' priorities.

What you need to know about WMI attacks

What you need to know about WMI attacks

Windows Management Infrastructure (WMI) is one of an attacker's tool of choice for conducting fileless malware attacks. Distinguishing between legitimate and malicious WMI operations is challenging, but possible.

NotPetya still roils company's finances, costing organizations $1.2 billion in revenue

NotPetya

NotPetya still roils company's finances, costing organizations $1.2 billion in revenue

CEO Soren Skou talked about the growing demand for container shipping while CFO Jakob Stausholm mentioned Maersk’s major capital expenditures for the quarter: the receiving of five new vessels.

Leveraging Excel DDE for lateral movement via DCOM

Leveraging Excel DDE for lateral movement via DCOM

DDE, or Dynamic Data Exchange, is a legacy interprocess communication mechanism that’s been part of some Windows applications since as early as 1987. DDE enables applications to request items made available by other programs, such as cells in a Microsoft Excel spreadsheet, and be notified of any changes within these items.

Night of the Devil: Ransomware or wiper? A look into targeted attacks in Japan using MBR-ONI

Ransomware

Night of the Devil: Ransomware or wiper? A look into targeted attacks in Japan using MBR-ONI

For several months Cybereason has been following the concerning rise of ONI, a family of ransomware involved in targeted attacks against Japanese companies. We suspect that the ONI ransomware was used as a wiper to cover up an elaborate hacking operation.

Abandon ship? Cyberattacks and the shipping industry

Abandon ship? Cyberattacks and the shipping industry

The intentional misdirection of shipping vessels in the Black Sea, the jamming of GPS along South Korea, and the multiple collisions of the United States Seventh Fleet are almost certainly unrelated, but these events do begin to illustrate the possibility of a link.

APTs, the Board, and You

Advanced Persistent Threat

APTs, the Board, and You

There is no easy way to defend against APTs and it is crucial to get the company’s board on your side as you prepare a security plan.

Cybereason researcher discovers vaccine for Bad Rabbit ransomware

Cybereason researcher discovers vaccine for Bad Rabbit ransomware

Cybereason researcher Amit Serper has developed a vaccine to prevent the Bad Rabbit data-encrypting malware from infecting machines.

Cybereason CISO Interview Series: Considering business needs when conducting information security

CISO

Cybereason CISO Interview Series: Considering business needs when conducting information security

Information security can’t stand in the way of business goals. Ultimately, if security professionals can’t keep customers and shareholders happy, the business suffers, said Erika Mata Sánchez, director of information security and CISO, at Grupo Nacional Provincial, or GNP Seguros, one of Mexico’s largest insurance companies.

Why antivirus software is becoming the rootkit you pay for

Advanced Persistent Threat

Why antivirus software is becoming the rootkit you pay for

Cybersecurity products have been proven time and again to be a highly effective means to compromise a network. The very nature of the products makes them excellent RATs, usually with the highest access privileges.

Cybereason CISO Interview Series: Show the risks and how you’re addressing them

CISO

Cybereason CISO Interview Series: Show the risks and how you’re addressing them

Security leaders shouldn’t shy away from using public information on enterprise breaches and hacks to help C-level executives and board members better understand why information security matters.

Endpoint Detection and Response

It’s Time To Add Endpoint Detection and Response Capability to Your Security Portfolio

Cyber attacks are becoming more sophisticated every day, as hackers adopt new, evolving tools and leverage increasingly advanced exploits and tactics. As such, it is important for enterprises to move past the traditional security tools, as firewall and antivirus protection is not sufficient for protecting against advanced threats.

America the Meek: Pranking North Korea and the Dysfunction in U.S. Cyber Command

Nation-state Attack

America the Meek: Pranking North Korea and the Dysfunction in U.S. Cyber Command

On September 30, The Washington Post reported that President Trump signed a presidential directive against North Korea.

DEEP 2017 Highlights and Takeaways

DEEP 2017 Highlights and Takeaways

We’ve done our best to recap the highlights and the energy from the show, including rundowns on talks from Tim Boomer, Laura Louthan, Robert Bigman, Sam Curry, Tarah Wheeler and Steve Wozniak.

Moving Past FUD (Fear, Uncertainty and Doubt)

Advanced Persistent Threat

Moving Past FUD (Fear, Uncertainty and Doubt)

When it comes to CISO and board communications, Fear, Uncertainty and Doubt (FUD) remains overused as a way to create immediate alignment. Fear mongering may work to meet a short-term goal, but in order to prevail over unknown and unpredictable threats, CISOs and security leadeers need to inspire confidence – not panic.

The Long-Term Threats Posed by the Vault 7 Leaks

The Long-Term Threats Posed by the Vault 7 Leaks

Dealing with the challenges posed by the public disclosure of offensive cyber capabilities has become common for security professionals.

NotPetya’s fiscal impact revised: $892.5 million and growing

NotPetya

NotPetya’s fiscal impact revised: $892.5 million and growing

June’s NotPetya attack has cost companies an estimated $892.5 million in lost revenue based on calculations made using figures from quarterly earnings reports and investor notices.

The North Korean sideshow: Why missiles shouldn't be the only security concern

Nation-state Attack

The North Korean sideshow: Why missiles shouldn't be the only security concern

With the leaders of the U.S. and North Korea exchanging threats and personal insults and the escalating global tension around the Democratic People’s Republic of Korea (DPRK) missile tests, the reclusive nation’s cyber program is likely to spin into high gear and include destructive retaliatory strikes.