With 25,000 participants expected to attend, and keynotes from Serena Williams and Megan Rapinoe, the Grace Hopper Celebration brings together women in STEM across the globe, in the first ever virtual edition of the conference.
With 25,000 participants expected to attend, and keynotes from Serena Williams and Megan Rapinoe, the Grace Hopper Celebration brings together women in STEM across the globe, in the first ever virtual edition of the conference.
Cybereason is focusing internal efforts on one of our Company values we call “UbU” which strives to embrace and encourage employees who exemplify our Company's commitment to diversity in all its forms.
In this article, we dive into the recent activity of the Evilnum group and explore its new infection chain and tools.
If you are still using Symantec, you’re most likely tired of the complex workflows, the gaps in detection, and a resource-heavy solution that inhibits workflows and productivity. If so, it’s time to level up to a better solution that’s leading the industry.
With looming 2020 elections across the world over the next few months and a global pandemic underway, on August 20, 2020, Cybereason hosted Operation Blackout 2020, its latest virtual election security tabletop exercise with participants from the FBI, CISA, and other government organizations.
While the ability to allow staff to work remotely when needed gives greater flexibility to corporations, it also comes with cybersecurity risks. Not only can remote workers put their own privacy at risk, but working remotely could result in a breach in the company’s security.
Deepfakes, a rapidly advancing technique for generating very realistic media, has the potential to be very disruptive when misused.
A few months ago, in light of the ongoing pandemic, fears that hacker summer camp would be cancelled were realized. However, festivities still continued for some conferences, albeit in a virtual format.
In pivoting an entire workforce to remote work, employers need to be prepared for the cybersecurity risks involved. To guard against these threats, employers should have a remote work policy that all employees are aware of and comply with.
With the sudden increase in telework, the traditional approach of reacting to cyber threats and security issues only after a breach is discovered is no longer sufficient.
We are still on course for an interesting Black Hat so we thought it would be helpful to highlight some of the sessions we are the most excited for.
During the past few months, many companies have contacted us with various questions and requests about remote security. In our conversations with them, we’ve noticed four key challenges that we wanted to explore.
Cyber attackers seeking to take advantage of the influx of employees working from home will increase phishing attacks and start attacking online services that are being used more than usual.
Are you feeling cooped up after months of social distancing? Suffering from video conferencing meeting fatigue? Do you need to reawaken your curious analyst? Come capture flags and win prizes with Cybereason!
With the recent surge of employees working from home, the use of a VPN tool has become an important topic within many companies.
Cybereason is the only EPP vendor that gives you full control of your data and protects your data wherever it is.
In this analysis, our Nocturnus research team shows how the Bazar malware is sent via phishing emails that take advantage of the ongoing coronavirus pandemic, employee payroll reports, and customer complaints.
We are proud to announce the Cybereason Defense Platform has attained the AV Comparatives “Business Security” product certification!
Security teams that have accepted the post-breach mindset focus on reducing risk as much as possible through visibility and automation, instead of searching for a one-size-fits-all solution.
Over the past year, we have seen many different types of ransomware attacks evolving, especially evolving into multistage ransomware that not only ransoms data, but also exfiltrates as much data as possible. This blog explores three of the most common modern ransomware attacks we are seeing today.
The Cybereason Nocturnus team is investigating a new campaign involving FakeSpy, an Android mobile malware used to steal SMS messages, send SMS messages, steal financial data, read account information and contact lists, steal application data, and do much more.
Whenever there’s a decline in ransomware cases, or other more popular threats seem to be on the rise, new innovative techniques and even offerings seem to emerge.
Ransomware attacks are an efficient and effective weapon for criminals who want to harm any business through crucial data loss, damaged productivity, and injured brand reputation.
Next-generation antivirus combines traditional antivirus with behavioral-based prevention to find prevent more evasive threats than legacy antivirus alone.
With Cybereason, customers are able to protect themselves from cyber threats that are both known and unknown, minimize their overall security risks, all while reducing their overall security costs by $4.2M and attaining a ROI of 308% over three years!
UbU (“you be you”) is the value that sits front and center at Cybereason. Acceptance of every person is at the heart of who we are as a company.
Earlier this year, Cybereason launched its latest honeypot to analyze the tactics, techniques, and procedures used by state-sponsored groups and cyber crime actors to target critical infrastructure providers.
In this article I describe a security strategy that helped my organization avoid this scenario by simply ignoring the perimeter, making us indifferent to the location our employees are working from.
Though AEPs are especially important when testing and building a strong defense, they are often overlooked for TTPs by security practitioners versed in the “trench warfare” of day-to-day security operations.
One could argue that, if you can detect all the TTPs in ATT&CK, you should also be able to defend against all of the adversaries in ATT&CK. While technically true, many TTPs are not inherently malicious.
The Valak Malware is a sophisticated malware that can steal enterprise mailing information and passwords along with the enterprise certificate. This has the potential to access critical enterprise accounts, causing damage to organizations, brand degradation, and ultimately a loss of consumer trust.
Proactive defense is about predicting, understanding, and preventing as many moves as possible that an attacker could make against you. You have to stay a step ahead of the enemy and lure them into a trap of your own.
IOCs are valuable when preventing known malware, but over 350,000 new strains of malware are detected every day, and fileless malware attacks are on the rise. IOCs are no longer an innovative or sufficient standalone method for defense.
Among endpoint solutions, there’s a staggeringly clear distinction between solutions that are cloud-native and those whose cloud capabilities are either non-existent or partial at best.
Since the acquisition of Symantec in September, Cybereason has received a flood of requests from concerned customers interested in making the switch to Cybereason.
MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (MITRE ATT&CK) is a model and knowledge base of adversary behavior that has become a staple of the endpoint security space.
At Cybereason, we want to assure our customers and prospects that we support various on-premise deployment options to address their entire endpoint protection security needs.
It might be appealing to have a clear-cut, black-and-white measure for when to talk or when to shut down talks; but the nuances of when it makes sense to enter into negotiations and when it makes sense to pay ransoms for hostages or not is not as straightforward as a five-word policy.
In this blog, I'll be exploring the traditional approaches to protecting and managing both endpoint and mobile devices and identify how both approaches have evolved.
Ultimately, the goal of MITRE ATT&CK and other product evaluations is to identify which products can best contain attacks and provide you with actionable threat detection to reduce overall Mean Time To Respond.
The Cybereason Nocturnus team is investigating EventBot, a new type of Android mobile malware. EventBot abuses accessibility features to steal user data from financial applications, read user SMS messages, and steal SMS messages to allow the malware to bypass two-factor authentication.
In security data analysis, hunting and AI-driven automated detection, the quality of your results depends heavily on the quality of your data. In this blog, I’d like to discuss a few strategies for handling the data and the advantages and disadvantages of each approach.
Today, we take another step towards our vision to protect it all by releasing a new offering to defend mobile devices: Cybereason Mobile.
Today, we are happy to announce that the Cybereason Defense Platform has been evaluated by MITRE ATT&CK to illustrate how we approach threat detection in the context of the MITRE ATT&CK framework.
Get a refresher on the MITRE ATT&CK APT29 Evaluations.
I have been actively counseling CEOs on how best to secure business continuity during this difficult time, and wanted to make those recommendations available to everyone.
At Cybereason, we are finding different ways to stay healthy during the COVID-19 pandemic. In conversations across the team, we realized we have the basis for an awesome recommended reading list we can share with the community.
“56% of breaches took months or longer to discover." Unfortunately, this is not earth shattering news. The current state of time to detect and respond being unacceptable across the industry, regardless of who you ask.
'Responding to the unknown is part of our DNA.' Read more of a Q&A with Lior Div on how Cybereason responded to the COVID-19 pandemic.
Executive teams from Sprint and Cybereason recently sponsored an on-stage chat between Sam Curry, CISO of Cybereason and Ed Amoroso, CEO of TAG Cyber. The ground rules were simple: Our experts were to openly address serious issues in cyber security with no holding-back – and they certainly did not disappoint.
When trying to address the question “Is my SOC as effective as possible?”, one of the most challenging components you will face is staffing. In this blog, I'll be covering how to answer some of the more difficult questions when it comes to building a SOC.
In this blog, you'll find perspectives from several of our experts with experience in managing crises across security and business functions.
While it is important to stay vigilant, wash our hands, and maintain social distancing policies, it is also important that we talk about another kind of hygiene, (and I know this sounds corny): our cyber hygiene.
Cybereason Remote Workforce Protection is built to help organizations secure their new, evolving-everywhere office, and to ease the burden on IT and security teams.
With more and more employees encouraged to isolate and stay in their homes, a big question on every CEO’s mind is how to ensure her business is able to continue to function when all employees are remote.
Cybereason is proud to announce the Cybereason Defense Platform has achieved the ‘AA’ product rating in NSS Labs, Inc 2020 Advanced Endpoint Protection (AEP) testing.
A disturbing polemic is emerging against the background noise of coronavirus reports from around the world: the cause of the problem is the other, the foreign.
We are excited to announce that Cybereason has been named a strong performer, with the highest score in the “current offering” category amongst 11 other vendors in The Forrester Wave™: Endpoint Detection & Response Q1 2020.
Cybereason Remote Workforce Protection combines Cybereason NGAV multi-layered prevention, EDR analysis and response, with Cybereason MDR to manage it all for you, and remote incident response services across workstations, laptops, and mobile devices.
Cybereason’s Nocturnus team is continuing to observe hundreds of phishing attacks that use coronavirus-themed files and domains to distribute malware and infect victims all over the world.
As an organization, our top priority continues to be providing a seamless defense for all of our customers, especially in these difficult times. As attackers take advantage of the ongoing crisis, this becomes more important than ever.
This blog is a summary of the research and perspective of Cybereason CSO Sam Curry and Dr. Alon Kaufman of Duality on AI and Privacy titled: Ghost in the Machine, reconciling AI and Trust in the Connected World.
Cybereason Nocturnus is investigating a campaign where attackers are trojanizing multiple hacking tools with njRat, a well known RAT. Once the files are downloaded and opened, the attackers are able to completely take over the victim’s machine.
This blog demonstrates how to use a subgroup of the CI API. This lets us validate Authenticode signatures in Kernel mode without implementing it ourselves.
Cybereason's Nocturnus team has been tracking recent espionage campaigns specifically directed at entities and individuals in the Palestinian territories.
Cybereason's Nocturnus team has been tracking recent espionage campaigns specifically directed at entities and individuals in the Palestinian territories.
Cybereason is following an active campaign to deliver seven different types of malware that are able to steal data, mine for cryptocurrency, and deliver ransomware to victims all over the world.
The malware previously described by DHS as the most destructive ever is surging yet again. Why is Emotet so popular and who is it targeting now?
To close out the year and celebrate seventy episodes of Malicious Life, we’re listing the best cybersecurity podcast episodes we’ve released in 2019.
We are three days into 2020, and the world is already on high alert. Yesterday evening, the US government killed prominent Maj. Gen. Qasem Soleimani in an overnight airstrike at the Baghdad airport.
The data is telling us that it’s time to secure mobile, and yet our understanding of these threats is severely lacking.
As we enter the New Year, we need to keep in mind how nation state evolution, new targets, and security vendor stagnation will serve as motivation for hackers.
A new malware discovered in October called Anchor is being used to target financial, manufacturing, and retail businesses across North America and Europe. The threat actor has been leveraging Anchor and TrickBot together to infect, explore, and exploit high-value targets that implement point of sale systems.
Cybereason Nocturnus detected a series of targeted attacks against high-profile targets that uses a new variant of Anchor_DNS and a new malware dubbed Anchor.
Cybereason’s Nocturnus team is tracking a new keylogger gaining traction among cybercriminals called Phoenix. Read about it and its reception in the underground here.
Security teams at universities face a difficult task: how to reconcile full cybersecurity protection with an open IT environment.
Since April 2019, the Cybereason Nocturnus team has investigated infections of the Raccoon stealer in the wild across organizations. Read about it here.
In order to address the evolving threat landscape, the security industry has turned to more comprehensive endpoint protection platforms. What are they?
The endpoint security market is in the midst of a consolidation of EDR and EPP. How did we get here? Read on to find out.
Unlike attacks carried out using traditional malware, fileless malware attacks don’t entail attackers installing software on a victim’s machine. Instead, tools that are built-in to Windows are hijacked by adversaries and used to carry out attacks. Essentially, Windows is turned against itself.
In Q1 2018, fileless attacks were up 94%. Learn about what fileless malware is with common examples from the Cybereason Nocturnus team's research.
The Nocturnus team has identified variants of Glupteba that made use of an extensive arsenal, including LOLBins and a cryptocurrency miner.
In April 2019, the Cybereason Nocturnus team analyzed a new type of evasive ransomware dubbed Sodinokibi.
We take a closer look at the Spelevo exploit, its infection method, and the new direction attackers are taking the Shade ransomware to make money while avoiding publicity.
Attackers are turning even the most common activities into a possible threat. Read about the latest example of this trend here.
In 2018, the Cybereason Nocturnus team identified an advanced, persistent attack targeting global telecommunications providers.
We have found an active malware that uses LOLBins and delivers customized payloads called Adobe Worm Faker.
There’s an active, ongoing campaign exploiting a widespread vulnerability in linux email servers. Read about the attack first here.
In this research, we outline how to enable the execution of 64-bit shellcode via Excel 4.0 macros and previous research on 32-bit shellcode.
Ransomware is not a new form of attack, but GandCrab has upgraded it to be more dynamic and harder to resolve.
In this research, we introduce a meticulously planned, malicious operation against a financial institution in April of 2019 by TA505.
Many find the process of threat hunting to be too demanding. What are you supposed to hunt? Where do you even begin?
The Cybereason team has identified a malware campaign that combines Emotet, TrickBot, and Ryuk to steal and ransom data.
The Cybereason team has uncovered a severe threat that adapts Emotet to drop TrickBot, and adapts TrickBot to not only steal data but also download the Ryuk ransomware.
Our white paper explores the complementary and interdependent uses of SIEM, SOAR, and EDR technologies. By using these tools in conjunction with clearly defined roles, security operations teams can reduce costs, improve security, and assist human intelligence in a repeatable, reliable way.
During the recent MITRE evaluations, it became apparent that many security vendors, while able to detect threats, were doing so well after the fact. It's important to consider what these delayed detections would mean for a SOC experiencing a real breach.
The Cybereason research team observed a new campaign involving Ursnif in the beginning of 2019 attacking users in Japan across multiple customer environments. This Ursnif variant has enhanced stealing modules focused on taking data from mail clients and email credentials stored in browsers.
In this research we dissect a recent campaign that uses language checks and steganography to evade detection. The new variant features a stealthy persistence mechanism, revamped information-stealing modules focusing on mail clients and cryptocurrency, and targets Japanese security products.
Our white paper shares five essential stages you should be following to implement a closed-loop, tactical security effort with MITRE ATT&CK. Combining techniques, tactics, and procedures with adversary emulation plans, this white paper gives you background to build an effective, iterative defense.
The Cybereason Defense Platform has been evaluated by MITRE to show how we approach threat detection in the context of the MITRE ATT&CK framework. Check out how we did.
In this overview, we explain one of the most recent and unique campaigns involving the Astaroth trojan. This spam campaign targeted Brazil and was able to infiltrate systems in a unique way - using processes in some security products.
In this research, we explain one of the most recent and unique campaigns involving the Astaroth trojan. This Trojan and information stealer was recognized in Europe and chiefly affected Brazil through the abuse of native OS processes and the exploitation of security-related products.
After five weeks, the partial U.S. government shutdown of 2019 just came to a close. In its wake comes a pinch of American labor and a delay in federal employees receiving their salaries. Additionally, transportation security and other vital federal services exhibited the strain of the prolonged impasse in Washington, D.C. During this time, cyber readiness emerged as a hot conversation topic for fear of a potentially devastating cyber attack.
Back in 2017, Cybereason CSO Sam Curry and CTO Yonatan Striem-Amit spoke to a crowded room at the RSA Conference about the hype and hope of AI and Machine Learning. Fast forward a year later, Cybereason was recently named an IDC Innovator in the AI Intelligence-Infused Security Solutions report.
Cybereason detected an evasive infection technique used to spread a variant of the Ramnit banking Trojan as part of an Italian spam campaign. We investigate this attack, its use of sLoad, and its adoption of LOLbins to minimize discovery.
The MITRE ATT&CK framework is a complex solution to a complex problem. Rather than simply scoring vendors on a linear scale, it offers a more profound view of capabilities, applicability, and use-case. This is what you need to know about the way MITRE uses ATT&CK to evaluate security vendors, and how threat hunting factors into the ATT&CK framework.
Cybereason’s Nocturnus team analyzed numerous campaigns related to Brazilian financial malware and found that these programs have become pervasive and infected 60 banks in nearly a dozen countries throughout South America, Spain and Portugal.
Security leaders need to approach management briefings and maturity shifts with a business mindset and show how the security department will help the organization. Remember to omit the technical details. They'll only portray the CISO or CSO as a technologist who isn't ready for the C-suite, said Cybereason CSO Sam Curry.
Cybereason and ARM are teaming up to secure IoT devices. Here's how the two companies plan on using threat hunting powered by artificial intelligence to detect attackers that use connected devices as infiltration points to move laterally to networks.
The Cybereason SOC has detected multiple Betabot infections in customer environments. In this blog, Cybereason researchers study Betabot’s infection chain and self-defense mechanisms using data gathered from customer environments.
Cybereason held a tabletop exercise to see how attackers could influence elections and how elected officials would protect the vote.
Cybereason's Nocturnus Research team analyzes campaigns targeting the Brazilian financial sector, focusing on infection vectors and the threat actor's toolset and techniques.
The Wannamine cryptominer, which uses the EternalBlue exploits, is still active although a patch that fixes these well-known vulnerabilities was released last March. Amit Serper, Cybereason's head of security research, examines this variant and makes the case for patching your systems.
Attackers don't need sophisticated tools to create effective malware. Basic tools work just fine. Case in point: Cybereason researchers discovered a .NET dropper/crypter. Here's how they reverse engineered it.
Mike Higgins, who's served as CSO of The New York Times and CISO of NBC Universal, talks about why nation-states were interested in attacking the paper of record, why media companies were slow to realize the importance of information security and why you don’t have to be a technical expert to pursue a security career.
Cybereason is launching our Ai Hunting Tour - a cross-country road show - in just a few short weeks. We’re scheduled to visit 34 cities and more always seem to be added. If you’re a CISO, an analyst, or anything in between - there’s going to be something for everyone.
From does Cybereason detect fileless malware attacks that use PowerShell to how Cybereason uses artificial intelligences to detect advanced attacks, here are answers to some of the questions we received after our AI Hunting in Action webinar.
APT actors and nation states aren't the only adversaries interested in ICS environments. Threat actors who use sophisticated techniques but are also amateurish are now targeting utility providers. That's according to the data from a honeypot Cybereason setup to emulate the power transmission substation of a major electricity provider.
Large-scale and tech projects require CISOs to be the voice of risk, foster change and demonstrate operational excellence. But even the most talented security leaders can’t excel in all three areas. Sam Curry, Cybereason's CSO, explains how security leaders can pull off these projects without losing their jobs.
Tom Pageler protected the president as a Secret Service agent, helped detect fraudulent credit card transactions at Visa and holds three graduate degrees. In this interview he explains how this diverse background prepared him for the job of CSO at blockchain security company BitGo.
From how security departments can be brought into large projects early on to what are some the biggest career mistakes as CISO can make to what events should security leaders attend, Cybereason CSO Sam Curry fielded several questions on security leadership
Mergers and acquisitions mean that two companies are making a massive bet on their futures. For CISOs, their futures are also at stake. The joining of two organizations brings security risks that could hurt the merger or impact the revenue of the organizations involved. Cybereason CSO Sam Curry, a veteran of 14 mergers and acquisitions, discusses how security leaders can handle these events in a way that doesn't impact their careers.
When Trump and Putin discuss cybersecurity at next week's summit, the focus shouldn't be on Russia's meddling with the 2016 presidential election. This would be a wasted opportunity to discuss cyberissues of greater consequence, such as Russian activity against critical infrastructure, writes Ross Rustici, Cybereason's Senior Director for Intelligence Services.
A data breach and a management change can either hurt or help a CISO's career. Cybereason CSO Sam Curry explains how security leaders can navigate both of these events in a way that helps both them and their organizations.
With application whitelisting being integrated into an OS’s security stack, attackers need more creative ways to use their tools without getting detected. In this incident observed by Cybereason, DLL hijacking was used to run Mimikatz using a process that was signed and verified by Oracle.
We reviewed a few prominent ransomware attacks to see how much these incidents really cost organizations. While security executives factor in the ransom and the cost of recovering data, there are additional expenses - like business lost due to downtime - that need to be considered.
The looming trade war with the U.S. could have prompted China to resume cyberespionage attacks against U.S. companies, violating a 2015 agreement that banned such campaigns. Does this mean that China has abandoned the deal, or will it once again honor the terms if the trade dispute is settled? We talked to Ross Rustici, Cybereason's Senior Director of Intelligence Services, to get his take.
Mario Duarte, vice president of security at Snowflake Computing, learned the importance of aligning security and the business very early in his career. As a 20-something new to security, he thought his keen technical skills would be enough to help him thrive. Then the dotcom bubble burst.
SEC guidance around cybersecurity means that security leaders will be talking to their boards and fellow executives more on how to mitigate cyberrisk. But having a seat at the table presents CISOs and CSOs with a new challenge: what do they say to show that they're aligned with the business?
The General Data Protection Regulation’s breach notification mandate is likely to impact an organization’s information security program. Under GDPR, once a breach is discovered, organizations have 72 hours to provide authorities with extensive details on the incident, including what type of data was stolen, who was impacted and what remediation measures are being taken. Here are the technical and procedural steps that companies should take to meet this deadline and avoid GDPR’s substantial fines.
Unit 8200, an elite division in the Israel Defense Forces, doesn't look for typical backgrounds when recruiting for security positions. Here's what the security industry can learn from this practice and how it can help ease the talent crunch.
The complete eradication of nuclear weapons and ICBMs from North Korea as a precondition for economic relief and other enticements creates an untenable position for Kim Jong-Un. Every step along the path to denuclearization reduces the regime’s ability to compel the U.S. to abide by its end of the bargain while increasing the U.S.’ ability to operate as it sees fit.
Nearly a year after the NotPetya and Wannacry attacks, ransomware is no longer used in widespread attacks against indiscriminate targets. Instead, attackers are using this malware in more focused, targeted campaigns.
Cybereason researchers have discovered new lateral movement techniques that abuse WMI. They also created a tool that lets analysts see the potential harm attackers could cause if they used these techniques.
North Korea's decision to drop the withdrawal of U.S. troops from the Korean peninsula as a precondition to denuclearization changes the paradigm around the upcoming talks. This move increases the chances that the U.S. and North Korea will meet but makes no strategic sense from Kim Jong Un's perspective.
Cybereason was named Israel’s most promising startup by Calcalist, the country's leading financial newspaper.
Most films about cybersecurity over-fictionalize or idolize hackers, cyber attacks, and cyber crime. While some of our favorite movies mix action and suspense with the cyber realm, we've chosen to feature a small selection that are both authentic and entertaining.
No one likes grunt work, including attackers, who have turned to bots to automatically handle menial tasks like exploiting vulnerabilities. If exploit automation wasn’t enough of a concern for security teams, this technique has grown even more potent with attackers using bots that can automatically exploit vulnerabilities, create backdoors, dump passwords, conduct network reconnaissance, and laterally move in seconds.
Sometimes the career path to security and IT leadership doesn’t involve an undergraduate degree in computer science. Sometimes reaching the ranks of CIO and CISO involves an English degree and a desire to play rock-and-roll for a living.
Kim Jong-un is seeking to subvert the six-party talks paradigm with a hub-and-spoke model that places North Korea at the center of all negotiations.
An ESG report outlines how Cybereason meets the requirements for a next-generation endpoint security platform by delivering protection through NGAV and endpoint detection and response.
China has substantially decreased cyberattacks against U.S. companies in recent years. But that doesn't mean the threat has disappeared. China just needs a reason to ramp up attacks. And a trade war could serve as that catalyst.
A supply chain attack aims to damage an organization by targeting less secure elements in its supply network. Exploiting a service provider's supply chain, data supply chain or traditional manufacturer supply chain has been seen in a litany of major data breaches in the past few years.
Before you purchased a NGAV tool, here are four points to consider.
The upcoming talks between the U.S., South Korea and North Korea could see the DPRK change its hacking tactics to focus more on espionage campaigns against the U.S. in an attempt to figure out how the Trump administration will approach the potential meeting.
In this blog, Ross Rustici, Cybereason’s Senior Director for Intelligence Services, debunks a few common ransomware myths, talks about what other threats attackers may use instead and explains why organizations still need to remain vigilant against ransomware.
Cybereason researchers discovered a credstealer written with AutoHotKey that masquerades as Kaspersky Antivirus and spreads through infected USB drives. We’ve named it Fauxpersky.
Carbanak's downfall was brought on by what ends up bringing down most organized crime groups: accounting. What remains to be seen is whether this arrest will result in a serious degradation of Carbanak’s capabilities or merely a short term hindrance while the group refocuses its activity.
The specter of hefty GDPR fines may motivate attackers to ask breached companies to pay them to keep the incident quiet, allowing organizations to avoid the scrutiny and penalties that the regulation imposes on businesses that expose personal data.
Destructive attacks don't have to be sophisticated to cause major damage. While one targeting a petrochemical plant in Saudi Arabia was advanced, it ultimately failed. Meanwhile, NotPetya, a destructive attack that used basic techniques, significantly damaged major companies around the world.
Many security leaders are now briefing the board of directors on how they’re mitigating risks that the company faces. But how can technically-minded CISOs connect with revenue-focused board members? We talked to various security executives to find out.
Cybereason's security team on Thursday discovered that the same memcached servers used in the largest DDoS attack to date are including a ransom note in the payload that they’re serving.
From is a ransomware attack considered a data breach under GDPR to how much can a company be fined for violating GDPR, security professionals have several questions on how the regulation impacts them. This blog answers some of them.
Cybereason has observed thousands of malicious file executions masquerading as a popular programs such as Adobe PDF Reader, MS Word and Chrome.
Olympic Destroyer was designed to cause destruction, and while some systems were impacted, the malware didn’t lead to massive disruptions during the Winter Olympics’ opening ceremonies.
Compromised Web application servers have been a security issue since the dawn of the Internet but many security solutions don't detect this threat.
Challenges are what drive Jason Callahan. He pursued a career in cybersecurity over other areas of IT because the field required obtaining extensive knowledge on an assortment of technologies. His latest challenge: developing a cybersecurity program at Illumina, which designs and manufactures machines used for genetic analysis.
The South Korean Computer Emergency Response Team (KR-CERT) issued a warning Wednesday about a new Adobe Flash Player zero-day spotted in the wild. The security bulletin warns that the attacks target South Korean organizations and involves malicious Microsoft Word documents.
Iran could launch a cyberattack against the U.S. but likely won't unless the situation around the nuclear deal sours.
Cybereason researchers discovered new lateral movement methods that abuse the DCOM functionality of Windows applications.
Over the last decade, the number and severity of cybersecurity events pertaining to the Olympic Games has steadily increased. Here's what to expect from the major threat actors during next month's Winter Games in South Korea.
The career path to security leadership doesn’t have to start with a background in technology, as Peraton CSO Phil Mazzocco, a history major, shows.
An advanced persistent threat is a stealthy cyberattack in which a person or group gains unauthorized access to a network and remains undetected for an extended period. The term APT was traditionally associated with nation state sponsorship, but over the last few years we’ve seen multiple instances of non-nation state groups conducting large-scale targeted intrusions for specific goals.
Cybereason CTO Yonatan Striem-Amit answers questions on how to mitigate threats posed by Meltdown and Spectre.
Cybereason explains what the Spectre and Meltdown bugs mean for endpoint security and offers mitigation measures that users can implement.
With every vendor offering some type of threat hunting service, security professionals may wonder if hunting can actually benefit a company or if it’s just a fad. But threat hunting isn’t based on flashy technology that will become irrelevant in a few months.
Goodbye, 2017...and hello 2018! This year was a landmark year for cybersecurity. 2017 brought with it calamity like the biggest security breach ever affecting almost half of all Americans, but it also gave our researchers inspiration (and time) to publish some amazing work.
Endpoint detection and response (EDR) platforms are a category of endpoint security tools, built to provide endpoint visibility, and are used to detect and respond to cyber threats.
Cybereason was only one of six cybersecurity companies to make the AI 100, a ranking of the top 100 artificial intelligence companies in the world.
On December 18, 2017, U.S. Homeland Security Advisor Thomas P. Bossert asked the entire world to trust the U.S. government’s assertion that North Korea was behind May’s WannaCry attack while offering absolutely no evidence to support this attribution. Instead, Bossert, in a Wall Street Journal opinion piece, implies that the U.S. government’s attribution was based on information used by the U.K. government and Microsoft.
From tips on how to help business executives better understand risk acceptance to defining supply chain attacks to insight on how to overcome the security talent shortage, Cybereason CSO Sam Curry fielded several participant questions following our webinar on security trends for 2018.
Purchasing tools and implementing technology are just part of a security program. For a truly successful program, security leaders need to connect with their C-suite colleagues.
OSX.Pirrit’s code had the potential to carry out much more malicious activities. As a result of the report, some of Pirrit’s servers and a few distribution websites were taken down. But the story doesn’t end there.
PowerShell is a powerful scripting language that provide unprecedented access to a machine’s inner core, including unrestricted access to Windows APIs
On November 28, North Korea launched its first ballistic missile in months. North Korea’s increasing operational tempo and brazen activities have positioned them as a legitimate Tier 1 threat.
So, what does 2018 hold in store for the defenders? Cybereason’s researchers and analysts identified the following as some of the bigger security trends in the new year:
According to Bloomberg, about a year ago hackers stole the personal data of 57 million Uber customers and drivers. After finding out about this breach, Uber leaders not only decided against disclosing it to employees, customers and state and federal regulators but also paid $100,000 to the attackers to keep it a secret.
For several years, protecting endpoints meant using antivirus software. These programs, which are commonly referred to as AV, are designed to detect malicious programs, prevent them from executing and provide security analysts with a way to remove malware.
Cybersecurity has crept its way into earnings calls. Listening to CEOs and CFOs explain to investors how malware like NotPetya cost organizations millions in quarterly revenue is becoming as common as hearing about earnings per share.
The biggest concern for CISOs isn’t necessarily a nation-state attack or a user unknowingly clicking on a link in a phishing email or protecting their company from a new, nasty piece of malware. Instead, the biggest challenge for security leader is figuring out how to get the security department’s priorities aligned with the business' priorities.
Windows Management Infrastructure (WMI) is one of an attacker's tool of choice for conducting fileless malware attacks. Distinguishing between legitimate and malicious WMI operations is challenging, but possible.
CEO Soren Skou talked about the growing demand for container shipping while CFO Jakob Stausholm mentioned Maersk’s major capital expenditures for the quarter: the receiving of five new vessels.
DDE, or Dynamic Data Exchange, is a legacy interprocess communication mechanism that’s been part of some Windows applications since as early as 1987. DDE enables applications to request items made available by other programs, such as cells in a Microsoft Excel spreadsheet, and be notified of any changes within these items.
For several months Cybereason has been following the concerning rise of ONI, a family of ransomware involved in targeted attacks against Japanese companies. We suspect that the ONI ransomware was used as a wiper to cover up an elaborate hacking operation.
The intentional misdirection of shipping vessels in the Black Sea, the jamming of GPS along South Korea, and the multiple collisions of the United States Seventh Fleet are almost certainly unrelated, but these events do begin to illustrate the possibility of a link.
There is no easy way to defend against APTs and it is crucial to get the company’s board on your side as you prepare a security plan.
Cybereason researcher Amit Serper has developed a vaccine to prevent the Bad Rabbit data-encrypting malware from infecting machines.
Information security can’t stand in the way of business goals. Ultimately, if security professionals can’t keep customers and shareholders happy, the business suffers, said Erika Mata Sánchez, director of information security and CISO, at Grupo Nacional Provincial, or GNP Seguros, one of Mexico’s largest insurance companies.
Cybersecurity products have been proven time and again to be a highly effective means to compromise a network. The very nature of the products makes them excellent RATs, usually with the highest access privileges.
Security leaders shouldn’t shy away from using public information on enterprise breaches and hacks to help C-level executives and board members better understand why information security matters.
Cyber attacks are becoming more sophisticated every day, as hackers adopt new, evolving tools and leverage increasingly advanced exploits and tactics. As such, it is important for enterprises to move past the traditional security tools, as firewall and antivirus protection is not sufficient for protecting against advanced threats.
On September 30, The Washington Post reported that President Trump signed a presidential directive against North Korea.
We’ve done our best to recap the highlights and the energy from the show, including rundowns on talks from Tim Boomer, Laura Louthan, Robert Bigman, Sam Curry, Tarah Wheeler and Steve Wozniak.
When it comes to CISO and board communications, Fear, Uncertainty and Doubt (FUD) remains overused as a way to create immediate alignment. Fear mongering may work to meet a short-term goal, but in order to prevail over unknown and unpredictable threats, CISOs and security leadeers need to inspire confidence – not panic.
Dealing with the challenges posed by the public disclosure of offensive cyber capabilities has become common for security professionals.
June’s NotPetya attack has cost companies an estimated $892.5 million in lost revenue based on calculations made using figures from quarterly earnings reports and investor notices.
With the leaders of the U.S. and North Korea exchanging threats and personal insults and the escalating global tension around the Democratic People’s Republic of Korea (DPRK) missile tests, the reclusive nation’s cyber program is likely to spin into high gear and include destructive retaliatory strikes.