Resources

Find more information about solutions and services, our technology and research insights, webinars and other resources on a wide array of subject matter.

Ransomware: The True Cost to Business [eBook] Guide

A resource for understanding and preventing modern ransomware attacks, data on loss of revenue and recovery costs, and risks to brand and reputation.

REvil Pick Your Path | Interactive Webinar Webinar

Cybereason is hosting a tabletop exercise where we will walk your organization through the steps and effects of the REVIL ransomware attack as if it were on your infrastructure. Learn how these attacks can be identified, mitigated, and stopped in our Pick your Path Webinar.

CISO Roundtable: Ransomware Attacks and the True Cost to Business Webinar

This live webinar version of the CISO Stories Podcast brings together a panel of subject matter experts to discuss how organizations can better prepare to defend against and respond to a ransomware attack.

Cybereason vs. Darkside Ransomware Webinar

Join Israel Barak, CISO of Cybereason, as we break down the most recent attack by DarkSide Ransomware and how Cybereason fully detects and protects you.

Report: Ransomware Attacks and the True Cost to Business

A new global research study conducted by Cybereason reveals that the majority of organizations suffered significant business impact following a ransomware attack...

EDR or XDR: How Should your SOC Choose? Webinar

Featuring Cybereason security leaders Sam Curry and Israel Barak, along with Forrester Security and Analyst Allie Mellen, join us for an exciting panel discussion.

2021 Gartner Endpoint Protection Platform (EPP) Magic Quadrant Analyst Report

The Cybereason Defense Platform has been recognized as a visionary in the 2021 Gartner Endpoint Protection Platform (EPP) Magic Quadrant.

Integrating Endpoint and Mobile Device Security

The goal of this whitepaper is to help enterprise teams reduce gaps in their security architecture and improve the endpoint and mobile experience for their users...

MITRE ATT&CK Round III | Live Webinar Webinar

Join Cybereason CISO Israel Barak as he breaks down the complexity of the MITRE ATT&CK Round 3 framework to help you make sense of results and understand the efficacy of different solutions in the marketplace today.

The Current State and Future Challenges of Security Webinar

Join Ed Amoroso, CEO of TAG Cyber and Sam Curry, CSO of Cybereason as they discuss the trends from before COVID-19, discontinuities, and the outlook based on recent events and challenges in the security industry.

Inside Effective EDR Evaluation Testing

We go into some of the methodology of EDR and we analyze “testing tools" to demonstrate the flaws in their use and explain why the results are unreliable when pitted against a modern EDR system...

Ransomware Decoded: Preventing Modern Ransomware Attacks

Understand how to detect the preliminary stages of an attack, analyze the scope of the operation and prevent execution of the malicious code...

Gartner Endpoint Protection Platform Competitive Comparison Analyst Report

Grab your complimentary copy of the report to understand today’s competitive landscape and see which platform best suits your attack surface, in-house resources, and existing IT & security investments.

Five Clear Steps to Enhance SecOps with MITRE ATT&CK

With these five steps, you can continuously tune your security strategy and leverage the connection between techniques, tactics, and procedures and real-world adversary groups...

Ransomware Decoded Webinar

Join this session to learn about how ransomware has changed over the past few years with real examples pulled from the Cybereason Nocturnus team’s work exploring ransomware threats.

The Forrester Wave™: Managed Detection & Response Q1 2021 Analyst Report

With all the competing noise in the endpoint detection and response space, making the right security decision for your organization can be tough. Getting an independent viewpoint is an important part of the process.

Cybereason Exposes Campaign Targeting US Taxpayers with NetWire and Remcos Malware

Cybereason researchers have discovered a new campaign targeting US taxpayers with documents that purport to contain tax-related content but ultimately deliver NetWire and Remcos malware - two prolific remote access trojans.

Protecting Against IT Infrastructure Attacks: From HAFNIUM to SolarWinds Webinar

Join Cybereason experts for a discussion of the recent HAFNIUM attacks on Microsoft Exchange servers and the emergence of infrastructure attacks.

State of Ransomware Webinar

Join leaders from Cybereason's Nocturnus and incident response teams as they explore insights based upon what is happening in the underground and first hand experience from what customers have encountered in the wild.

Attack Simulation Series Webinar

Get an inside look at how multi-stage attack campaigns operate today and the ways a defender can break the kill chain and end the attack before crown jewels are compromised.

Securelink & PensionDanmark Case Study

“The connected world and expanding digital footprint have us excited to be partnering with Cybereason to deploy a next-generation service that our joint customers can manage on their own or through our MDR service.” said Anders Stenwall, VP of Group Service Delivery, SecureLink.

SCM Case Study Case Study

“We’ve never had a vendor be as passionate about their product and reaching out and delivering on customer success as much as Cybereason has."

The Security Value of Exploit Protection

One feature that Cybereason provides to protect users from exploit attacks is our Exploit Protection. This blog provides a quick rundown of some of the key terms used in understanding exploit attacks.

Defender Spotlight | Keith Barros Webinar

Join us and our friend Keith Barros, Sr. Director Information Security and Service Management, from Seton Hall University to hear directly from the source about how the use of Cybereason has positively impacted their human security resources.

Wipro’s State of Cybersecurity Report Reveals Valuable Insights

The State of Cybersecurity Report 2020 from Wipro highlights trends and insights and provides guidance to help improve and maintain cyber resilience.

ActiveCampaign Case Study

"I love Cybereason because, it works. We believe that they're the leader in the industry in relation to our current posture." - Chaim Mazal, VP & Head of Information Security

Gartner Research: Extended Detection and Response Innovation Insight Analyst Report

In new research on Extended Detection and Response (XDR), Gartner analysts note, “XDR is beginning to have real value in improving security operations productivity with alert and incident correlation, as well as built-in automation.”

Solarwinds Supply Chain Attack: What You Need to Know Webinar

Join Cybereason experts for a discussion of the SolarWinds Supply Chain Attack, its impact and mitigation approaches. A roundtable discussion will be followed by a live audience Q&A.

Impact of XDR on the Modern SOC: New ESG Report

A new report from ESG, the Impact of XDR on the Modern SOC, is focused on the perception and value of XDR, and certainly reveals a number of interesting insights around how teams are prioritizing investment against attacks.

The Impact of XDR on the Modern SOC Analyst Report

Extended detection and response (XDR) may be the future for security incident detection, investigation, and response, but is XDR making an impact in the SOC today?

Molerats Threat Alert

The Cybereason Nocturnus Team has identified an active espionage campaign attributed to the threat actor known as Molerats that employs three previously unidentified malware variants.

Chaes Threat Alert

The Cybereason Nocturnus Team has been tracking threat actors leveraging the previously undetected Chaes malware to primarily target Brazilian customers of the largest e-commerce company in Latin America, MercadoLivre.

TX Group Case Study

Since expanding to XDR in Summer 2020, the team has gained more visibility, identified multiple suspicious behaviors, and have already set up a first Slack notification and response bot to reduce remediation time and efforts.

Is XDR The Next Silver Bullet? Webinar

In this webinar, we'll explore how the EU Court of Justice recently striking down the EU-US Privacy Shield agreement affects vendors in the security space and answer your questions about the ruling.

Cybereason Defense Platform Datasheet White Paper

The Cybereason Defense Platform delivers a complete and integrated endpoint security solution by combining prevention with endpoint detection and response (EDR), along with threat hunting across all endpoints and devices.

Ransomware Resources Guide

Learn how to future-proof your organization against ransomware and other costly advanced threats

Kimsuky Threat Alert

Kimsuky has been observed targeting a wide array of victims including public and private sector companies in the U.S., Europe, Japan, South Korea, & Russia.

Ryuk Ransomware: Mitigation and Defense Action Items

Cybereason recommends activating their prevention stack to be set on “Prevent” mode (AV, NGAV, Powershell, AntiRW) to protect against Ryuk ransomware.

VB2020: Anchor, Bazar, and the Trickbot Connection

Cybereason Nocturnus Team members Daniel Frank and Lior Rochberger will be presenting a session titled, Anchor, Bazar, and the Trickbot Connection, examining some new developments regarding a familiar threat actor.

US-EU Privacy Shield Dissolution Panel Webinar Webinar

In this webinar, we'll explore how the EU Court of Justice recently striking down the EU-US Privacy Shield agreement affects vendors in the security space and answer your questions about the ruling.

New Trickbot Variants Threat Alert

In recent weeks, new activity by the Evilnum group includes a change in the chain of infection and persistence, new infrastructure that is expanding over time, and the use of a new Python-scripted Remote Access Trojan (RAT) that Nocturnus dubbed PyVil RAT.

PyVil RAT Threat Alert

In recent weeks, new activity by the Evilnum group includes a change in the chain of infection and persistence, new infrastructure that is expanding over time, and the use of a new Python-scripted Remote Access Trojan (RAT) that Nocturnus dubbed PyVil RAT.

Managed Detection & Response Datasheet Data Sheet

With Cybereason MDR, our Defenders are an extension of your team, applying the best response every time for every threat at unprecedented speed and scale.

Mobile Security in a Remote World Webinar

Join us to learn about why attackers are shifting to target mobile, validated by investigations from the Cybereason Nocturnus team, and how the enterprise security industry is moving to address them.

Time for an Upgrade: How to Switch from Symantec to Cybereason

If you are still using Symantec, you’re most likely tired of the complex workflows, the gaps in detection, and a resource-heavy solution that inhibits workflows and productivity. If so, it’s time to level up to a better solution that’s leading the industry.

Cyber Security Tips for Allowing Employees to Work From Home

While the ability to allow staff to work remotely when needed gives greater flexibility to corporations, it also comes with cybersecurity risks. Not only can remote workers put their own privacy at risk, but working remotely could result in a breach in the company’s security.

Protecting Against Potential Cybersecurity Threats Brought on by Remote Work

In pivoting an entire workforce to remote work, employers need to be prepared for the cybersecurity risks involved. To guard against these threats, employers should have a remote work policy that all employees are aware of and comply with.

Increase in Remote Work Spurs Demand for EDR Cybersecurity

With the sudden increase in telework, the traditional approach of reacting to cyber threats and security issues only after a breach is discovered is no longer sufficient.

IDC Tech Spotlight Analyst Report

To understand what your enterprise should consider when evaluating a modern endpoint protection solution, please download the IDC Technology Spotlight: Modern Endpoint Protection Is Required To Defend Against Today’s Cyberattacks.

Live Attack Simulation With Eric Sun Webinar

Join us for this live webinar with Cybereason Product Director, Eric Sun, as he shares the attacker’s mindset and how it impacts our strategies as defenders.

Malicious Life Live Episode: Multi-Stage Ransomware Webinar

Open your calendars, because Malicious Life’s first ever live event will take place on July 29th at 12PM (EDT) and 5PM (BST).

Reduce Time to Detect & Respond To Threats by 93% Webinar

Please join our guest speakers to learn more about the key benefits to customers from the Forrester TEI study and how you can take advantage of key capabilities and features within the Cybereason Defense Platform to protect your enterprise from today’s cyber threats.

Breach Protection Warranty Datasheet White Paper

Cybereason stands behind the protection capabilities of its Cybereason Defense Platform with a warranty of up to $1 million if a breach occurs within the protected environment.

Forrester Total Economic Impact Report Analyst Report

The Forrester Total Economic Impact Study has found Cybereason customers are able to dramatically reduce the likelihood of a cybersecurity breach and realize an ROI of 308%.

Multi-Stage Ransomware Threat Alert

Over the past few months, the Cybereason team has been investigating multiple instances of ransomware attacks against large critical infrastructure providers.

NSS Advanced Endpoint Protection Report Analyst Report

Learn how the Cybereason Defense Platform can assist your team’s security needs with respect to on-going management as well as the reduction of false positives encountered within your environment.

What are Adversary Emulation Plans?

Though AEPs are especially important when testing and building a strong defense, they are often overlooked for TTPs by security practitioners versed in the “trench warfare” of day-to-day security operations.

Modern Ransomware Threats Q&A with Security Experts Webinar

Join Rich Rushing, Motorola CISO, Bob Bigman, former CISO of the CIA, and Israel Barak, Cybereason CISO, in a panel Q&A as they answer your questions about ransomware.

Five Clear Steps to Implement MITRE ATTACK White Paper

This one-pager establishes five key steps to empower SecOps to improve iteratively over time by leveraging their existing talent and tools.

Valak Threat Alert

The Valak Malware is a sophisticated malware that can steal enterprise mailing information and passwords along with the enterprise certificate. This has the potential to access critical enterprise accounts, causing damage to organizations, brand degradation, and ultimately a loss of consumer trust. 

Ransomware Decoded White Paper White Paper

Read the full white paper to get a glimpse of what modern ransomware looks like and how they're evading legacy prevention solutions.

Addressing Ransomware’s Evolution with Behavioral Prevention Webinar

In this talk, learn about the evolving ransomware attacks the Cybereason team is seeing in real world environments and how we have developed our product to prevent them.

Securing your enterprise endpoints in today's world Analyst Report

In this newsletter with Gartner content, discover critical selection criteria when evaluating EPP solutions to protect your organization.

The Ghost in the Machine: Reconciling AI and Trust in the Connected World Webinar

The need for privacy enforcing technologies is now, not after the ghost is in the machine.

Five Clear Steps to Enhance SecOps with MITRE ATT&CK White Paper

This white paper establishes a process that empowers SecOps to improve iteratively over time by leveraging their existing talent and tools.

Mitre Attack Resources Company

The MITRE ATT&CK framework outlines techniques that adversaries may use over the course of an attack. In an independent evaluation by MITRE, the Cybereason Platform was proven to be the most effective tool for defenders to find, interpret, and remediate threats across all phases of an attack.

3 Ways to Enhance Your Security Posture With The MITRE ATT&CK Framework Webinar

In this webinar, Israel Barak, CISO at Cybereason, will boil down the complexity of the MITRE ATT&CK framework to help you develop a more effective and scalable strategy to secure your organization.

EventBot

This research gives a rare look into the process improvements malware authors make when optimizing before launch. By going on the offensive and hunting the attackers, our team was able to unearth the early stages of what may be a very dangerous mobile malware.

Integrating Endpoint and Mobile Device Security White Paper

Enterprise teams are advised in this report to integrate their traditional and next-generation endpoint security protections with emerging mobile security safeguards.

The 5 Most Pressing Mobile Threats for Enterprises White Paper

The popularity of mobile devices in the enterprise has surpassed that of workstations and laptops thanks to their portability and accessibility. In this guide, we have identified the top five mobile threats faced by enterprises today.

Top Ten Use Cases For Mobile Threat Detection

When evaluating a mobile threat detection (MTD) solution's ability to detect, prioritize, and respond, organizations should ask vendors if they can support the following top 10 MTD use cases.

Mobile Resources

Resources to uplevel mobile security across enterprises.

The Battle to Address Mobile in the Endpoint Security Space Webinar

Join us to explore the mobile threat landscape, the risks involved, and what cybercriminals can really do with access to your mobile device.

Endpoint Security: What Matters Most to Security Teams Webinar

Given the current situation we are all facing and how the days continue to blur, wouldn’t it be nice to sit back and hear from an industry expert about what matters most security teams of all shapes and sizes?

Boston Security Leaders Answer Your Questions on Shifting to Remote Work Webinar

On April 15 at 10:30 AM ET, Cybereason is hosting a live, virtual panel of local security leaders. CEOs across Boston organizations are coming together to talk about how they are handling the shift to remote work, especially as it pertains to cybersecurity and maintaining secure business continuity.

Perspectives on Maintaining Secure Business Continuity: A Guide

In this blog, you'll find perspectives from several of our experts with experience in managing crises across security and business functions.

How to Maintain Secure Business Continuity with a Remote Workforce

In this guide, you'll find perspectives from several of our experts with experience in managing crises across security and business functions.

Maintaining Secure Business Continuity

IT and security teams need support now more than ever, as teams struggle with balancing cooperative remote work and meeting the needs of an entire organization. This page gives you the tools you need in this challenging time.

Live Stream: The Solarium Report & Securing A Remote Workforce Webinar

In this special guest webinar, Cybereason CSO Sam Curry will host four experts in cybersecurity and government policy to talk about securing remote workers. Get your questions answered by the former CISO of the CIA, the former COO of MITRE, the managing director of cybersecurity services and policy at Venable, and a commissioner of the Cyberspace Solarium Report. Register for the webinar now and submit your questions.

Forrester Wave Endpoint Detection and Response

See why Cybereason received the top ranking in the current offering category, amongst the 12 evaluated EDR vendors.

ESG Tech Validation Report

The ESG Technical Review offers readers a better understanding of Cybereason’s advanced security solution. Real UI screenshots and clear evaluations from ESG analysts offer insight into Cybereason’s ability to reduce risk from fileless and ransomware, increase analyst efficiency, and reduce total cost.

COVID-19

The Cybereason Nocturnus team has discovered several recent, targeted attacks against those regions afflicted with COVID-19.

Securely Maintain Business Continuity with a Remote Workforce: Emergency Checklist

Attackers are taking advantage of the confusion and anxiety to spread coronavirus-themed malware. Now is the time to take steps to secure your organization outside of the IT perimeter.

Hacking the Hackers

Cybereason Nocturnus is investigating a campaign where attackers are trojanizing multiple hacking tools with njRat, a well known RAT. The campaign ultimately gives attackers total access to the target machine.

COVID-19: Secure Business Continuity Outside of the IT Perimeter Webinar

Amplified by recommendations from the CDC to prepare for a COVID-19 outbreak, businesses are strongly considering mandatory remote work for their employees. Listen in for insights from Sam Curry on maintaining business continuity outside of the perimeter.

Extended Detection & Response (XDR) Datasheet White Paper

Cybereason XDR is the only future-ready solution that makes it easy to understand the full attack story.

Incident Response Services Datasheet White Paper

Expert, guided remediation that outlines what steps should betaken to address vulnerabilities and mitigate risk.

Incident Response Datasheet White Paper

Cybereason Incident Response is uniquely designed to enable organizations to identify, correlate and remediate threats faster.

MoleRATs & Pierogis

The Cybereason Nocturnus team has discovered several recent, targeted attacks in the Middle East. Read more here.

Bitbucket Malware Arsenal

The Cybereason team is following an active campaign to deliver multiple different types of malware and infect victims all over the world.

Endpoint Detection & Response Datasheet White Paper

Complete protection against continually evolving threats.

Emotet

The malware previously described by DHS as the most destructive ever is surging yet again. Why is Emotet so popular and who is it targeting now?

Next-Generation Antivirus Datasheet White Paper

Complete protection against continually evolving threats.

The 2020 Crystal Ball

Listen to Cybereason CSO Sam Curry and GuidePoint VP, GRC Services & CISO Gary Brickhouse for insight into what 2020 will bring for the security industry.

Cybereason's 2020 Security Predictions

As we head into 2020, it’s time to reassess and catch our breath collectively before beginning strategic security planning.

Endpoint Controls Datasheet White Paper

With Cybereason Endpoint Controls, you can log in to a single administrative screen or a complete, easy-to-scan view of device controls, personal firewalls, and disk encryption across each of your endpoints.

Seton Hall University

Seton Hall University Uncovers Ongoing Threats and Lowers Cost with Cybereason

Cutting Through the EPP Noise: A Future Proof Strategy

Listen to Sam Curry, CSO at Cybereason, and Ed Amoroso, CEO of TAG Cyber and former SVP and CSO of AT&T, to learn about evolving endpoint protection platforms in today's market.

Cybereason Mobile Datasheet White Paper

Secure the latest targeted endpoint: mobile devices.

Extended Data Retention Datasheet White Paper

Expand threat hunting capabilities against historical endpoint and mobile data.

Using MITRE ATT&CK to Identify Advanced Threats: Operation Soft Cell

We are teaming up with MITRE threat intel expert Katie Nickels to talk about MITRE ATT&CK and Operation Soft Cell. Join the conversation!

Remote Workforce Protection Datasheet Data Sheet

Fully managed prevention, detection, and response across devices.

On Premises Deployment Datasheet White Paper

On-premise option for complete control of your endpoint security.

Cyber Posture Assessment Datasheet White Paper

Gain complete visibility. Identify key gaps. Continuously strengthen IT hygiene.

Operation Soft Cell: Webinar

In 2018, the Cybereason Research team identified a series of attacks targeting telecommunications companies. Quiz the experts in this interactive webinar.

Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers

In 2018, the Cybereason Nocturnus team identified an advanced, persistent attack targeting global telecommunications providers.

Compromise Assessment Datasheet Data Sheet

Gain complete visibility. Identify key gaps. Continuously strengthen IT hygiene.

On-Demand Webinar: TA505

In this webinar, Josh Trombley, SOC Analyst, will discuss a meticulously planned malicious operation against a financial institution in April of 2019.

On-Demand Webinar: Generating a Hypothesis in a Threat Hunt

In this webinar, Mor Levi, VP of Security Practices at Cybereason, helps you understand how to generate a hypothesis for a threat hunt.

GandCrab's new Evasive Infection Chain

GandCrab's new Evasive Infection Chain

Deep Response Datasheet White Paper

Cybereason Deep Response provides analysts with an advanced set of tools that enables your team to investigate remotely, remediate promptly, and eliminate all active threats before damage is done.

THREAT ACTOR TA505 TARGETS FINANCIAL ENTERPRISES USING LOLBINS AND A NEW BACKDOOR MALWARE

In this research, we introduce a meticulously planned, malicious operation against a financial institution in April of 2019 by TA505.

On-Demand Webinar: The Right Roles for SIEM and EDR

Companies know they need to get into the incident response and threat hunting business with a SOC. However, actually accomplishing that with little risk, high efficiency, and confidence can be a difficult task.

On-Demand Webinar: The New Ursnif Variant

Earlier this year, our team discovered a new campaign of Ursnif attacking users in Japan across multiple customer environments. In this webinar, Jacob Berry, Principal Incident Response Specialist at Cybereason, analyzes this new variant.

On Demand Webinar: How to Build a Closed-Loop, Strategic Security Process with MITRE ATT&CK

Based on our recent white paper, this webinar goes into the five essential stages you should be following to implement a closed-loop, tactical security effort with MITRE ATT&CK. Danielle Wood, Senior Director of Advisory Services, focuses on how to deliver consistent, real improvement in detection capabilities.

A ONE-TWO PUNCH OF EMOTET, TRICKBOT, & RYUK STEALING & RANSOMING DATA

The Cybereason team has uncovered a severe threat that adapts Emotet to drop TrickBot, and adapts TrickBot to not only steal data but also download the Ryuk ransomware.

The Right Roles for SIEM and EDR

Our white paper explores the complementary and interdependent uses of SIEM, SOAR, and EDR technologies. By using these tools in conjunction with clearly defined roles, security operations teams can reduce costs, improve security, and assist human intelligence in a repeatable, reliable way.

NEW URSNIF VARIANT TARGETS JAPAN PACKED WITH NEW FEATURES

The Cybereason research team observed a new campaign involving Ursnif in the beginning of 2019 attacking users in Japan across multiple customer environments. This Ursnif variant has enhanced stealing modules focused on taking data from mail clients and email credentials stored in browsers.

Astaroth Malware Uses Legitimate OS and Antivirus Processes to Steal Passwords and Personal Data

In this research, we explain one of the most recent and unique campaigns involving the Astaroth trojan. This Trojan and information stealer was recognized in Europe and chiefly affected Brazil through the abuse of native OS processes and the exploitation of security-related products.

On-Demand Webinar: MITRE ATT&CK Evaluation Results

With the release of our MITRE ATT&CK Evaluation results, Sam Curry, Chief Security Officer, and Israel Barak, Chief Information Security Officer, discuss how Cybereason effectively enables defenders to discover, understand, and respond to a full attack.

On-Demand Webinar: The Cyber Defense Challenge Journey

In this webinar, Moshe Ishai, Co-Founder of HolistiCyber, addresses the implications of the new cyber era and covers the ways to cope with cyber threats.

Banking Trojan Delivered By LOLbins: How the Ramnit Trojan spreads via sLoad in a cyberattack

Banking Trojan Delivered By LOLbins: How the Ramnit Trojan spreads via sLoad in a cyberattack

On-Demand Webinar: MITRE ATT&CK Framework with Israel Barak

The MITRE ATT&CK framework is a very effective tool for “adversary emulation,” cataloging how adversaries behave, what they’re trying to do, and the techniques used to accomplish their means. Moreover, the framework aims to provide a common language and vocabulary for practitioners, vendors, and all parties working to understand common threat actors and techniques.

2019 Security Predictions Webinar

In this webinar, Sam Curry, Chief Security Officer at Cybereason, talks about his predictions and the trends he sees evolving in the cybersecurity space in 2019. From IoT, mobile, and the rise of "Living Off the Land", all the way to politics and critical infrastructure, and the impact it all might have on the cybersphere, Sam speaks at length about the factors that will shape the cybersecurity landscape of tomorrow.

Pervasive Brazilian financial malware targets bank customers in Latin America and Europe

Cybereason’s Nocturnus team mapped out the multi-stage malware distribution infrastructure behind Brazilian financial malware and found that Brazilian-made malware have become pervasive and target over 60 banks in nearly a dozen countries throughout Latin America, Spain and Portugal.

Security Deep Dive: Analyst & CISO Perspectives

In this webinar, Sam Curry, CSO at Cybereason, moderates a discussion between Cory Collins, Analyst at Mars, and Rich Rushing, CISO at Motorola Mobility. Both Cory and Rich were speakers at DEEP 2018 and discuss learnings from the conference, struggles they face in their day-to-day jobs, and how they stay current on the ever-changing landscape.

Connecticut Water

Connecticut Water provides life-sustaining water to more than 360,000 people in 59 communities in Connecticut and Maine. This critical infrastructure provider needed greater visibility into its 500 endpoints, including the ones in its corporate network and industrial control systems environment.

NEW BETABOT CAMPAIGN UNDER THE MICROSCOPE

The Cybereason SOC has detected multiple Betabot infections in customer environments. In this blog, Cybereason researchers study Betabot’s infection chain and self-defense mechanisms using data gathered from customer environments.

VAI MALANDRA: A LOOK INTO THE LIFECYCLE OF BRAZILIAN FINANCIAL MALWARE

Cybereason's Nocturnus Research team analyzes campaigns targeting the Brazilian financial sector, focusing on infection vectors and the threat actor's toolset and techniques.

WANNAMINE CRYPTOMINER THAT USES ETERNALBLUE STILL ACTIVE

The Wannamine cryptominer, which uses the EternalBlue exploits, is still active although a patch that fixes these well-known vulnerabilities was released last March. Amit Serper, Cybereason's head of security research, examines this variant and makes the case for patching your systems.

The anatomy of a .NET malware dropper

Attackers don't need sophisticated tools to create effective malware. Basic tools work just fine. Case in point: Cybereason researchers discovered a .NET dropper/crypter. Here's how they reverse engineered it.

AI Hunting in Action

In this webinar Shlomi Avivi, VP of Information Security at Cybereason will show you how AI hunting is probably the best approach to deal with attacks that use advanced tools and techniques.

AI Hunting with the Cybereason Platform: A SANS Review

SANS reviewed Cybereason's AI hunting platform, which offers a lightweight, behavior-focused model of host-based protection that can help intrusion analysis and investigations teams more rapidly and efficiently prevent, detect and analyze malicious behavior in their environments

Jumpstarting Your Security Strategy with the NIST Framework

Right now, 30% of companies in the United States employ the NIST cybersecurity framework. In 2020, that number is set to be 50% of all companies in the US. But what exactly does the NIST cybersecurity framework entail? What makes it so popular, and how can technology help you accelerate adoption?

ATTACKERS INCRIMINATE A SIGNED ORACLE PROCESS FOR DLL HIJACKING, RUNNING MIMIKATZ

With application whitelisting being integrated into an OS’s security stack, attackers need more creative ways to use their tools without getting detected. In this incident observed by Cybereason, DLL hijacking was used to run Mimikatz using a process that was signed and verified by Oracle.

No Win32_Process Needed – Expanding the WMI Lateral Movement Arsenal

Cybereason researchers discovered new lateral movement techniques discovered that abuse WMI (Windows Management Infrastructure) and provide a tool that’s a proof of concept for the techniques, showing what an attacker could potentially do with them.

NIGHT OF THE DEVIL: RANSOMWARE OR WIPER? A LOOK INTO TARGETED ATTACKS IN JAPAN USING MBR-ONI

For several months Cybereason has been following the concerning rise of ONI, a family of ransomware involved in targeted attacks against Japanese companies. We suspect that the ONI ransomware was used as a wiper to cover up an elaborate hacking operation.

LEVERAGING EXCEL DDE FOR LATERAL MOVEMENT VIA DCOM

DDE, or Dynamic Data Exchange, is a legacy interprocess communication mechanism that’s been part of some Windows applications since as early as 1987. DDE enables applications to request items made available by other programs and be notified of any changes within these items.

OSX.PIRRIT MAC ADWARE PART III: THE DAVINCI CODE

OSX.Pirrit’s code had the potential to carry out much more malicious activities. As a result of the report, some of Pirrit’s servers and a few distribution websites were taken down. But the story doesn’t end there.

NEW LATERAL MOVEMENT TECHNIQUES ABUSE DCOM TECHNOLOGY

Cybereason researchers discovered new lateral movement methods that abuse the DCOM functionality of Windows applications.

THE CHALLENGES OF DETECTING COMPROMISED PUBLIC WEB SERVERS

Compromised Web application servers have been a security issue since the dawn of the Internet but many security solutions don't detect this threat.

ATTACKERS TURN TO MASQUERADING ICONS TO BOOST PHISHING ATTACK’S SUCCESS

Cybereason has observed thousands of malicious file executions masquerading as a popular programs such as Adobe PDF Reader, MS Word and Chrome. Using familiar icons is meant to deceive users into thinking that the file is legit and safe to open.

ATTACKERS INCLUDE RANSOM NOTE IN AMPLIFIED DDOS ATTACKS THAT USE MEMCACHED SERVERS

Cybereason's security team on Thursday discovered that the memcached servers used in the largest DDoS attack to date are including a ransom note in the payload.

ATTACKERS USE BOTNETS TO BREAK INTO NETWORKS FASTER

ATTACKERS USE BOTNETS TO BREAK INTO NETWORKS FASTER

FAUXPERSKY: CREDSTEALER MALWARE MASQUERADES AS KASPERSKY ANTIVIRUS

FAUXPERSKY: CREDSTEALER MALWARE WRITTEN IN AUTOHOTKEY MASQUERADES AS KASPERSKY ANTIVIRUS, SPREADING THROUGH INFECTING USB DRIVES

SOC Talk: Ransomware Mythbusting

SOC Talk: Ransomware Mythbusting

Cadwalader, Wickersham & Taft

Cadwalader, Wickersham & Taft, an international law firm with more than 400 lawyers in five offices around the globe, needed an endpoint detection and response platform that was easy to use and streamlined the threat investigation process.

8 Moments That Can Make or Break the CISO

In a world of increasingly sophisticated attacks (and attackers), it would seem that the career of the CISO is fraught with unpredictability—but nothing could be further from the truth. While the path of the CISO is filled with trials and tribulations, there are common themes that come up time and again that can make or break a security career.

Hospital revenue cycle management company

A hospital revenue cycle management company’s perimeter defense tools weren’t providing it with enough endpoint visibility. The company wanted total visibility and an easy-to-use interface that made its junior security analysts more efficient and effective.

McBee Associates

McBee Associates uses Cybereason’s managed security services to augment its security program and replaced its antivirus solution with Cybereason’s next-generation antivirus software to reduce the number of agents running on its endpoints.

Fortune 500 bank

Fortune 500 bank uses Cybereason to boost behavioral detection

Boosting GDPR Compliance: Enhancing Your Security Readiness

In this webinar Cybereason’s VP of Information Security, Shlomi Avivi and Sr. Director Lital Asher-Dotan will take you through the major principles of GDPR and demonstrate how companies can enhance their GDPR readiness in relatively short time.

User-Space Endpoint Data Collection

Despite the advantages of endpoint detection and response solutions, many security professionals are hesitant about using them because they are notorious for crashing the operating system and adding agent management workload to the already overworked IT department.

The Seven Struggles of Detection & Response

Many of the CISOs we meet are debating what approach to take for detecting advanced persistent threats within their network.

Fileless Malware: An Evolving Threat on the Horizon

Cybereason Lab Analysis explores WMI and Powershell attacks and discusses approaches for effective detection and response.

CYBEREASON RESEARCHER DISCOVERS VACCINE FOR BAD RABBIT RANSOMWARE

Cybereason researcher Amit Serper has developed a vaccine to prevent the Bad Rabbit data-encrypting malware from infecting machines.

Customer Spotlight: Pinnacle Technology Partners

Technology consulting firm, Pinnacle, on life as a customer and reseller of Cybereason.

Customer Spotlight: Flowserve & Petya/NotPetya

Flowserve on being protected by Cybereason from the NotPetya ransomware outbreak.

Customer Spotlight: Flowserve

One of the largest suppliers of industrial and environmental machinery, Flowserve, talks about using Cybereason.

Customer Spotlight: McBee Associates

Healthcare consulting firm, McBee Associates, on their experience using Cybereason.

Customer Spotlight: Cadwalader, Wickersham, & Taft

One of the oldest law firms in America trusts Cybereason.

Customer Spotlight: Healthcare

Hear from hospital revenue cycle management firm, Healthcare

Customer Spotlight: Motorola

Motorola, global mobile device manufacturer, shares insights into why they trust Cybereason.

The Next Generation CISO

Watch the webinar with Sam Curry, Cybereason Chief Security Officer, to explore strategies for identifying and developing the next generation.

Stopping NotPetya & Advanced Ransomware Attacks

Watch our on-demand webinar to gain a better understanding of the NotPetya attacks and how you can stay protected.

Incident Response Plan: Don't Leave Home Without It

Learn how to create and implement an incident response plan.

WannaCry Ransomware: Everything You Need To Know

Everything you need to know about WannaCry ransomware and the recent attack.

Understanding Threats From The Inside & Outside

Join our webinar with ObserveIT on May 16 at 10AM EDT to take a deep dive into the world of insider and outsider threats.

Attack Attribution: It's Complicated

Ross Rustici, Sr. Manager of Cybereason Intelligence, and SANS will discuss why attack attribution is so complex and actions the security community...

SIOFRA, A FREE TOOL BUILT BY CYBEREASON RESEARCHER, EXPOSES DLL HIJACKING VULNERABILITIES IN WINDOWS PROGRAMS

Siofra, developed by Forrest Williams, Senior Security Researcher at Cybereason, is a research tool that can identify DLL hijacking vulnerabilities in Windows programs and has an automated way to craft DLLs to exploit these vulnerabilities.

Threat Hunting 102: Beyond the Basics, Maturing Your Threat Hunting Program

Join Cybereason's Brad Mecha, Manager of Threat Hunting Team, and Dave Shackelford, SANS Analyst, to learn how to elevate your current threat hunting program.

Ransomware Remedies: Decoding and Dealing with Ransomware's Problematic Behavior

Ransomware has a few key differences that make it stand out from other malicious programs, but the only realistic way to detect and stop it is by looking at what it does, the heuristic behavioral approach.

Cyber Threat Hunting: How To Combat Threats and Win the Battle

Join a panel of cybersecurity experts as they discuss the key strategies IT security professionals can use to fight and win the battle against advanced threats.

How Attackers Use Adware to Sell Corporate Assets

Israel Barak, Cybereason CISO, and SANS Certified Instructor G. Mark Hardy discuss how one organization discovered commodity malware in their environment that transformed into a targeted attack.