In this article we take a deeper dive into an often abused Microsoft-signed tool, the infamous rundll32.exe, which allows adversaries to execute malicious code during their offensive operations through a technique which we explain in detail...

August 9, 2022 / 10 minute read

The Anom was the holy grail of dark, illegal communication: a mobile phone that could send encrypted messages that even included a secret Kill-Switch to foil attempts by law enforcement agents to get to its contents. Thousands of criminals used the Anom, certain that they were completely safe from the police - they were wrong - check it out...

August 8, 2022 /

So, you have a lot of visibility into your network and you know it because you have a ton of security alerts coming in - but that’s almost worse than having none if they lack the context and correlations required to really understand the scope of an attack...

August 3, 2022 / 3 minute read

One in three retailers attacked will pay the ransom, but less than ten percent will receive all their data back, and 80% of victims who pay the ransom end up getting hit with another attack Why are retailers such an attractive target when it comes to ransomware?

August 2, 2022 / 4 minute read

Ken Thompson is a legendary computer scientist who also made a seminal contribution to computer security in 1983 when he described a nifty hack that could allow an attacker to plant almost undetectable malicious code inside a C compiler. Surprisingly, it turns out a very similar hack was also used in the SolarWinds attack - check it out...

August 1, 2022 /

With the new Cybereason Ransomware Range experience, you will have the chance to witness first-hand the RansomOps techniques employed by threat groups from initial intrusion, lateral movement, privilege escalation to full network compromise. Most importantly, you’ll see where and how these operations can be predicted, detected, and stopped dead in their tracks...

July 27, 2022 / 1 minute read

Ransomware has transformed significantly over the past several years, and it is forcing security to evolve with it. These complex and highly targeted ransomware operations – or RansomOps – seek to infiltrate entire networks in order to extort multi-million dollar ransoms from targets...

July 27, 2022 / 4 minute read

The first step in the Zero Trust journey begins with removing trust blinders and truly instrumenting, monitoring, and seeing malicious behaviors hiding in plain sight behind trusted identities and applications without disrupting or causing harm to IT and the business–XDR provides this capability...

July 26, 2022 / 4 minute read

MITRE ATT&CK has become a gold standard in the endpoint security space. Here are 5 steps you can take to improve your defenses...

July 25, 2022 / 2 minute read

Silk Road’s success did more than bring the site more sellers and buyers, it also brought it more attention from law enforcement agencies as well as malicious hackers and other shady characters. Some of these shady characters, it turns out, were part of the task force aiming to shut down Silk Road - check it out...

July 25, 2022 /

These complex, low and slow attacks that seek to infiltrate as much of the targeted network as possible before detonating the ransomware payload means the task of successfully defending against RansomOps attack has never been more challenging, and the stakes for organizations are high...

July 20, 2022 / 5 minute read

Cybereason and TruVisor today announced a partnership that will protect ASEAN region organizations from sophisticated cyberattacks. As part of the partnership, TruVisor will expand Cybereason’s reach with the region’s top resellers and MSSPs across Southeast Asia...

July 20, 2022 / 2 minute read

Attackers exploit gaps in visibility and hide in the network seams while security teams struggle to get actionable intelligence from a complex security stack. So where can security teams turn to reduce alert fatigue and increased operational efficacy and efficiency?

July 19, 2022 / 5 minute read

Your organization was hit by ransomware, and it is now time to negotiate the terms of a deal that will bring back your data and (hopefully) won’t leave the company’s coffers empty. But are you sure you know what you’re doing? Are you certain that you won’t screw up the negotiations and do more harm than good? Check it out...

July 18, 2022 /

What would the business do if they are caught in the crossfire of a targeted attack, and key digital processes are taken offline? This starts by recognising what those key digital processes are that the business requires to function, and what dependencies exist behind these processes...

July 14, 2022 / 3 minute read

XDR provides security teams with comprehensive visibility across the kill chain, all without requiring security analysts and incident response teams to manually investigate a flood of individual alerts. XDR allows security trams to move detection further to the left in the kill chain to reduce dwell time and disrupt attacks earlier in the attack sequence...

July 13, 2022 / 4 minute read

Ross Ulbricht always had a thing with testing his limits. He was also an avid libertarian who wanted to change the world. So, in 2010, he came up with the idea to build a truly free market: a website where anybody can buy and sell anything anonymously - including illegal drugs - check it out...

July 12, 2022 /

Ransomware purveyors are moving away from high-volume attacks with low ransom demands in favor of more focused, custom attacks aimed at individual organizations selected for the ability to pay multi-million dollar ransom demands...

July 12, 2022 / 4 minute read

Over the last five years ransomware operations evolved both in capabilities and the degree of organizational structure behind it. In this webinar, we’ll cover the changes, what they mean and how cybersecurity strategies need to adapt to match this changing threat. But most importantly, have we learned from our past mistakes?

July 8, 2022 / 1 minute read

The Cybereason Team is excited to be part of Black Hat 2022, both virtually and in-person on August 10th and 11th! Be sure to stop by the Cybereason booth #1820 to get a custom printed Cybereason hoodie, a collectible Malicious Life Podcast tee shirt, enjoy deep-dive in-booth theater presentations, demos and more...

July 7, 2022 / 2 minute read

LockBit 2.0 ransomware attackers are constantly evolving and making detection, investigation, and prevention more complex by disabling EDR and other security products and deleting the evidence to stifle forensics attempts...

July 7, 2022 / 16 minute read

Raspberry Robin involves a worm that spreads over USB devices or shared folders, leveraging compromised QNAP (Network Attached Storage or NAS) devices as stagers and an old but still effective method of using “LNK” shortcut files to lure its victims...

July 7, 2022 / 5 minute read

New ransomware gangs have surfaced recently, bringing new techniques with them. As ransomware continues its quick pace of evolution, understanding the risk from complex RansomOps attacks and their impact to the business is key to preventing them...

July 7, 2022 / 5 minute read

The MITRE ATT&CK Framework is one of the most powerful resources security practitioners can use to develop robust defenses against adversaries. This webinar is designed to show you how you can take the framework and build more powerful defenses without requiring decades of cybersecurity experience...

July 7, 2022 / 1 minute read

Cybereason is thrilled to announce that Malicious Life won best Security Vendor Podcast at the 2022 European Security Bloggers Network Awards during the Infosecurity Europe Conference...

July 6, 2022 / 1 minute read

The Cybereason Process Timeline view provides threat hunters with a unified timeline of events and full visibility of activity that happened on the endpoint...

July 6, 2022 / 2 minute read

Will Bitcoin and the other cryptocurrencies be able to replace money as we know it today? Will governments embrace a future where they have no control over their currencies? Jacob Goldstein (Planet Money, What's Your Problem) talks to Nate Nelson about what the future holds for Bitcoin - check it out...

July 5, 2022 /

The volume of cybersecurity telemetry generated continues to explode, but so much of it is proprietary there is really no way to make all that telemetry meaningful and make decisions based on it - until now...

June 30, 2022 / 3 minute read

With so many XDR solutions available on the market today, organizations need to be careful about which one they choose. That’s because not all XDR platforms are created equal or deliver the same type of value - here's how to sort it all out...

June 29, 2022 / 4 minute read

There are a variety of factors and risks which must be considered when deciding whether to pay a ransom, and organizations will need to be able to establish some level of attribution to know if the threat actor is subject to sanctions levied against specific nations...

June 28, 2022 / 6 minute read

Years before credit card transactions gave banks and data-brokers free access to our private financial information, a man named David Chaum became the first person to really, materially grapple with the problem of privacy in money. His ideas inspired a movement of "Crypto Anarchists" who aspired to change money forever - check it out...

June 27, 2022 /

With the new Cybereason Ransomware Range experience, you will have the chance to witness first-hand the RansomOps techniques employed by threat groups from initial intrusion, lateral movement, privilege escalation to full network compromise. Most importantly, you’ll see where and how these operations can be predicted, detected, and stopped dead in their tracks...

June 27, 2022 / 1 minute read

In just two months, Black Basta has added nearly 50 victims to their list, making them one of the more prominent ransomware gangs. The attackers infiltrate and move laterally throughout the network in a fully-developed RansomOps attack. The Cybereason Nocturnus Team assesses the threat level as HIGH SEVERITY given the destructive potential of the attacks...

June 24, 2022 / 6 minute read

A Microsoft Office code execution vulnerability dubbed “Follina” allows delivery of malware without needing the victim to allow macro execution and is very likely to be mass-exploited. The Cybereason Defense Platform detects and prevents the exploitation of Follina and enables effective hunting of this vulnerability...

June 22, 2022 / 3 minute read

This special Malicious Live Ask Us Anything event celebrates the 5 year anniversary of the show: How did Malicious Life come to be? How do we choose the stories we tell? Who was Ran's most memorable guest? And why does Nate keep inserting weird names into the scripts? Check it out…

June 21, 2022 /

Cybereason CEO Lior Div has been named Ernst & Young Entrepreneur Of The Year® 2022 for New England, one of the preeminent business awards for entrepreneurs and leaders of high-growth companies...

June 21, 2022 / 2 minute read

Hector - better known as Sabu, the ringleader of the LulzSec hacking group - knew the FBI was on to him. But it turned out that of all the people who broke or disregarded the law in this particular story, only one man had a reason to be worried: Jeremy Hammond - check it out…

June 17, 2022 /

Security teams shouldn’t need to manually triage and investigate disparate alerts from an array of solutions–they need to focus on shutting down a ransomware campaign as quickly as possible...

June 15, 2022 / 4 minute read

To defend against the latest threats, it is necessary to understand the scope of ransomware attacks in general and how they unfold so proactive anti-ransomware strategies can be adopted to better protect organizations from being victimized...

June 14, 2022 / 5 minute read

George Friedman and Jeremy Hammond are two very different people: the former is a capitalist middleman, the latter an anarchist-communist hacker. A spy and a hacker; but in certain respects, they’re actually quite similar in what lines they are willing to cross to get to their goal - check it out…

June 13, 2022 /

The study once again finds that ‘it doesn’t pay-to-pay’ a ransom demand, as 80% of organizations that paid were hit by ransomware a second time, with 68% saying the second attack came in less than a month with threat actors demanding a higher ransom amount...

June 7, 2022 / 2 minute read

Learn how mature security teams effectively counter modern ransomware operations (RansomOps) and avoid a system-wide takeover by bad actors - all delivered through a step-by-step walkthrough of a ransomware attack...

June 3, 2022 / 1 minute read

The challenges faced by SOCs—workforce shortages, lack of visibility, tool sprawl and alert overload—will likely result in increased adoption of Managed Detection and Response (MDR) services and and Extended Detection and Response (XDR) solutions...

June 2, 2022 / 3 minute read

Like EDR solutions, not all endpoint sensors are created equal. The Cybereason Sensor is lightweight, low impact, universally deployable, and offers the deepest visibility of any sensor in the endpoint market...

June 1, 2022 / 5 minute read

Unlike more traditional tools, an XDR solution cuts through the noise to deliver efficiency through context-rich correlations that leverage all of an organizations’ security telemetry from across disparate sources to quickly answer the question "are we under attack?"

June 1, 2022 / 5 minute read

AbdelKader Cornelius, a German Threat Researcher and an expert on the cybercrime ecosystem, shares a story about how he helped German police put a sophisticated cybercriminal behind bars by uncovering tiny mistakes the hacker made in the past. - check it out…

May 31, 2022 /

Join us for an examination of what a modern ransomware attack chain looks like and how an XDR solution can be leveraged to detect and stop complex ransomware attacks at the earliest stages, long before the actual ransomware payload is delivered...

May 31, 2022 / 1 minute read

The Cybereason Defense Platform offers multi-tenancy capabilities to enable SOC teams to divide workflows based on roles...

May 27, 2022 / 1 minute read

Proactive deterrence strategies like Defend Forward are increasingly urgent for the private-sector as they struggle to safeguard intellectual property against nation-state cyber espionage and protect their businesses from cybercrime-driven ransomware attacks...

May 26, 2022 / 2 minute read

The Cybereason Team is really excited to welcome Osamu Yamano as President of Cybereason Japan. Yamano will oversee the company’s operations in the region and will be responsible for expanding Cybereason business opportunities...

May 26, 2022 / 2 minute read

To Defend Forward means aggressively collecting intelligence about adversaries’ tactics and strengthening proactive resiliency across the organization to make it more costly for adversaries to achieve their objectives...

May 25, 2022 / 4 minute read

The latest release of the Cybereason Defense Platform significantly improves investigation, enhances protection and infrastructure management...

May 25, 2022 / 3 minute read

An anonymous hacker posted a list of 6.5 Million encrypted passwords for LinkedIn users on a Russian forum. These passwords were hashed using an outdated and vulnerable hashing algorithm and were also unsalted. Lawsuits followed shortly… can we trust big organizations to keep our secrets safe? Check it out…

May 24, 2022 /

The only way organizations can successfully defend against ransomware and RansomOps attacks is to be able to detect them early and end them before any data exfiltration or encryption of critical files and systems can take place...

May 24, 2022 / 4 minute read

Cybereason CEO Lior Div talks about the inaugural report from the Cyber Defenders Council and why the principles of Defend Forward are important for cybersecurity...

May 23, 2022 / 2 minute read

We continue to use the same name to describe a problem that has evolved over time and is significantly more complex today. Many are really unprepared to counter the threat as it exists today...

May 18, 2022 / 3 minute read

The Cyber Defenders Council is an independent group of preeminent cybersecurity leaders from public and private sector organizations around the world with the mission to adapt Defend Forward deterrence concepts for the private sector - read the inaugural report here...

May 17, 2022 / 1 minute read

We delve into a recently discovered cyber-espionage campaign targeting the Defense, Energy, Aerospace, Biotech and Pharma industries conducted by the Winnti Group (APT 41, BARIUM, and Blackfly) - a Chinese state-sponsored APT group known for its stealth and sophistication...

May 17, 2022 /

Cybereason has been named to the exclusive 10th Annual CNBC Disruptor 50 list of the most disruptive private global companies, joining other esteemed rapid-growth companies including Canva, Blockchain.com, Stripe, Chime and more...

May 17, 2022 / 1 minute read

Cybereason named an Overall Leader in the 2022 KuppingerCole Leadership Compass for vendors in the Endpoint Protection, Detection & Response (EPDR) market...

May 16, 2022 / 2 minute read

Here's a look at the many ways Cybereason Threat Intelligence tells the difference between benign and malicious activity to keep your security team focused...

May 16, 2022 / 4 minute read

Learn how mature security teams effectively counter modern ransomware operations (RansomOps) and avoid a system-wide takeover by bad actors - all delivered through a step-by-step walkthrough of a ransomware attack...

May 16, 2022 / 1 minute read

Behavioral Execution Prevention stops threats posed by malicious actors who use trusted operating system software and native processes to conduct attacks...

May 13, 2022 / 2 minute read

Cybereason CEO Lior Div provides perspective on the cyber component of Putin's invasion of Ukraine, and why it is important for organizations to Defend Forward...

May 12, 2022 / 2 minute read

Tim Weis, who was recently promoted to Senior Talent Acquisition Partner, supports hiring for some of our US-based teams and helps each of them scale and grow. Learn more about Tim and why he says this is an exciting time to join Cybereason...

May 12, 2022 / 3 minute read

AI/ML is really good at analyzing large data sets with a high degree of accuracy to identify events of concern at a scale manual human analysis can never match, relieving security teams of the tedious task of sorting the signal from the noise...

May 11, 2022 / 4 minute read

Cybereason has launched subscription-based bundles for unlimited Incident Response and Professional Services that deliver the speed and agility needed to quickly identify, correlate and contain threats while reducing costs by as much as thirty percent...

May 10, 2022 / 2 minute read

The AI-driven Cybereason XDR Platform detects and blocks MountLocker ransomware which launched back in September 2020. Since then, the attackers have rebranded the operation as AstroLocker, XingLocker, and now in its current phase, the Quantum Locker...

May 9, 2022 / 5 minute read

In 2007, Estonia suffered a large-scale DDoS attack which crippled many organizations and digital services. Joseph Carson, a Security Scientist and adviser to several governments discusses the lessons learned from that event and how Estonia became 'A Cloud Country' - check it out…

May 9, 2022 /

After all the big ransomware attack headlines, one might be inclined to think that a successful ransomware attack would also impact a victim organization’s stock price over the long term, but so far that's not the case according to several studies...

May 9, 2022 / 5 minute read

Lior Div, co-founder and CEO of Cybereason, talks about the Operation CuckooBees revelations and the broad global impact of intellectual property theft.

May 6, 2022 / 2 minute read

The Cybereason MalOp will be key to the ability of financial institutions to meet the new 36 hour cybersecurity incident reporting deadline...

May 5, 2022 / 2 minute read

Join us for this live webinar as we delve into research findings about the risk to organizations from ransomware attacks that occur on weekends and holidays and how you can better prepare to defend against them...

May 5, 2022 / 1 minute read

Cybereason recently an attack assessed to be the work of Chinese APT Winnti that operated undetected, siphoning intellectual property and sensitive data - the two companion reports examine the tactics and techniques of the overall campaign as well as more detailed analysis of the malware arsenal and exploits used...

May 4, 2022 / 4 minute read

Cybereason investigated multiple intrusions targeting technology and manufacturing companies located in Asia, Europe and North America. Based on the findings of our investigation, it appears that the goal behind these intrusions was to steal sensitive intellectual property for cyber espionage purposes...

May 4, 2022 / 11 minute read

This research zeroes in on the Winnti malware arsenal and includes analysis of the observed malware and the complex Winnti infection chain, including evasive maneuvers and stealth techniques that are baked-in to the malware code...

May 4, 2022 / 19 minute read

Join us for an examination of what a modern ransomware attack chain looks like and how an XDR solution can be leveraged to detect and stop complex ransomware attacks at the earliest stages, long before the actual ransomware payload is delivered...

May 3, 2022 / 1 minute read

Greg Day, Cybereason’s VP and Global Field CISO for the EMEA region, offers his perspective on developing cybersecurity skills, knowledge, and culture...

May 3, 2022 / 3 minute read

Learn how mature security teams effectively counter modern ransomware operations (RansomOps) and avoid a system-wide takeover by bad actors - all delivered through a step-by-step walkthrough of a ransomware attack...

May 2, 2022 / 1 minute read

In May 1990, a massive operation carried out by hundreds of Secret Service and FBI agents was focused on a new type of crime: Hacking. But every action has an equal and opposite reaction, and the reaction to Operation Sundevil was the birth of a new power in the cybersphere: the Electronic Frontier Foundation - check it out…

May 2, 2022 /

Cybereason and Google executives will explain how the security industry can better defend against novel attacks through a live demonstration of how Cybereason XDR powered by Google Cloud reverses the adversary advantage and returns the high ground to Defenders...

April 28, 2022 / 1 minute read

Cybereason XDR supports the U.K. Cybersecurity Strategy objective of minimizing the impact of cybersecurity incidents...

April 28, 2022 / 2 minute read

In this article you’ll get an overview of the key challenges common to distributed Machine Learning (ML) architectures frequently seen in IOT devices and security solutions...

April 27, 2022 / 4 minute read

An AI-driven XDR solution allows Defenders to move from a "detect and respond" mode to a more proactive “predictive response” posture where the likely next steps in an attack are anticipated and blocked...

April 27, 2022 / 3 minute read

Three-quarters of Retail organizations reported a significant loss of revenue after suffering a ransomware attack, more than half (58%) experienced employee layoffs, and one third were forced to temporarily suspend or halt their business operations altogether...

April 26, 2022 / 5 minute read

The MITRE Attack Flow Project is a new way to visualize, analyze and share knowledge about sequences of adversary behavior. Ingrid Skoog, Ass. Director of R&D at the Center for Threat-Informed Defense, and Cybereason CISO Israel Barak discuss the benefits of the MITRE Attack Flow project to Defenders and executives alike - check it out…

April 25, 2022 /

This report provides unique insight into SocGholish and Zloader attacks and provides an overview of the common tactics and techniques in SocGholish infections...

April 25, 2022 / 14 minute read

If your organization needs cyber insurance or if you're up for renewal, get ready to meet these "minimum requirements." Here's seven ways Cybereason can enhance your cyber insurance investment...

April 22, 2022 / 5 minute read

Cybereason has announced the availability of Cybereason DFIR, a solution designed to automate incident response (IR) investigations by incorporating nuanced forensics artifacts into threat hunting, reducing remediation time by enabling security analysts to contain cyberattacks in minutes...

April 21, 2022 / 2 minute read

Most XDR platforms ingest a variety of threat intelligence to spot known Indicators of Compromise (IOCs), but only an AI-driven XDR solution can detect based on the more subtle chains of activity known as Indicators of Behavior (IOBs)...

April 20, 2022 / 4 minute read

When 24-year-old Aaron Swartz was caught scraping millions of science articles off of JSTOR, he faced up to 35 years in prison plus a fine of up to 1 million dollars. Did Aaron's crime justify such a harsh punishment? Check it out…

April 19, 2022 /

Nearly half of organizations with cyber insurance in place when they were victims of a ransomware attack said that their insurer only covered a portion of their losses, so they still needed to pay out of pocket significantly to cover the recovery costs...

April 19, 2022 / 3 minute read

To have confidence we can block the attack, we will have invested time and resources to build out the MalOp, and as such we should track our blocking controls to see which have the greater longevity against the adversary...

April 14, 2022 / 3 minute read

Don’t miss the immersive digital experience at Cybereason booth S-735 in the South Expo Hall packed with informative in-booth theater presentations, enjoy more briefings at the Cybereason Lounge at the Four Seasons, score some great swag like a Malicious Life Podcast T-Shirt and more...

April 13, 2022 / 3 minute read

RansomOps have steadily become more sophisticated and more aligned with nation-state actors making ransomware an existential threat for enterprises - join expert Bob Bigman, former CISO for the CIA to learn more about major ransomware groups and how they operate...

April 13, 2022 /

An AI-driven XDR solution can correlate security telemetry from across the network to produce a complete picture of all elements of an attack to automate responses - basically eliminating the need for SIEM and SOAR tools in most circumstances...

April 13, 2022 / 4 minute read

This white paper examines the growing threat from complex RansomOps, as well as the larger Ransomware Economy, and provides prescriptive guidance for organizations determined to remain undefeated by ransomware attacks...

April 12, 2022 / 1 minute read

Cybereason XDR supports both capability outcomes outlined in the U.K. Government Cybersecurity strategy for detecting cyber events...

April 11, 2022 / 3 minute read

Several weeks after the invasion of Ukraine by Russian forces, and the lights are still on and other important infrastructure is still operating. Cybereason CEO Lior Div, CTO Yonatan Striem-Amit, and CSO Sam Curry examine what we know so far about the cyber aspect of the conflict...

April 11, 2022 /

Join this informative webinar to learn how the combination of IBM X-Force expertise and cutting edge Cybereason security solutions and DFIR capabilities deliver a faster, more efficient approach to Incident Response...

April 7, 2022 /

This APT-C-23 campaign involves of two previously undocumented malware strains dubbed Barb(ie) Downloader and BarbWire Backdoor, which use an enhanced stealth mechanism to remain undetected - in addition, Cybereason observed an upgraded version of an Android implant dubbed VolatileVenom...

April 6, 2022 / 11 minute read

Don’t be fooled by marketing ploys from vendors touting their latest big dollar acquisition of technologies they can’t integrate but still try to pawn off as XDR...

April 6, 2022 / 4 minute read

Due to some controversy in the community over the airplane hacking episode, we have decided to remove it from the playlist...

April 5, 2022 /

An AI-driven XDR solution can cut through the noise introduced by a constant flood of alerts, allowing security teams to spend less time sifting through alerts and chasing false positives and more time detecting and blocking attacks...

April 5, 2022 / 4 minute read

Cybereason and IBM are launching a joint solution to address the most critical SOC challenges and significantly improve incident response delivery, triage, and remediation processes...

April 4, 2022 / 3 minute read

Cybereason leads the industry in the MITRE ATT&CK Enterprise Evaluation 2022, achieving the best results ever in the history of these evaluations...

April 1, 2022 / 3 minute read

Cybereason CSO Sam Curry talks about the potential threat of cyberattacks from Russia in connection with the invasion of Ukraine and why Russia might engage with external cyber mercenaries to get the job done. ..

April 1, 2022 / 6 minute read

Learn how mature security teams effectively counter modern ransomware operations (RansomOps) and avoid a system-wide takeover by bad actors - all delivered through a step-by-step walkthrough of a ransomware attack...

April 1, 2022 / 1 minute read

While other vendors are scrambling to cherry-pick the results and spin up some clever interpretations of the MITRE ATT&CK results, Cybereason is proud to let the evaluation results speak for themselves: Cybereason demonstrated 100% Prevention, 100% Visibility, and 100% Real-Time Protection...

March 31, 2022 / 3 minute read

The second installment of our five-part series outlining how Cybereason XDR maps to each of the objectives in the U.K. Government Cybersecurity Strategy...

March 31, 2022 / 3 minute read

What issues should CISOs be prioritizing, and how can they get the most bang for their buck? An esteemed panel of accomplished security leaders discuss the challenges for 2022 and more - check it out...

March 31, 2022 /

An AI-driven XDR solution enables organizations to embrace an operation-centric approach that delivers the visibility required to be confident they can halt attack progressions at the earliest stages...

March 30, 2022 / 4 minute read

Periodically, every business steps back and asks itself a number of questions around its security resilience, and at the top of the list is the question: Are my response processes still fit for purpose?

March 29, 2022 / 5 minute read

Organizations need to be capable of responding effectively to a ransomware attack in order to minimize impact to the business. Here are three things they should consider along the way...

March 29, 2022 / 4 minute read

MITRE is the preeminent third-party security solution evaluator. We explain the key metrics to look for in their upcoming Enterprise ATT&CK Evaluation...

March 28, 2022 / 4 minute read

DIE, an acronym for Distributed, Immutable and Ephemeral, is a framework for designing secure systems where we should treat our precious data less like pets and more like cattle. Sound confusing? New paradigms always are - check it out…

March 28, 2022 /

The MITRE ATT&CK evaluations test security vendors’ ability to quickly detect and stop tactics and techniques used by today’s threat actors. In this webinar, we strip down the complexity of the MITRE ATT&CK framework so your organization can leverage it for success...

March 25, 2022 / 1 minute read

The risk of cyberattacks from Russia or threat actors aligned with Russia is high and every organization, regardless of industry or geographic location, needs to be prepared to defend against them...

March 25, 2022 / 2 minute read

Wayman Cummings, VP of Security Operations at Unisys, examines how industry stagnation impacts the security for our critical infrastructure, the value true public-private partnerships can bring and more - check it out...

March 24, 2022 /

This is the first installment of a five-part blog series in which we will outline how Cybereason XDR maps to each of the five objectives contained in the U.K. Government Cybersecurity Strategy...

March 24, 2022 / 4 minute read

The most valuable conversations today are focused on operational resilience, a newer term for the CSO, but less so for most Boards who already know what the processes are to achieve key business outcomes...

March 23, 2022 / 4 minute read

Unlike pseudo-XDR offerings that are really just EDR tools with a cloud extension, an AI-driven XDR solution does not require that valuable telemetry be filtered out due to a platform’s inability to handle the volume of intelligence available...

March 23, 2022 / 4 minute read

Cybereason continues its exponential growth and expansion of the team by naming Frank Koelmel as EMEA Region General Manager where he will be overseeing all Cybereason EMEA operations, leading future growth and expansion in the region...

March 23, 2022 / 2 minute read

Authentication platform Okta has confirmed they were breached and customer base impacted after threat actors Lapsus$ gained access to the company’s internal environment...

March 22, 2022 / 3 minute read

We usually count the damage from a cyberattack in Dollars and Euros, but the psychological damage to the victims is rarely discussed. Can scams, hacks, and breaches lead to Cyber Post-Traumatic Stress Disorder? Check it out…

March 22, 2022 /

Sixty percent of manufacturing organizations said they were struggling to defend against ransomware attacks due to their growing sophistication, while just under half noted that they were likely to get hit at some point...

March 22, 2022 / 3 minute read

In a recent MITRE ATT&CK test, Carbon Black had a 9% delayed detection rate - delayed detections leave organizations open to ransomware and other attacks...

March 22, 2022 / 5 minute read

The Cybereason MalOp (malicious operation) detection engine allowed a single Lenovo analyst to manage up to 200,000 endpoints, almost three times their current network needs...

March 18, 2022 / 3 minute read

Join us for an examination of what a modern ransomware attack chain looks like and how an XDR solution can be leveraged to detect and stop complex ransomware attacks at the earliest stages, long before the actual ransomware payload is delivered...

March 17, 2022 / 1 minute read

The Cybereason Historical Data Lake ingests all available telemetry collected for analysis for two primary use cases: Historical Threat Hunting and Deep Investigation...

March 17, 2022 / 2 minute read

Renee Guttmann needed a way to determine and communicate the right decisions to the organization, so she developed the “Six-Minute Rule” as a guide - Renee explains how to help stakeholders make informed risk/reward decisions - check it out...

March 17, 2022 /

Still considering Microsoft for your security needs? They issued patches for 234 vulnerabilities in just the first Quarter of 2022: 23 are rated Critical and 10 are zero-days--that’s an average of about 8 Critical vulnerabilities and 3 zero-days per month...

March 16, 2022 / 3 minute read

What is the most critical of all critical infrastructure? According to Jeff Engles, it's our Banking and Finance systems - Jeff joins us to discuss the resilience of our financial system and potential worst-case scenarios - check it out…

March 16, 2022 /

One good way to spot pseudo-XDR offerings is to ask the provider if the tool has the ability to ingest and analyze all available telemetry, or if the platform has limitations that requires "smart filtering" of some or most of the telemetry...

March 16, 2022 / 3 minute read

Cyberattacks by groups supporting Russian interests have been observed, but experts have noted that we likely have not seen the full potential of a Russian cyber offensive yet. A panel of experts will explore the increased risk stemming from the conflict in Ukraine...

March 16, 2022 / 1 minute read

One way to avoid out-of-memory errors is by configuring metrics and alerts that will tell us the story of our app overtime and notify us when something bad may be happening - before it reaches the customer...

March 15, 2022 / 4 minute read

Crowdstrike and SentinelOne platforms are forced to filter out critical event telemetry--and while they try to pawn off this deficit as a "feature" by calling it Smart Filtering, eliminating critical telemetry undermines their ability to detect complex RansomOps attacks at the earliest stages...

March 15, 2022 / 4 minute read

Defend Forward means assuming an offensive mindset for proactive defense to disrupt malicious operations earlier...

March 14, 2022 / 2 minute read

This final episode of the series is going to explore how the Crypto AG spying operation was kept secret for over 70 years from governments, military and intelligence services, and even the company’s own personnel - check it out…

March 10, 2022 /

ISACs were formed to promote the centralized sharing of threat intel within a particular sector. Grant Sewell, Director of Security at AHEAD, shares his experience in working with an ISAC and how this benefited his organization - check it out...

March 10, 2022 /

In certain combinations, some chains of behavior represent an advantage to an attacker - your team must be able to differentiate between benign use vs. the abuse of legitimate tools and processes...

March 9, 2022 / 7 minute read

Threat intelligence is transparently integrated into every aspect of the AI-driven Cybereason XDR Platform to enable Threat Hunting for behavioral TTPs...

March 9, 2022 / 1 minute read

An AI-driven XDR solution enables SecOps teams to embrace an operation-centric approach that delivers the visibility required to halt attack progressions at the earliest stages...

March 9, 2022 / 3 minute read

Cybereason is celebrating International Women’s Day and Women’s History Month through education, activities and events, and we invite all Defenders to join us as we work together to #BreaktheBias...

March 8, 2022 / 4 minute read

Cybereason CEO Lior Div honors Employee Appreciation Day and reflects on the core values of Cybereason and why it's important to appreciate employees 365 days a year.

March 8, 2022 / 2 minute read

Consider how much time your business would allow you for an ALLOW or BLOCK decision in the event of a ransomware attack, and then challenge your team to determine if they have the processes and the skills to achieve it...

March 8, 2022 / 4 minute read

Healthcare organizations need to assume that they’ll be hit, and it’s better to be prepared and never be the victim of a ransomware attack than it is to start the process of bolstering defenses after an attack has been successful...

March 8, 2022 / 3 minute read

Cybereason continues its exponential growth and expansion of the team by welcoming Greg Day to the company as Vice President and Global Field Chief Information Security Officer (CISO) for the EMEA region...

March 8, 2022 / 1 minute read

While not needed for every event and every investigation, DFIR (Digital Forensic Incident Response) is an essential component of the modern security toolkit...

March 7, 2022 / 6 minute read

The surge of Emotet attacks targeting Japanese organizations in the first quarter of 2022 is a continuation of the earlier Emotet activity, with some changes in the malware deployment process. The Cybereason XDR Platform detects and blocks Emotet malware...

March 7, 2022 / 3 minute read

Quantum Computing is a revolutionary technology, but what's the threat posed by Quantum attacks on encryption, and is the first major attack even closer than most of us think? Check it out…

March 7, 2022 /

Sophisticated multi-stage attacks are delivering highly damaging wipers dubbed HermeticWiper and IsaacWiper. The Anti-Malware capability in the Cybereason XDR Platform detects and blocks these destructive wipers...

March 3, 2022 / 2 minute read

Cybereason and the MITRE Engenuity Center for Threat-Informed Defense launch the Attack Flow Project to develop a common data format for describing adversary behavior and improve defensive capabilities...

March 3, 2022 / 2 minute read

Richard Clarke, who spent several decades serving Presidents of both parties, provides some pragmatic tips for effectively communicating the need to invest in security in terms the Board of Directors can support - check it out...

March 3, 2022 /

AI-driven XDR automatically correlates telemetry from across endpoints, data centers, application suites, user identities and more, freeing security teams from the need to constantly triage a flood of non-contextual threat alerts and false positives...

March 2, 2022 / 3 minute read

BlackCat Ransomware gained notoriety quickly leaving a trail of destruction behind it, among its recent victims are German oil companies, an Italian luxury fashion brand and a Swiss Aviation company. Cybereason XDR detects and blocks BlackCat Ransomware...

March 1, 2022 / 7 minute read

Remember, the actual ransomware payload is the tail end of a RansomOps attack, so there are weeks or even months of detectable activity where a ransomware attack can be disrupted before there is serious impact...

March 1, 2022 / 3 minute read

Cybereason CEO Lior Div looks at events unfolding with the Russian invasion of Ukraine and what it has revealed about the connection between Russia and the most notorious cybercrime and ransomware gangs...

February 28, 2022 / 2 minute read

How did Boris Hagelin succeed in selling compromised cipher machines to half the world over more than 50 years? Was there some kind of backdoor - or it was more clever than that? Check it out…

February 28, 2022 /

Customer Success Manager Michelle Winters discusses her favorite Black History icon, Bessie Coleman, and how this world-changing leader reflects our Core Values: Daring, UbU, Never Give Up, Ever Evolving, Win As One...

February 24, 2022 / 2 minute read

Achieving Zero Trust requires planetary-scale telemetry and the ability to analyze and correlate it all in real-time - that means Cybereason XDR powered by Google Cloud....

February 24, 2022 / 2 minute read

What was the Log4j vulnerability really, what can be done to reduce the risk it poses to organizations, and how can we better prepare for the next Log4j-level event? Benny Lakunishok, CEO of Zero Networks, takes us deeper - check it out...

February 24, 2022 /

Most EDRs can’t even handle all the telemetry available from endpoints, so jamming even more data into these tools that can’t actually correlate any of it effectively then trying to pass it off as XDR is simply a fool's errand...

February 23, 2022 / 3 minute read

Organizations need to think strategically and be proactive about ransomware preparedness - here are three questions you should be asking in order to avoid being the victim of a successful RansomOps attack...

February 22, 2022 / 4 minute read

Threat Research lead Assaf Dahan discusses new discoveries about Iranian APTs Moses Staff and Phosphorus that blur the line between state-sponsored attacks and criminal activity - check it out…

February 22, 2022 /

Join Cybereason at Cybertech 2022 March 1-3 in Tel Aviv--the cyber ecosystem's foremost networking platform conducting industry-related events all around the globe...

February 22, 2022 / 1 minute read

Cybersecurity and Infrastructure Security Agency (CISA) is warning businesses to prepare for ransomware attacks if Russia invades Ukraine - learn how your organizations can be prepared...

February 18, 2022 / 2 minute read

What issues should CISOs be prioritizing, and how can they get the most bang for their buck while minimizing risk and maximizing outcomes? Join our panel of esteemed CISOs from multiple industries as they share their perspectives...

February 18, 2022 / 1 minute read

“Cybereason XDR delivers deep contextual correlations without the need to craft complex syntax queries, which is just one of the many reasons we are seeing rapid adoption of our platform...”

February 17, 2022 / 1 minute read

How does the CISO establish the value proposition for an investment? Jack Jones, Chief Risk Scientist at RiskLens, discusses using a well-tested risk framework to evaluate current state of loss exposure - check it out...

February 17, 2022 /

Join us for a look at top ransomware attack trends we’ll see in 2022, what an attack chain looks like, and the Defender’s view inside our AI-driven Extended Detection and Response...

February 17, 2022 / 1 minute read

There is the potential for these attacks to cross the cyber-physical divide by inadvertently or purposefully disrupting crucial systems that govern assets that are vital to the economy, national security, or protecting lives...

February 16, 2022 / 4 minute read

While cyberwarfare operations are expected to be leveraged in order to distract, disrupt, and destroy systems critical to Ukraine's defense capabilities locally, there is a high probability that Russian operatives might also target organizations beyond the region...

February 15, 2022 / 3 minute read

Ukrainian officials attributed the attack to Russia “preparing the ground” for a military invasion with nasty wipers dubbed WhisperGate and HermeticWiper. Cybereason Anti-Ransomware and Anti-MBR corruption technology detects and blocks WhisperGate and HermeticWiper...

February 15, 2022 / 2 minute read

This ongoing evolution of complex ransomware operations highlights the need to be strategic with RansomOps defense. Specifically, it underscores the importance of an operation-centric approach to RansomOps prevention...

February 15, 2022 / 4 minute read

“With Cybereason, I am confident we will be able to give Sri Lankan enterprises the right tools and technologies to successfully overcome increasing global cyber threats..."

February 14, 2022 / 1 minute read

General McArthur, Egypt's Anwar Sadat, and Iran's Ayatollah Khomeini: these are just a few of the dozens (likely hundreds) of targets in the biggest, most ambitious hacking operation ever - check it out…

February 14, 2022 /

The Cybereason GSOC delivers details on three recently observed attack scenarios where fast-moving malicious actors used the malware loaders IcedID, QBot and Emotet to deploy the Cobalt Strike framework on the compromised systems...

February 10, 2022 / 13 minute read

CRN’s annual Channel Chiefs project identifies top IT channel vendor executives who continually demonstrate expertise, influence and innovation in channel leadership...

February 10, 2022 / 2 minute read

Security departments need to acquire tool after tool over - Kevin Richards walks through a very creative method for getting the budget you need and explains how to leverage the current environment to “find” new sources of funding...

February 10, 2022 /

Cybereason XDR for Cloud Workloads secures cloud workloads, containers and hosts at unparalleled speed and scale...

February 9, 2022 / 2 minute read

An AI-driven XDR solution provides Defenders with the ability to predict, detect and respond to cyberattacks across the entire enterprise network, including endpoints, identities, the cloud, application suites and more...

February 9, 2022 / 4 minute read

Learn how Cybereason XDR for Cloud Workloads delivers prevention, detection and response capabilities to defend cloud workloads and containers at runtime...

February 9, 2022 / 1 minute read

Prior to the deployment of the Lorenz ransomware, the attackers attempt to infiltrate and move laterally throughout the organization, carrying out a fully-developed RansomOps attack - the Cybereason XDR Platform fully detects and prevents the Lorenz ransomware...

February 8, 2022 / 7 minute read

Attackers’ interest in targeting financial institutions aligns with larger trends that are shaping the ransomware threat landscape, like the increasing complexity of some ransomware operations–or RansomOps...

February 8, 2022 / 3 minute read

Learn how mature security teams effectively counter modern ransomware operations (RansomOps) and avoid a system-wide takeover by bad actors - all delivered through a step-by-step walkthrough of a ransomware attack...

February 8, 2022 / 1 minute read

Attacks against Small-to-Medium size businesses (SMBs) accounts for 40% to 50% of all data breaches. Josh Ablett, founder and CISO of Adelia Risk, discusses security for SMBs - spoiler: it's not a pretty picture - check it out…

February 7, 2022 /

Cybereason CEO Lior Div highlights new research on Iranian threat actors and how attacks blend nation-state adversary and cybercrime threat actor tactics and motives...

February 4, 2022 / 2 minute read

The Cybereason XDR Platform provides a unified view of your endpoints, allowing analysts to quickly remediate complex threats across multiple machines...

February 4, 2022 / 1 minute read

The Cybereason XDR Platform quickly detects chains of behavior that are either rare or present a strategic advantage to an attacker, allowing analysts to stop attacks before they cause damage...

February 3, 2022 / 4 minute read

When a particular skill is needed that is not available, what do you do? Should you hire someone externally or bring in a consultant? CISO John Iatonna discusses his experience in making these tough decisions - check it out...

February 3, 2022 /

Cybereason XDR addresses the five core pillars of Zero Trust: device, identity, network, application workload and data...

February 2, 2022 / 3 minute read

XDR can evolve with the changing threat landscape, can allow complex attack operations to be identified at the earliest stages, and can automate responses for a faster mean time to remediation at scale...

February 2, 2022 / 3 minute read

The Cybereason MalOp detection engine to identify malicious behaviors with extremely high confidence levels, reducing false positives by a factor of 10...

February 2, 2022 / 2 minute read

Cybereason discovered an undocumented RAT dubbed StrifeWater attributed to Iranian APT Moses Staff who deploy destructive ransomware following network infiltration and the exfiltration of sensitive data...

February 1, 2022 / 7 minute read

Cybereason discovered a new toolset developed by Iranian APT Phosphorus which revealed a connection to Memento ransomware and includes the newly discovered PowerLess Backdoor that evades detection by running PowerShell in a .NET context...

February 1, 2022 / 8 minute read

In this episode, we go back to the Yom Kippur War of 1973 to discover how a national trauma and an intelligence failure paved the way for Israel to become a cybersecurity mini-empire - check it out…

January 31, 2022 /

The locus of control has been slipping away from IT teams - and by default Security teams. Scott King, CISO at Encore Capital Group joins the podcast to discuss strategies to remain agile in the face of rapid change - check it out...

January 27, 2022 /

"When I first joined, I heard about the 'Defender' concept so much I almost felt skeptical, but the Defender vibe is real, it’s in the DNA of the company - the people here really believe in what we do..."

January 26, 2022 / 3 minute read

As tensions escalate between Russia and the United States over the situation in Ukraine, it is more important than ever for Defenders to be prepared to protect against cyberattacks...

January 25, 2022 / 2 minute read