HAFNIUM Exploits Live On

The line is blurred between nation-states and cybercriminals

April 22, 2021 / 2 minute read

Sodinokibi Ransomware Gang Extorts Apple Through Supply Chain Attack

"Either REvil is benefitting indirectly from pariah policies related to cybercrime in Russia or is directly taking orders from a government." ~Sam Curry, Cybereason CSO...

April 22, 2021 / 3 minute read

Prometei Botnet Exploiting Microsoft Exchange Vulnerabilities

The multi-stage cryptocurrency botnet has been observed exploiting the Microsoft Exchange vulnerabilities associated with the HAFNIUM attacks to penetrate networks...

April 22, 2021 / 15 minute read

MITRE ATT&CK: Cybereason Dominates the Competition

The Cybereason Defense Platform dominated due to its ability to prevent and detect the advanced tools, tactics and procedures used in the MITRE evaluations emulating real-world scenarios...

April 21, 2021 / 2 minute read

Inside Effective EDR Evaluation Testing

We go into some of the methodology of EDR and we analyze “testing tools" to demonstrate the flaws in their use and explain why the results are unreliable when pitted against a modern EDR system...

April 21, 2021 / 9 minute read

CISO Stories Podcast: He Fought the FTC Over a Breach and Won

Hear how Mike Daugherty, CEO of LabMD, took on the FTC and mounted a multi-year defense to combat the outrageous allegations leveled by the regulatory agency...

April 21, 2021 /

Cybereason Excels in 2020 MITRE Engenuity ATT&CK Evaluations

The Cybereason Defense Platform achieved 100% coverage for prevention and 98% technique visibility across the 54 advanced attack techniques applied in testing...

April 20, 2021 / 2 minute read

Malicious Life Podcast: Shutting Down the Internet in 30 Minutes

Chris Wysopal, one of L0pht's founding members, talks about the group's 1998 Senate testimony and how they used shaming to force corporations to secure their software...

April 20, 2021 / 1 minute read

Ransomware Decoded: Preventing Modern Ransomware Attacks

Understand how to detect the preliminary stages of an attack, analyze the scope of the operation and prevent execution of the malicious code...

April 19, 2021 / 1 minute read

Cybereason and MassCyberCenter Partner to Mentor College Students

“There is a massive skills gap in the cybersecurity industry and we should do all we can to bridge it and to pay forward what we all received in our careers. No one advances in isolation.” ~Sam Curry, Cybereason CSO...

April 16, 2021 / 2 minute read

Webinar: MITRE ATT&CK Evaluations - Unpacking the Emulation

If your organization has a distributed attack surface, this webinar is a must - we’re seeing attackers increasingly pivot from opportunistic compromise to double extortion ransomware attacks...

April 15, 2021 / 1 minute read

CISO Stories Podcast: Is There a Magic Security Control List?

Tony Sager, a 35-year NSA software vulnerability analyst and executive, discusses how the CIS Controls can be used effectively to manage your environment...

April 15, 2021 /

Biden Admin Takes Action to Defend Electric Utilities Against Cyberattacks

The plan marks the first step in a larger effort to strengthen digital safeguards at municipal water utilities, natural gas pipeline operations and more...

April 14, 2021 / 3 minute read

Rise of Double-Extortion Shines Spotlight on Ransomware Prevention

By using double extortion, ransomware attackers can compel organizations to pay a ransom even if they are able to recover their information using data backups...

April 14, 2021 / 3 minute read

Malicious Life Podcast: The Story of LØpht Heavy Industries, Part 2

By the end of the ‘90s many of the L0pht hackers had quit their day jobs and incorporated under the name L0pht Heavy Industries...

April 13, 2021 / 2 minute read

Five Clear Steps to Enhance SecOps with MITRE ATT&CK

With these five steps, you can continuously tune your security strategy and leverage the connection between techniques, tactics, and procedures and real-world adversary groups...

April 12, 2021 / 1 minute read

The Cybereason Difference: Introduction to the Malop

The Malop provides a contextualized view of the full attack narrative correlated across all impacted endpoints and users so security analysts can respond to threats with an operation-centric approach...

April 11, 2021 / 3 minute read

CISO Stories Podcast: Doing Security Before Security Was a Career Path

Special guest Petri Kuivala, CISO at NXP Semiconductors, recounts his journey from municipal police officer to cybercrimes unit investigator to Chief Information Security Officer during the early days when security was largely an afterthought...

April 8, 2021 /

Malicious Life Podcast: The Story of L0pht Heavy Industries, Part 1

'L0pht' was one of the most influential hacker collectives of the '90s: they were even invited to testify in front of Congress on the state of Internet security. In this episode of Malicious Life, four of L0pht's members talk about the beginning and influence of the L0pht on cybersecurity. - check it out...

April 6, 2021 / 2 minute read

Cybereason Empowers Partners with North American MSSP Program Expansion

“Cybereason’s platform has helped us protect our clients and partners from advanced threats and has simplified our security operations,” said Justin Kallhoff, Chief Cybersecurity Officer...

April 6, 2021 / 2 minute read

Personal Info for More Than Half a Billion Facebook Users Leaked Online

Cybereason CSO Sam Curry shares insights on the news that attackers publicly exposed information from 533 million Facebook users based in 106 countries, including phone numbers, Facebook IDs, birthdates, bios, full names and locations. The dumped data also included the email addresses for a portion of the affected users.

April 5, 2021 / 3 minute read

Ransomware Defense: Three Implementations Every Security Team Needs

Ransomware attacks are continuing to accelerate at a torrid pace - but the more concerning trend is how effective they are at creating chaos & paralyzing business operations. Effective multi-layer ransomware prevention capabilities have never been more important. Here are three implementations every security team needs

April 5, 2021 / 4 minute read

CISO Stories Podcast: The Colonoscopy of CyberSecurity

The information & cybersecurity industry has no shortage of regulations, many organizations simply rundown the list of requirements, load them into a spreadsheet and check the boxes to show they are compliant. But is being compliant the same as being secure? Tune in to this CISO podcast episode with guest Lee Parrish

April 1, 2021 /

Cybereason vs. DarkSide Ransomware

DarkSide ransomware follows the double extortion trend where the threat actors first exfiltrate the data and threaten to make it public if the ransom demand is not paid, rendering backing up data as a precaution against a ransomware attack moot...

April 1, 2021 / 6 minute read

Whistleblower Accuses Ubiquiti of Downplaying Major Data Breach

The US-based technology company explained in its statement that it had found no evidence of those responsible for the intrusion having misused a user account or having gained access to its databases - but according to the whistleblower, this isn’t what happened...

March 31, 2021 / 3 minute read

FBI Pegs 2020 Cybercrime Costs at $4 Billion - Actual Losses Likely Higher

Complaints represented a 69% increase over 2019, and Cybereason CSO Sam Curry suspects that the reported losses likely represent just a fraction of the actual costs to Americans in 2020...

March 31, 2021 / 3 minute read

DearCry Ransomware and the HAFNIUM Attacks – What You Need to Know

The Cybereason Defense Platform prevents the execution of DearCry ransomware and other malware being propagated by threat actors abusing residual elements of the recent HAFNIUM attacks on Microsoft Exchange...

March 30, 2021 / 3 minute read

Why Healthcare Security Requires an Operation-Centric Approach

Cybereason focuses on Indicators of Behavior (IoBs) to quickly identify suspicious or malicious activity, and provide the visibility, context, and intelligence customers need to take action at the earliest stages of an attack...

March 29, 2021 / 3 minute read

CISO Stories Podcast: Going All-In on a Career in Security

Mauro Israel, CISO at BIOOOS, discusses his colorful background and how he – like many in the security field – discovered his true calling late in life and was able to apply his wide range of knowledge & experience to the role of CISO in the healthcare field. Check out the new episode of the CISO stories podcast

March 26, 2021 /

Cybereason Named a Strong Performer in Forrester Wave for MDR

Cybereason MDR was one of 15 solutions included in the report from Forrester, a testament to Cybereason's superior threat hunting, multi-layer prevention and correlated behavior-based detections.

March 24, 2021 / 2 minute read

Malicious Life Podcast: Inside the HAFNIUM Microsoft Exchange Attacks

The recent HAFNIUM attacks hit tens of thousands of organizations’ Microsoft Exchange servers. What happened, what were the vulnerabilities exploited in the attack, and what can we do to defend against such attacks in the future? In this episode, Host Ran Levi is joined by Israel Barack, Cybereason CISO

March 23, 2021 / 1 minute read

Sodinokibi/REvil Ransomware Gang Hit Acer with $50M Ransom Demand

The Sodinokibi/REvil ransomware gang has reportedly attacked multinational corporation Acer and demanded a ransom of $50 million - ransomware today is not simply an evolution of traditional malware, but an element of increasingly complex and highly targeted operations.

March 23, 2021 / 3 minute read

Malicious Life Podcast: Inside NotPetya, Part 2

Listen as we break down the chain of events from the moment NotPetya began to spread around the world to the moment it was stopped by Amit Serper who was on his way to friends when he decided to take a swipe at the malware. Catch the latest episode of the Malicious Life podcast with guest Cyber Analyst Amit Serper

March 22, 2021 / 12 minute read

HAFNIUM Response: Cybereason is Dedicated to Defending Our Customers

Cybereason continues to investigate the related threats to protect our customers against adversaries targeting still-vulnerable and patched but not fully remediated Microsoft Exchange servers...

March 18, 2021 / 2 minute read

Cybereason Exposes Campaign Targeting US Taxpayers with NetWire and Remcos Malware

Cybereason researchers have discovered a new campaign targeting US taxpayers with documents that purport to contain tax-related content but ultimately deliver NetWire and Remcos malware - two prolific remote access trojans.

March 18, 2021 / 4 minute read

CISO Stories Podcast: Is Cybersecurity ROI Necessary?

Business units are challenged to demonstrate ROI on their spending, why should information security departments be any different? Tune in to the latest podcast episode to learn why calculating ROI for security may not be necessary and how reducing risk involves different considerations

March 17, 2021 /

Security CEO Roundtable: Restoring Our National Cybersecurity

Watch the discussion between leading security CEOs at Cybereason's roundtable event as they are addressing increased security funding in the recently passed American Rescue Package legislation in the wake of two devastating attacks.

March 16, 2021 / 37 minute read

Webinar: Protecting Against IT Infrastructure Attacks from HAFNIUM to SolarWinds

Cyberattacks targeting IT infrastructure systems are highly-scalable, campaign-style efforts with a widespread impact. With their high degree of success in recent months, we can expect this trend to continue in the future. Now is the time to learn how to end these attacks. Join our webinars to learn more!

March 16, 2021 / 1 minute read

SolarWinds Attacks Recovery Effort Could Take U.S. Government 18 Months

“It’s one thing to have solutions in place that can detect one component of an attack, but it’s another thing to understand that individual events represent aspects of a larger malicious operation." Yonatan Striem-Amit, CTO and co-founder of Cybereason

March 15, 2021 / 3 minute read

Webinar: The State of Ransomware

Join leaders from Cybereason's Nocturnus Research and Incident Response teams as they explore insights based upon what is happening in the underground and their first-hand experience with ransomware attacks encountered in the wild.

March 12, 2021 / 1 minute read

International Women’s Day: Why Be Daring?

Let’s strive for us women to continue to push each other and ourselves to our next level constantly, to make ourselves comfortable in uncomfortable situations, and then take another step forward into the discomfort.

March 12, 2021 / 2 minute read

Live Feeds of 150K Surveillance Cameras Compromised in Verkada Breach

Digital attackers compromised the live feeds of 150,000 surveillance cameras made by enterprise security camera system manufacturer Verkada.

March 11, 2021 / 3 minute read

International Women’s Day: Girls Should Never Give Up

Although equality issues in workplaces for women have generally improved over the last few years, there is still a great deal of room for improvement...

March 11, 2021 / 3 minute read

CISO Stories Podcast: Your Job is to Make Cybersecurity Simple

The CISO position in some organizations is relatively new, but the role has actually been evolving over the past 25 years - ever since Citibank named the first CISO, Steve Katz, in 1995. Join this podcast to learn how Steve navigated the early days of security and the changes he sees in the role today...

March 10, 2021 /

International Women’s Day: “Win as One” Takes True Commitment to Diversity

"Win as One” means we succeed or fail as a team, regardless of gender identity, sexual orientation, religion, or race. I am inspired every day by this approach and the modeling of it by our management team...

March 10, 2021 / 2 minute read

International Women’s Day: Culture Add Over Culture Fit as a Catalyst for Diversity

To attract and retain more women in the tech fields, we need to change our thinking to focus on whether a candidate is a Culture Add rather than a Culture Fit...

March 9, 2021 / 2 minute read

HAFNIUM and SolarWinds Attacks Highlight Lack of Accountability

Organizations are again scrambling to assess the impact of a recently disclosed attack attributed to the Chinese state-sponsored HAFNIUM APT group that targets vulnerabilities in Microsoft Exchange. Cybereason protected all of our customers from both the SolarWinds and HAFNIUM attacks.

March 8, 2021 / 3 minute read

International Women’s Day: UbU and Lead Like a Girl

Getting ahead in business doesn’t mean suppressing my femininity, it means using the best of who I am and finding ways for that authentic me to continue to advance in business – without apologies...

March 8, 2021 / 3 minute read

CISO Stories Podcast: …and Other Useless Security Constructs

"Bob Bigman, former CISO for the CIA, simplifies the conversation by slaughtering some of the industry’s most sacred cows like risk tolerance as a key driver for security programs..."

March 4, 2021 /

CISO Stories Podcast: Without Building a CISO EQ, You May Be On Your Own

Join us as we welcome special guest Marci McCarthy, CEO and President at T.E.N. Inc., to learn how CISOs can better maintain self-awareness, exercise empathy and emotional intelligence to gain trust of others, and exercise appropriate self-care.

March 3, 2021 /

Malicious Life Podcast: Inside NotPetya, Part 1

Host Ran Levi is joined by Amit Serper, the first researcher to tackle NotPetya and provide a solution when he was Principal Security Researcher at Cybereason...

March 3, 2021 / 13 minute read

Defender Spotlight: Keith Barros, Seton Hall University

Top-tier defender Keith Barros of Seton Hall University discusses the successes achieved with a deployment of Cybereason solutions to secure endpoints and ramp-up students to Level1 Analyst level performance....

March 2, 2021 / 1 minute read

CISO Stories Podcast: Doing Privacy Right vs. Doing Privacy Rights

Organizations need to be conscious of where they are in reference to the ‘creepy line.’ Join this podcast with special guest Valerie Lyons to learn how to determine the data collection and processing appropriate for your organization...

February 25, 2021 /

More Money Won’t Prevent the Next SolarWinds - But Better Detection Strategies Will

We need to shift away from our reliance on IOC artifacts and leverage Indicators of Behavior (IOBs), the subtle chains of behavior that can reveal an advanced attack long before it escalates to a major security event...

February 24, 2021 / 3 minute read

Cybereason Accelerates North American Expansion with Strategic Hires

“Abigail, Stephan and Ahmed each bring unique skill sets that will have a profound impact as we continue to meet the need for future-ready security by enhancing partnerships with organizations that are in the battle with defenders everyday..." ~Eric Apple, SVP Sales at Cybereason.

February 23, 2021 / 2 minute read

Case Study: SCM Insurance Services Finds True Partnership Cybereason

“We chose Cybereason was because of our need for comprehensive detection that’s mapped to MITRE ATT&CK... and to increase the speed to mitigation...” ~Nick LaPointe, Infosec Admin for SCM Insurance Services.

February 23, 2021 / 2 minute read

Ransomware Attacks Remain Persistent and Pervasive

Recent research found the average ransom payment paid had decreased by a third in the final quarter of 2020, dropping to $154,108 in Q4 from $233,817 in Q3. This was attributed to victims choosing not to give into demands for payment, not that attacks are diminishing overall.

February 22, 2021 / 4 minute read

Kia Motors America: Ransomware Not Behind Extended Systems Outage

Kia Motors America stated that a ransomware attack was not the apparent cause of an extended systems outage affecting the automobile dealer’s IT systems. It all started with an error message…

February 19, 2021 / 3 minute read

Cybereason Expands Middle East and North Africa Presence with Dubai’s Oxygen

Cybereason is pleased to announce a partnership with Oxygen DMCC, the Dubai-based leader in AI-powered cybersecurity and mobility solutions, enabling enterprises across the Middle East and North Africa (MENA) to detect and end cyber attacks on endpoints anywhere on their networks.

February 18, 2021 / 2 minute read

Malicious Life Podcast: Should Law Enforcement Use Facial Recognition? Pt. 2

Host Ran Levi is joined by attorney and privacy expert Ted Claypoole, and Andrew Maximov, CEO at Promethean AI who uses AI to fight Belarus's dictatorship, to explore the implications...

February 17, 2021 / 15 minute read

Global Law Firm Attributes Data Breach to Compromise at File Sharing Provider

"The size of the leak is not as important as the substance... The big concern here is where that data went and how threat actors might use it." ~Sam Curry, Cybereason CSO

February 17, 2021 / 3 minute read

CISO Stories Podcast: SLED Security - Pandemics, Policies, and Penny-Pinching

The Cybersecurity Coalition’s Ari Schwartz brings us up to date on some of the organization’s initiatives and then dives into some of the challenges SLED defenders are facing in trying to do more with less…

February 17, 2021 /

Cybereason vs. NetWalker Ransomware

The NetWalker ransomware has been targeting organizations in the US and Europe including several healthcare organizations, despite several known threat actors publicly claiming to abstain from targeting such organizations due to COVID-19.

February 16, 2021 / 4 minute read

The Cybereason Difference: Why PenTesters Don’t Want to be Our Valentine

A look at some of the reasons why we often get notes from our customers to the effect of, “I’m having fun watching our pentesters get frustrated over and over again as they attempt to bypass Cybereason - literally throwing the kitchen sink at it to no avail!”

February 15, 2021 / 2 minute read

CISO Stories Podcast: Telling Scary Stories to the Board? Stop. Here’s Why…

Enjoy this podcast with special guest Mischel Kwon to learn how to translate information security technical issues into a business-focused language and determine the right amount of technical language to share with executives…

February 12, 2021 /

Malicious Life Podcast: Should Law Enforcement Use Facial Recognition? Pt. 1

Clearview AI scrapes billions of images off social media and the open web, applies facial recognition algorithms on them, and sells that data to law enforcement agencies all over the world. But who are the people behind this secretive company, and what did a breach into its databases reveal?

February 12, 2021 / 21 minute read

The Cybereason Malop: Achieving Operation-Centric Security

Defenders must be able to quickly identify, and respond to malicious operations (Malops) with surgical precision, to be able to think, adapt, and act more swiftly than attackers can adjust their tactics. 

February 10, 2021 / 1 minute read

Attacker Tries to Poison Florida City’s Water Supply

"For nearly one year since the beginning of the COVID-19 pandemic, threat actors have carried numerous acts of war against research companies, hospitals and other first responders. These attacks have been brazen, shocking and downright maniacal..." ~ Sam Curry, CSO at Cybereason

February 9, 2021 / 3 minute read

Extortionists Publish Data Stolen from Two Healthcare Service Providers

An attacker group published information stolen from two healthcare service providers in a reported attempt to extort them for money.

February 8, 2021 / 3 minute read

The Security Value of Exploit Protection

One feature that Cybereason provides to protect users from exploit attacks is our Exploit Protection. This blog provides a quick rundown of some of the key terms used in understanding exploit attacks.

February 4, 2021 / 2 minute read

Cybereason XDR Dubbed Hottest New Cybersecurity Product by CRN

With Cybereason XDR, defenders can pinpoint, understand and end any Malop™ (malicious operation) across the entire IT stack whether on-premises, mobile or in the cloud.

February 4, 2021 / 2 minute read

Malicious Life Podcast: Inside Clearview AI Facial Recognition

Clearview AI scrapes billions of images off social media and the open web, applies facial recognition algorithms on them, and sells that data to law enforcement agencies all over the world. But who are the people behind this secretive company, and what did a breach into its databases reveal?

February 3, 2021 / 17 minute read

Nearly One-Third of Attack Targets Weren’t Running SolarWinds

Brandon Wales, acting director of the Cybersecurity and Infrastructure Security Agency (CISA), said in an interview that 30% of victims weren’t running SolarWinds’ Orion platform but suffered a compromise anyway.

February 3, 2021 / 3 minute read

Krebs, Curry and Cyber Security

This talk with investigative reporter Brian Krebs and Cybereason CSO Sam Curry will examine some of the more alarming trends in cybercrime today and offer some perspectives on how businesses, consumers and infosec pros can up their game in response.

February 2, 2021 /

NHS Warns of New COVID-19 Vaccine-Related Phishing Campaigns

The United Kingdom’s National Health Service (NHS) warned that scammers are in the process of sending out fake COVID-19 vaccine invitations.

February 1, 2021 / 3 minute read

Emotet Botnet Infrastructure Disrupted in International Takedown

Law enforcement entities and judicial authorities located around the world succeeded in disrupting the Emotet botnet’s infrastructure through a coordinated takedown effort.

January 28, 2021 / 3 minute read

Sam Curry on the ‘Real Privacy Mandate’

National Privacy Day is a time to look at the current state of privacy and to set the direction and tone for the future. On January 28, 2021, let’s stop and think not just about the minimum requirements of privacy legislation but rather about the world we’re building and handing to our children.

January 28, 2021 / 2 minute read

Cybereason Partners with Ensign to Provide Managed Detection and Response Services in APAC

Partnering with Ensign enables cyber defenders to take the fight directly to the adversary across endpoints, the enterprise and everywhere cyber battles are fought.

January 28, 2021 / 2 minute read

SolarWinds Attacks Highlight Advantage of Indicators of Behavior for Early Detection

Each week has brought new insights into what happened. Most of those updates have confirmed what we already know: whoever perpetrated these attacks were intent on not being detected. The most recent update on the attacks was no exception…

January 27, 2021 / 6 minute read

Cybereason vs. RansomEXX Ransomware

The Cybereason Nocturnus Team has been tracking the activity around the RansomEXX, being used as a part of multi-staged human-operated attacks targeting various government related entities and tech companies.

January 26, 2021 / 4 minute read

Wipro’s State of Cybersecurity Report Reveals Valuable Insights

The State of Cybersecurity Report 2020 from Wipro highlights trends and insights and provides guidance to help improve and maintain cyber resilience.

January 25, 2021 / 3 minute read

Last Hurrah: Executive Order to Protect IaaS Platforms from Malicious Actors

“What matters is whether this is useful to Biden as a tool for his strategy, not the parting shot of the outbound President. This is a chip in a political game and not significant to cyber security unless there’s momentum and more to follow. It’s all up to Biden now...”

January 22, 2021 / 3 minute read

SolarWinds Attacks Highlight Importance of Operation-Centric Approach

“We need to arm security analysts with tools to make the connection between disparate indicators of compromise—and, more importantly, the more subtle indicators of behavior associated with an attack—so that they can quickly detect and respond to malicious operations with surgical precision."

January 21, 2021 / 3 minute read

Cybereason and SYNNEX Corporation Partner to End Cyber Attacks

Cybereason and SYNNEX Corporation are pleased to announce a strategic agreement that enables SMBs and Enterprises to detect and end cyber attacks on endpoints anywhere on their networks.

January 13, 2021 / 1 minute read

Cybereason vs. Conti Ransomware

Since first emerging in May 2020, the ransomware operators (aka. the Conti Gang) claim to have over 150 successful attacks with millions in extortion fees. Download the Indicator's of Compromise to search for Conti in your own environment.

January 12, 2021 / 5 minute read

Cybereason and Intel Introduce Hardware-Enabled Ransomware Protections for Businesses

Cybereason® is pleased to announce our collaboration with Intel® Hardware Shield to provide robust protection against ransomware attacks at machine speed.

January 11, 2021 / 2 minute read

Contextualizing Microsoft’s Source Code Exposure in the SolarWinds Attacks

In a December 31 blog update, Microsoft revealed that its investigation into Solarwinds had found no evidence of unauthorized access to its production services or customer data, but that effort did uncover another attack attempt.

January 5, 2021 / 3 minute read

Ever Evolving: Israel Barak on Running Remote SOC Ops

We spent some time with Israel Barak, Chief Information Security Officer at Cybereason, who discussed some of the challenges of running a world-wide SOC remotely during the pandemic.

January 4, 2021 / 1 minute read

Amazon Gift Card Offer Serves Up Dridex Banking Trojan

Over the course of December, 2020, the Cybereason Nocturnus Team has been tracking down cyber crime campaigns related to the holiday season, and more specifically to online shopping. Download the Indicator's of Compromise to search for Dridex in your own environment.

December 24, 2020 / 6 minute read

Cybereason vs. Clop Ransomware

In the past few months, the Cybereason Nocturnus team has been tracking the activity of the Clop ransomware, a variant of CryptoMix ransomware. Download the Indicator's of Compromise to search for Clop in your own environment.

December 23, 2020 / 3 minute read

Cybereason vs. SolarWinds Supply Chain Attack

On December 13, 2020, IT infrastructure management provider SolarWinds issued a Security Advisory regarding their SolarWinds Orion Platform after experiencing a “highly sophisticated” supply chain attack.

December 22, 2020 / 2 minute read

2021 Security Crystal Ball: Trends and Predictions for the Year Ahead

Here are a handful of likely moves from the cyber adversaries in 2021 and where the risk lies.

December 22, 2020 / 11 minute read

Cybereason and Oracle Team Up for Security at Scale from the Endpoint to the Cloud

Cybereason has entered a strategic partnership with Oracle to protect global enterprises against advanced cybersecurity threats at every endpoint and across the enterprise.

December 21, 2020 / 2 minute read

Impact of XDR on the Modern SOC: New ESG Report

A new report from ESG, the Impact of XDR on the Modern SOC, is focused on the perception and value of XDR, and certainly reveals a number of interesting insights around how teams are prioritizing investment against attacks.

December 18, 2020 / 2 minute read

Molerats APT: New Malware and Techniques in Middle East Espionage Campaign

Security researchers observed a politically motivated APT called “Molerats” using three new malware variants to conduct espionage in the Middle East. Download the Indicator's of Compromise to search for Molerats in your own environment.

December 15, 2020 / 3 minute read

The SolarWinds Supply Chain Attack and the Limits of Cyber Hygiene

On December 13, Reuters reported that malicious actors had gone after both the U.S. Department of Treasury and the U.S. Department of Commerce.

December 14, 2020 / 3 minute read

Ever Evolving: Jake Williams on Running an Infosec Consultancy Remotely

We spent some time with Jake Williams - founder and President at Rendition Infosec and SANS Instructor - discusses some of the challenges in remotely running a successful infosec consultancy.

December 14, 2020 / 1 minute read

Cybereason vs. Ryuk Ransomware

Ryuk ransomware is most often seen as the final payload in a larger targeted attack against a corporation, and since its return in September, it has been mainly delivered via TrickBot or BazarLoader infections.

December 10, 2020 / 3 minute read

New Malware Arsenal Abusing Cloud Platforms in Middle East Espionage Campaign

The Cybereason Nocturnus Team has identified an active espionage campaign employing three previously unidentified malware variants that use Facebook, Dropbox, Google Docs and Simplenote for command & control and the exfiltration of data from targets across the Middle East.

December 9, 2020 / 2 minute read

Ever Evolving: Katie Nickels on Incident Response in a Remote World

We spent some time with Katie Nickels - current Director of Intelligence at Red Canary and formerly MITRE ATT&CK Threat Intelligence Lead - to discuss applied threat intelligence, prioritizing threats for impact, and working incident response in remote environments.

December 7, 2020 / 1 minute read

Is XDR the Next Silver Bullet?

Join us for an hour-long panel on the intricacies of XDR and how it will affect the security industry. Learn what XDR is, specific use cases, and how security practitioners can easily integrate this new technology into their security stack.

December 4, 2020 / 1 minute read

Meet the League of Defenders

One owl was no longer enough to represent all the many special superpowers defenders need to fight and win against today’s cyber attackers. We’d need a team of owls to tell this big a story. And this is how Cybereason’s League of Defenders was born.

December 4, 2020 / 2 minute read

Ensuring Digital Safety and Security This Holiday Season

Exercising caution around email links, locking down payment cards and investing in a password vault can help users stay safe and happy online during the holidays.

December 2, 2020 / 2 minute read

Ever Evolving: Rachel Tobac Talks Social Engineering

We spent some time with Rachel Tobac discussing techniques, awareness and training for organizations seeking to limit the risk from one of the most difficult security threats to counter - social engineering attacks

November 30, 2020 / 1 minute read

Cybereason vs. Egregor Ransomware

Egregor is a newly identified ransomware variant that was first discovered in September, 2020, and has recently been identified in several sophisticated attacks on organizations worldwide, including the games industry giants Crytek and Ubisoft. 

November 26, 2020 / 5 minute read

The Boston Globe Recognizes Cybereason as a Top Place to Work in 2020

Cybereason is pleased to announce we were named one of the Top Places to Work in 2020 by The Boston Globe, which recognizes the most admired workplaces in the state voted on by the people who know them best—their employees.

November 23, 2020 / 2 minute read

Ever Evolving: Cybereason CSO Sam Curry on Security and Leadership

Cybereason CSO Sam Curry shares insights on tackling tough security challenges from a strategic perspective as well as from the point of view of a leader of security operations teams working tirelessly to reverse the adversary advantage and return the high ground to the defenders.

November 23, 2020 / 1 minute read

Cybereason vs. MedusaLocker Ransomware

There have been reports of MedusaLocker attacks across multiple industries, especially the healthcare industry which suffered a great deal of ransomware attacks during the COVID-19 pandemic.

November 19, 2020 / 4 minute read

Buyer Beware: Tips for Secure Online Shopping During the Holidays

Shoppers flocking to online sites for their holiday shopping this year can do it safely and securely by following Cybereason’s recommendations.

November 18, 2020 / 3 minute read

Novel Chaes Malware Underscores Heightened E-Commerce Risk This Holiday Season

The Cybereason Nocturnus Team has identified an active campaign targeting customers of a larger e-commerce platform with newly identified multi-stage malware that evades antivirus tools dubbed Chaes. 

November 18, 2020 / 2 minute read

Ever Evolving: Stephanie Ihezukwu on Managing Security Remotely

Not long ago we were fortunate to grab some time with Steph Ihezukwu who shared her insights and observation on everything from diversity in tech to how to collaborate with teams in the age of remote work and heightened security concerns.

November 16, 2020 / 1 minute read

Cybereason XDR: Delivering Future-Ready Attack Protection Beyond the Endpoint

Cybereason XDR is a unified solution that is operation-centric, fusing endpoint telemetry with behavioral analytics to empower global enterprises to swiftly detect and end entire attack operations on the endpoint, in the cloud, on mobile devices and everywhere on their networks.

November 11, 2020 / 3 minute read

Ever Evolving: Yonatan Striem-Amit on Handling Breaches While Remote

Cybereason co-founder Yonatan Striem-Amit discusses the challenges inherent in addressing security breaches remotely.

November 9, 2020 / 1 minute read

Ever Evolving: Tanya Janca on Application Security Challenges

We were lucky enough to grab some time with Tanya Janca to discuss some key issues around security in times of crisis.

November 2, 2020 / 1 minute read

Back to the Future: Inside the Kimsuky KGH Spyware Suite

The Cybereason Nocturnus Team has been tracking a North Korean cyber espionage group known as Kimsuky and has identified a new spyware suite along with new attack infrastructure.

November 2, 2020 / 14 minute read

Law Enforcement Warns of Imminent Ransomware Threat to U.S. Hospitals

On October 29, CISA published a joint alert with the FBI and HHS. In it, they claimed to “have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.”

October 30, 2020 / 3 minute read

Ryuk Ransomware: Mitigation and Defense Action Items

Cybereason recommends activating their prevention stack to be set on “Prevent” mode (AV, NGAV, Powershell, AntiRW) to protect against Ryuk ransomware.

October 30, 2020 / 3 minute read

Heart of Cyber Darkness: How I Became a Defender

On that day, the veneer was torn away and I saw the heart of cyber darkness and knew that I was a Defender.

October 29, 2020 / 2 minute read

Cybereason’s Commitment to Defenders Now Backed by $1 Million Breach Protection Warranty

We are pleased to announce the Cybereason Breach Protection Warranty (PDF), which provides up to $1 Million in coverage in the event of a breach.

October 28, 2020 / 1 minute read

Finding Our Brand Voice: Champions for the Defender

Today is a monumental day at Cybereason as we step forward to re-launch our brand and begin to tell our story more boldly. The heart of this company and the thing that truly makes us different – our deep dedication to defenders – is now also the heart of our brand.

October 26, 2020 / 2 minute read

Cybereason Capture The Flag: Challenge Overviews

In August, we hosted our first ever Cybereason Capture The Flag competition. We heard your feedback: More, More, MORE! We had a blast building the challenges and interacting with all the participants, and hope you’ll join us for a future event! We are working on the next iteration, so stay tuned for our next CTF announcement.

October 16, 2020 / 4 minute read

It’s October: YES, National Cybersecurity Awareness Month Still Matters

This is not the time to bludgeon the rest of our company’s with reminders to use AV and keep it up to date or to “think before you click.” Instead, it’s a time to push the boundaries of cyber awareness in three ways: new audiences, deeper messages, and innovation, especially around emerging technology.

October 15, 2020 / 2 minute read

German Ransomware Attack: A Rallying Cry for Bullish Diligence

According to recent reports, a woman in Germany died after a ransomware attack against a hospital system forced her to be rerouted to a more remote facility, delaying critical treatment by an hour. It is also a prime example of the reason we in the security community exist and what we work daily to protect against, and a stark reminder that what we do is important and cannot be taken for granted.

September 24, 2020 / 2 minute read

VB2020: Anchor, Bazar, and the Trickbot Connection

Cybereason Nocturnus Team members Daniel Frank and Lior Rochberger will be presenting a session titled, Anchor, Bazar, and the Trickbot Connection, examining some new developments regarding a familiar threat actor.

September 22, 2020 / 1 minute read

Digital Forensic Breadcrumbs at the 2020 Grace Hopper Celebration

With 25,000 participants expected to attend, and keynotes from Serena Williams and Megan Rapinoe, the Grace Hopper Celebration brings together women in STEM across the globe, in the first ever virtual edition of the conference.

September 15, 2020 / 2 minute read

Cybereason’s Commitment to Inclusion in Cybersecurity

Cybereason is focusing internal efforts on one of our Company values we call “UbU” which strives to embrace and encourage employees who exemplify our Company's commitment to diversity in all its forms.

September 8, 2020 / 1 minute read

No Rest for the Wicked: Evilnum Unleashes PyVil RAT

In this research, we dive into the recent activity of the Evilnum group and explore its new infection chain and tools.

September 3, 2020 / 9 minute read

Time for an Upgrade: How to Switch from Symantec to Cybereason

If you are still using Symantec, you’re most likely tired of the complex workflows, the gaps in detection, and a resource-heavy solution that inhibits workflows and productivity. If so, it’s time to level up to a better solution that’s leading the industry.

August 25, 2020 / 3 minute read

Cyber Security Tips for Allowing Employees to Work From Home

While the ability to allow staff to work remotely when needed gives greater flexibility to corporations, it also comes with cybersecurity risks. Not only can remote workers put their own privacy at risk, but working remotely could result in a breach in the company’s security.

August 20, 2020 / 5 minute read

Deepfakes: Novelty Trend or Novel Threat?

Deepfakes, a rapidly advancing technique for generating very realistic media, has the potential to be very disruptive when misused.

August 18, 2020 / 4 minute read

Hacker Summer Camp is Cancelled, Long Live Virtual Hacker Summer Camp

A few months ago, in light of the ongoing pandemic, fears that hacker summer camp would be cancelled were realized. However, festivities still continued for some conferences, albeit in a virtual format.

August 13, 2020 / 2 minute read

Protecting Against Potential Cybersecurity Threats Brought on by Remote Work

In pivoting an entire workforce to remote work, employers need to be prepared for the cybersecurity risks involved. To guard against these threats, employers should have a remote work policy that all employees are aware of and comply with.

August 10, 2020 / 2 minute read

Increase in Remote Work Spurs Demand for EDR Cybersecurity

With the sudden increase in telework, the traditional approach of reacting to cyber threats and security issues only after a breach is discovered is no longer sufficient.

August 6, 2020 / 3 minute read

The 5 Sessions We Are Most Excited for at Virtual Black Hat USA 2020

We are still on course for an interesting Black Hat so we thought it would be helpful to highlight some of the sessions we are the most excited for. 

August 4, 2020 / 2 minute read

4 Challenges Faced by Organizations Transitioning to Remote Work

During the past few months, many companies have contacted us with various questions and requests about remote security. In our conversations with them, we’ve noticed four key challenges that we wanted to explore.

August 3, 2020 / 3 minute read

Remote Work Because of a Pandemic Could Give Your Company a Different Kind of Virus

Cyber attackers seeking to take advantage of the influx of employees working from home will increase phishing attacks and start attacking online services that are being used more than usual.

July 28, 2020 / 2 minute read

Need a Boost? Stretch Your Skills with the Cybereason Summer CTF!

Are you feeling cooped up after months of social distancing? Suffering from video conferencing meeting fatigue? Do you need to reawaken your curious analyst? Come capture flags and win prizes with Cybereason!

July 22, 2020 / 1 minute read

What Is a VPN, and How Can It Help Enterprises with Remote Workers?

With the recent surge of employees working from home, the use of a VPN tool has become an important topic within many companies.

July 22, 2020 / 4 minute read

Ensuring Data Privacy: Update on EU Court of Justice Ruling

July ruling by EU Court of Justice deemed EU-US Privacy Shield as inadequate. Cybereason is the only EPP vendor that gives you full control of your data.

July 20, 2020 / 1 minute read

A Bazar of Tricks: Following Team9’s Development Cycles

In this analysis, our Nocturnus research team shows how the Bazar malware is sent via phishing emails that take advantage of the ongoing coronavirus pandemic, employee payroll reports, and customer complaints.

July 16, 2020 / 14 minute read

Certified Business Security!

We are proud to announce the Cybereason XDR Platform has attained the AV Comparatives “Business Security” product certification!

July 15, 2020 / 2 minute read

Post-incident Review and the Big Data Problem

Security teams that have accepted the post-breach mindset understand that cybersecurity is an ongoing chess match with no end. They focus on reducing risk as much as possible through visibility and automation, instead of searching for a one-size-fits-all solution.

July 8, 2020 / 2 minute read

What Modern Ransomware Looks Like

Over the past year, we have seen many different types of ransomware attacks evolving, especially evolving into multistage ransomware that not only ransoms data, but also exfiltrates as much data as possible. This blog explores three of the most common modern ransomware attacks we are seeing today. 

July 6, 2020 / 2 minute read

FakeSpy Masquerades as Postal Service Apps Around the World

The Cybereason Nocturnus team is investigating a new campaign involving FakeSpy, an Android mobile malware used to steal SMS messages, send SMS messages, steal financial data, read account information and contact lists, steal application data, and do much more.

July 1, 2020 / 10 minute read

Ransomware: Weapons of Mass Disruption

Whenever there’s a decline in ransomware cases, or other more popular threats seem to be on the rise, new innovative techniques and even offerings seem to emerge.

June 30, 2020 / 4 minute read

How to Design a Prevention Stack to Stop Ransomware

Ransomware attacks are an efficient and effective weapon for criminals who want to harm any business through crucial data loss, damaged productivity, and injured brand reputation.

June 24, 2020 / 2 minute read

Next-Generation Antivirus 101: Layers of Prevention

Next-generation antivirus combines traditional antivirus with behavioral-based prevention to find prevent more evasive threats than legacy antivirus alone.

June 23, 2020 / 3 minute read

308% ROI by Using Cybereason, According to Forrester Total Economic Impact Study

With Cybereason, customers are able to protect themselves from cyber threats that are both known and unknown, minimize their overall security risks, all while reducing their overall security costs by $4.2M and attaining a ROI of 308% over three years!

June 16, 2020 / 3 minute read

UbU: Championing Diversity, Equity, and Inclusion at Cybereason

UbU (“you be you”) is the value that sits front and center at Cybereason. Acceptance of every person is at the heart of who we are as a company. As we celebrate PRIDE week (as we do every year), we also grieve the racism and violence taking place around us.

June 12, 2020 / 1 minute read

Cybereason’s Newest Honeypot Shows How Multistage Ransomware Attacks Should Have Critical Infrastructure Providers on High Alert

Earlier this year, Cybereason launched its latest honeypot to analyze the tactics, techniques, and procedures used by state-sponsored groups and cyber crime actors to target critical infrastructure providers.

June 11, 2020 / 6 minute read

How I made my company’s office into a fancy internet cafe and why should you too

In this article I describe a security strategy that helped my organization avoid this scenario by simply ignoring the perimeter, making us indifferent to the location our employees are working from.

June 10, 2020 / 7 minute read

What are Adversary Emulation Plans?

Though AEPs are especially important when testing and building a strong defense, they are often overlooked for TTPs by security practitioners versed in the “trench warfare” of day-to-day security operations.

June 8, 2020 / 2 minute read

Why Not Detect Every TTP in the MITRE ATT&CK Framework?

One could argue that, if you can detect all the TTPs in ATT&CK, you should also be able to defend against all of the adversaries in ATT&CK. While technically true, many TTPs are not inherently malicious.

June 1, 2020 / 2 minute read

Valak: More than Meets the Eye

The Valak Malware is a sophisticated malware that can steal enterprise mailing information and passwords along with the enterprise certificate. This has the potential to access critical enterprise accounts, causing damage to organizations, brand degradation, and ultimately a loss of consumer trust. 

May 28, 2020 / 13 minute read

Love Your Enemies Before You Destroy Them — Hacking for Good

Proactive defense is about predicting, understanding, and preventing as many moves as possible that an attacker could make against you. You have to stay a step ahead of the enemy and lure them into a trap of your own.

May 27, 2020 / 2 minute read

IOCs vs. IOBs

IOCs are valuable when preventing known malware, but over 350,000 new strains of malware are detected every day, and fileless malware attacks are on the rise. IOCs are no longer an innovative or sufficient standalone method for defense. 

May 21, 2020 / 2 minute read

Why a Cloud-Native EPP is Critical for Futureproof Security Operations

Among endpoint solutions, there’s a staggeringly clear distinction between solutions that are cloud-native and those whose cloud capabilities are either non-existent or partial at best.

May 19, 2020 / 2 minute read

Legacy AV is so Last Year

Since the acquisition of Symantec in September, Cybereason has received a flood of requests from concerned customers interested in making the switch to Cybereason.

May 18, 2020 / 2 minute read

What is the MITRE ATT&CK Framework?

MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (MITRE ATT&CK) is a model and knowledge base of adversary behavior that has become a staple of the endpoint security space.

May 12, 2020 / 2 minute read

Is On-Premises For Endpoint Protection Still A Thing?

At Cybereason, we want to assure our customers and prospects that we support various on-premises deployment options to address their entire endpoint protection security needs.

May 11, 2020 / 2 minute read

Ransomware: To Pay or Not to Pay

It might be appealing to have a clear-cut, black-and-white measure for when to talk or when to shut down talks; but the nuances of when it makes sense to enter into negotiations and when it makes sense to pay ransoms for hostages or not is not as straightforward as a five-word policy.

May 7, 2020 / 3 minute read

Converging Endpoint and Mobile Security

In this blog, I'll be exploring the traditional approaches to protecting and managing both endpoint and mobile devices and identify how both approaches have evolved.

May 5, 2020 / 2 minute read

Two Metrics to Evaluate MITRE ATT&CK Results

Ultimately, the goal of MITRE ATT&CK and other product evaluations is to identify which products can best contain attacks and provide you with actionable threat detection to reduce overall Mean Time To Respond.

May 4, 2020 / 2 minute read

EventBot: A New Mobile Banking Trojan is Born

The Cybereason Nocturnus team is investigating EventBot, a new type of Android mobile malware. EventBot abuses accessibility features to steal user data from financial applications, read user SMS messages, and steal SMS messages to allow the malware to bypass two-factor authentication.

April 30, 2020 / 12 minute read

Smart Filtering, Smart Sampling and Smart Scaling

In security data analysis, hunting and AI-driven automated detection, the quality of your results depends heavily on the quality of your data. In this blog, I’d like to discuss a few strategies for handling the data and the advantages and disadvantages of each approach.

April 27, 2020 / 3 minute read

Cybereason Mobile: Another Step Towards Our Vision to Protect it All

Today, we take another step towards our vision to protect it all by releasing a new offering to defend mobile devices: Cybereason Mobile.

April 23, 2020 / 2 minute read

MITRE ATT&CK Evaluations Showcase Cybereason’s Detailed Context and Visibility

Today, we are happy to announce that the Cybereason XDR Platform has been evaluated by MITRE ATT&CK to illustrate how we approach threat detection in the context of the MITRE ATT&CK framework.

April 22, 2020 / 2 minute read

Understanding the MITRE ATT&CK APT29 (Round 2) Product Evaluations

Get a refresher on the MITRE ATT&CK APT29 Evaluations.

April 21, 2020 / 4 minute read

Q&A: Maintaining Secure Business Continuity with Lior Div

I have been actively counseling CEOs on how best to secure business continuity during this difficult time, and want to make those recommendations available to everyone.

April 20, 2020 / 2 minute read

Recommended Reading During a Pandemic

At Cybereason, we are finding different ways to stay healthy during the COVID-19 pandemic. In conversations across the team, we realized we have the basis for an awesome recommended reading list we can share with the community.

April 16, 2020 / 2 minute read

Incident Response: Don’t Let That Data Age-out

“56% of breaches took months or longer to discover." Unfortunately, this is not earth shattering news. The current state of time to detect and respond being unacceptable across the industry, regardless of who you ask.

April 15, 2020 / 4 minute read

Q&A: Cybereason CEO Lior Div on Responding to COVID-19

'Responding to the unknown is part of our DNA.' Read more of a Q&A with Lior Div on how Cybereason responded to the COVID-19 pandemic.

April 13, 2020 / 5 minute read

Insights from a Fireside Chat on Ransomware, Cloud Adoption, & CISOs

Executive teams from Sprint and Cybereason recently sponsored an on-stage chat between Sam Curry, CISO of Cybereason and Ed Amoroso, CEO of TAG Cyber. The ground rules were simple: Our experts were to openly address serious issues in cyber security with no holding back – and they certainly did not disappoint.

April 9, 2020 / 2 minute read

3 Straightforward Ways to Build a SOC

When trying to address the question “Is my SOC as effective as possible?”, one of the most challenging components you will face is staffing. In this blog, I'll be covering how to answer some of the more difficult questions when it comes to building a SOC.

April 6, 2020 / 5 minute read

Perspectives on Maintaining Secure Business Continuity: A Guide

In this blog, you'll find perspectives from several of our experts with experience in managing crises across security and business functions.

April 2, 2020 / 3 minute read

Coronavirus Panic, Security, and You

While it is important to stay vigilant, wash our hands, and maintain social distancing policies, it is also important that we talk about another kind of hygiene, (and I know this sounds corny): our cyber hygiene.

March 30, 2020 / 3 minute read

Why We Created Remote Workforce Protection

Cybereason Remote Workforce Protection is built to help organizations secure their new, evolving-everywhere office, and to ease the burden on IT and security teams. 

March 25, 2020 / 1 minute read

Remote Work is the New Normal

With more and more employees encouraged to isolate and stay in their homes, a big question on every CEO’s mind is how to ensure her business is able to continue to function when all employees are remote.

March 23, 2020 / 5 minute read

‘AA’ Rated Advanced Endpoint Protection

Cybereason is proud to announce the Cybereason XDR Platform has achieved the ‘AA’ product rating in NSS Labs, Inc 2020 Advanced Endpoint Protection (AEP) testing.

March 19, 2020 / 2 minute read

Eagle vs. Panda: Does COVID-19 Rhetoric Have Us On The Brink Of War?

A disturbing polemic is emerging against the background noise of coronavirus reports from around the world: the cause of the problem is the other, the foreign.

March 19, 2020 / 3 minute read

Meet the ‘Futureproofed’ EDR Product With a Vision for Where the Market is Still Going

We are excited to announce that Cybereason has been named a strong performer, with the highest score in the “current offering” category amongst 11 other vendors in The Forrester Wave™: Endpoint Detection & Response Q1 2020.

March 18, 2020 / 2 minute read

Launching Now: Cybereason Remote Workforce Protection

Cybereason Remote Workforce Protection combines Cybereason NGAV multi-layered prevention, EDR analysis and response, with Cybereason MDR to manage it all for you, and remote incident response services across workstations, laptops, and mobile devices.

March 18, 2020 / 1 minute read

Just Because You’re Home Doesn’t Mean You’re Safe

Cybereason’s Nocturnus team is continuing to observe hundreds of phishing attacks that use coronavirus-themed files and domains to distribute malware and infect victims all over the world.

March 18, 2020 / 5 minute read

A Note of Support to our Customers During the COVID-19 Pandemic

As an organization, our top priority continues to be providing a seamless defense for all of our customers, especially in these difficult times.

March 16, 2020 / 1 minute read

Ghost in the Machine: Reconciling AI and Trust in the Connected World

This blog is a summary of the research and perspective of Cybereason CSO Sam Curry and Dr. Alon Kaufman of Duality on AI and Privacy titled: Ghost in the Machine, reconciling AI and Trust in the Connected World.

March 12, 2020 / 4 minute read

Who's Hacking the Hackers: No Honor Among Thieves

Cybereason Nocturnus is investigating a campaign where attackers are trojanizing multiple hacking tools with njRat, allowing the attackers to completely take over the victim’s machine.

March 10, 2020 / 8 minute read

Code Integrity in the Kernel: A Look Into ci.dll

Our kernel team researches how to reliably authenticate in kernel mode using ci.dll.

March 5, 2020 / 8 minute read

New Cyber Espionage Campaigns Targeting Palestinians - Part 2: The Discovery of the New, Mysterious Pierogi Backdoor

Cybereason's Nocturnus team has been tracking recent espionage campaigns specifically directed at entities and individuals in the Palestinian territories.

February 13, 2020 / 7 minute read

New Cyber Espionage Campaigns Targeting Palestinians - Part 1: The Spark Campaign

Cybereason's Nocturnus team has been tracking recent espionage campaigns specifically directed at entities and individuals in the Palestinian territories.

February 13, 2020 / 11 minute read

The Hole in the Bucket: Attackers Abuse Bitbucket to Deliver an Arsenal of Malware

Cybereason is following an active campaign to deliver multiple different types of malware to victims all over the world. This attack is able to steal data, mine for cryptocurrency, and in specific cases deliver ransomware.

February 5, 2020 / 9 minute read

Why is Emotet So Popular and Who is it Targeting Now?

The malware previously described by DHS as the most destructive ever is surging yet again. Why is Emotet so popular and who is it targeting now?

January 28, 2020 / 3 minute read

Six of the Best Malicious Life Cybersecurity History Stories from 2019

To close out the year and celebrate seventy episodes of Malicious Life, we’re listing the best cybersecurity podcast episodes we’ve released in 2019.

January 14, 2020 / 5 minute read

Is Cyber Retaliation from Iran Imminent?

We are three days into 2020, and the world is already on high alert. For reasons unknown given their classified nature, yesterday evening the US government killed prominent Maj. Gen. Qasem Soleimani in an overnight airstrike at the Baghdad airport.

January 3, 2020 / 3 minute read

Mobile Malware: From Consumer Fraud to Enterprise Espionage

Mobile now accounts for over half of Internet traffic worldwide. Is your organization addressing this growing security threat?

January 2, 2020 / 3 minute read

How Geopolitical Events Will Change Cybersecurity in 2020

As we enter the New Year, we need to keep in mind how nation state evolution, new targets, and security vendor stagnation will serve as motivation for hackers.

December 19, 2019 / 2 minute read

How to Prevent the Next Big POS Breach

A new malware called Anchor is being leveraged to infect, explore, and exploit high-value targets that implement point of sale systems.

December 17, 2019 / 2 minute read

Dropping Anchor: From a TrickBot Infection to the Discovery of the Anchor Malware

Cybereason Nocturnus detected a series of targeted attacks against high-profile targets that uses a new variant of Anchor_DNS and a new malware dubbed Anchor.

December 11, 2019 / 15 minute read

Phoenix: The Tale of the Resurrected Keylogger

Cybereason’s Nocturnus team is tracking a new keylogger gaining traction among cybercriminals called Phoenix. Read about it and its reception in the underground here.

November 20, 2019 / 11 minute read

Working Remote: How Universities Secure Open Networks

Security teams at universities face a difficult task: how to reconcile full cybersecurity protection with an open IT environment.

November 19, 2019 / 5 minute read

Hunting Raccoon: The New Masked Bandit on the Block

Since April 2019, the Cybereason Nocturnus team has investigated infections of the Raccoon stealer in the wild across organizations. Read about it here.

October 24, 2019 / 14 minute read