<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=116645602292181&amp;ev=PageView&amp;noscript=1">

A Bazar of Tricks: Following Team9’s Development Cycles

Malware

A Bazar of Tricks: Following Team9’s Development Cycles

In this analysis, our Nocturnus research team shows how the Bazar malware is sent via phishing emails that take advantage of the ongoing coronavirus pandemic, employee payroll reports, and customer complaints.

FakeSpy Masquerades as Postal Service Apps Around the World

Malware

FakeSpy Masquerades as Postal Service Apps Around the World

The Cybereason Nocturnus team is investigating a new campaign involving FakeSpy, an Android mobile malware used to steal SMS messages, send SMS messages, steal financial data, read account information and contact lists, steal application data, and do much more.

Valak: More than Meets the Eye

Malware

Valak: More than Meets the Eye

The Valak Malware is a sophisticated malware that can steal enterprise mailing information and passwords along with the enterprise certificate. This has the potential to access critical enterprise accounts, causing damage to organizations, brand degradation, and ultimately a loss of consumer trust. 

Love Your Enemies Before You Destroy Them — Hacking for Good

Cybersecurity

Love Your Enemies Before You Destroy Them — Hacking for Good

Proactive defense is about predicting, understanding, and preventing as many moves as possible that an attacker could make against you. You have to stay a step ahead of the enemy and lure them into a trap of your own.

IOCs vs. IOBs

Malware

IOCs vs. IOBs

IOCs are valuable when preventing known malware, but over 350,000 new strains of malware are detected every day, and fileless malware attacks are on the rise. IOCs are no longer an innovative or sufficient standalone method for defense. 

The Hole in the Bucket: Attackers Abuse Bitbucket to Deliver an Arsenal of Malware

Malware

The Hole in the Bucket: Attackers Abuse Bitbucket to Deliver an Arsenal of Malware

Cybereason is following an active campaign to deliver seven different types of malware that are able to steal data, mine for cryptocurrency, and deliver ransomware to victims all over the world.

How to Prevent the Next Big POS Breach

Malware

How to Prevent the Next Big POS Breach

A new malware discovered in October called Anchor is being used to target financial, manufacturing, and retail businesses across North America and Europe. The threat actor has been leveraging Anchor and TrickBot together to infect, explore, and exploit high-value targets that implement point of sale systems.

Dropping Anchor: From a TrickBot Infection to the Discovery of the Anchor Malware

Hacking

Dropping Anchor: From a TrickBot Infection to the Discovery of the Anchor Malware

Cybereason Nocturnus detected a series of targeted attacks against high-profile targets that uses a new variant of Anchor_DNS and a new malware dubbed Anchor.

Fileless Malware 101: Understanding Non-Malware Attacks

Malware

Fileless Malware 101: Understanding Non-Malware Attacks

Unlike attacks carried out using traditional malware, fileless malware attacks don’t entail attackers installing software on a victim’s machine. Instead, tools that are built-in to Windows are hijacked by adversaries and used to carry out attacks. Essentially, Windows is turned against itself.

Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers

Advanced Persistent Threat

Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers

In 2018, the Cybereason Nocturnus team identified an advanced, persistent attack targeting global telecommunications providers.