HAFNIUM Exploits Live On
The line is blurred between nation-states and cybercriminals
April 22, 2021 / 2 minute read
The line is blurred between nation-states and cybercriminals
April 22, 2021 / 2 minute read
"Either REvil is benefitting indirectly from pariah policies related to cybercrime in Russia or is directly taking orders from a government." ~Sam Curry, Cybereason CSO...
April 22, 2021 / 3 minute read
The multi-stage cryptocurrency botnet has been observed exploiting the Microsoft Exchange vulnerabilities associated with the HAFNIUM attacks to penetrate networks...
April 22, 2021 / 15 minute read
The Cybereason Defense Platform dominated due to its ability to prevent and detect the advanced tools, tactics and procedures used in the MITRE evaluations emulating real-world scenarios...
April 21, 2021 / 2 minute read
We go into some of the methodology of EDR and we analyze “testing tools" to demonstrate the flaws in their use and explain why the results are unreliable when pitted against a modern EDR system...
April 21, 2021 / 9 minute read
Hear how Mike Daugherty, CEO of LabMD, took on the FTC and mounted a multi-year defense to combat the outrageous allegations leveled by the regulatory agency...
April 21, 2021 /
The Cybereason Defense Platform achieved 100% coverage for prevention and 98% technique visibility across the 54 advanced attack techniques applied in testing...
April 20, 2021 / 2 minute read
Chris Wysopal, one of L0pht's founding members, talks about the group's 1998 Senate testimony and how they used shaming to force corporations to secure their software...
April 20, 2021 / 1 minute read
Understand how to detect the preliminary stages of an attack, analyze the scope of the operation and prevent execution of the malicious code...
April 19, 2021 / 1 minute read
“There is a massive skills gap in the cybersecurity industry and we should do all we can to bridge it and to pay forward what we all received in our careers. No one advances in isolation.” ~Sam Curry, Cybereason CSO...
April 16, 2021 / 2 minute read
If your organization has a distributed attack surface, this webinar is a must - we’re seeing attackers increasingly pivot from opportunistic compromise to double extortion ransomware attacks...
April 15, 2021 / 1 minute read
Tony Sager, a 35-year NSA software vulnerability analyst and executive, discusses how the CIS Controls can be used effectively to manage your environment...
April 15, 2021 /
The plan marks the first step in a larger effort to strengthen digital safeguards at municipal water utilities, natural gas pipeline operations and more...
April 14, 2021 / 3 minute read
By using double extortion, ransomware attackers can compel organizations to pay a ransom even if they are able to recover their information using data backups...
April 14, 2021 / 3 minute read
By the end of the ‘90s many of the L0pht hackers had quit their day jobs and incorporated under the name L0pht Heavy Industries...
April 13, 2021 / 2 minute read
With these five steps, you can continuously tune your security strategy and leverage the connection between techniques, tactics, and procedures and real-world adversary groups...
April 12, 2021 / 1 minute read
The Malop provides a contextualized view of the full attack narrative correlated across all impacted endpoints and users so security analysts can respond to threats with an operation-centric approach...
April 11, 2021 / 3 minute read
Special guest Petri Kuivala, CISO at NXP Semiconductors, recounts his journey from municipal police officer to cybercrimes unit investigator to Chief Information Security Officer during the early days when security was largely an afterthought...
April 8, 2021 /
'L0pht' was one of the most influential hacker collectives of the '90s: they were even invited to testify in front of Congress on the state of Internet security. In this episode of Malicious Life, four of L0pht's members talk about the beginning and influence of the L0pht on cybersecurity. - check it out...
April 6, 2021 / 2 minute read
“Cybereason’s platform has helped us protect our clients and partners from advanced threats and has simplified our security operations,” said Justin Kallhoff, Chief Cybersecurity Officer...
April 6, 2021 / 2 minute read
Cybereason CSO Sam Curry shares insights on the news that attackers publicly exposed information from 533 million Facebook users based in 106 countries, including phone numbers, Facebook IDs, birthdates, bios, full names and locations. The dumped data also included the email addresses for a portion of the affected users.
April 5, 2021 / 3 minute read
Ransomware attacks are continuing to accelerate at a torrid pace - but the more concerning trend is how effective they are at creating chaos & paralyzing business operations. Effective multi-layer ransomware prevention capabilities have never been more important. Here are three implementations every security team needs
April 5, 2021 / 4 minute read
The information & cybersecurity industry has no shortage of regulations, many organizations simply rundown the list of requirements, load them into a spreadsheet and check the boxes to show they are compliant. But is being compliant the same as being secure? Tune in to this CISO podcast episode with guest Lee Parrish
April 1, 2021 /
DarkSide ransomware follows the double extortion trend where the threat actors first exfiltrate the data and threaten to make it public if the ransom demand is not paid, rendering backing up data as a precaution against a ransomware attack moot...
April 1, 2021 / 6 minute read
The US-based technology company explained in its statement that it had found no evidence of those responsible for the intrusion having misused a user account or having gained access to its databases - but according to the whistleblower, this isn’t what happened...
March 31, 2021 / 3 minute read
Complaints represented a 69% increase over 2019, and Cybereason CSO Sam Curry suspects that the reported losses likely represent just a fraction of the actual costs to Americans in 2020...
March 31, 2021 / 3 minute read
The Cybereason Defense Platform prevents the execution of DearCry ransomware and other malware being propagated by threat actors abusing residual elements of the recent HAFNIUM attacks on Microsoft Exchange...
March 30, 2021 / 3 minute read
Cybereason focuses on Indicators of Behavior (IoBs) to quickly identify suspicious or malicious activity, and provide the visibility, context, and intelligence customers need to take action at the earliest stages of an attack...
March 29, 2021 / 3 minute read
Mauro Israel, CISO at BIOOOS, discusses his colorful background and how he – like many in the security field – discovered his true calling late in life and was able to apply his wide range of knowledge & experience to the role of CISO in the healthcare field. Check out the new episode of the CISO stories podcast
March 26, 2021 /
Cybereason MDR was one of 15 solutions included in the report from Forrester, a testament to Cybereason's superior threat hunting, multi-layer prevention and correlated behavior-based detections.
March 24, 2021 / 2 minute read
The recent HAFNIUM attacks hit tens of thousands of organizations’ Microsoft Exchange servers. What happened, what were the vulnerabilities exploited in the attack, and what can we do to defend against such attacks in the future? In this episode, Host Ran Levi is joined by Israel Barack, Cybereason CISO
March 23, 2021 / 1 minute read
The Sodinokibi/REvil ransomware gang has reportedly attacked multinational corporation Acer and demanded a ransom of $50 million - ransomware today is not simply an evolution of traditional malware, but an element of increasingly complex and highly targeted operations.
March 23, 2021 / 3 minute read
Listen as we break down the chain of events from the moment NotPetya began to spread around the world to the moment it was stopped by Amit Serper who was on his way to friends when he decided to take a swipe at the malware. Catch the latest episode of the Malicious Life podcast with guest Cyber Analyst Amit Serper
March 22, 2021 / 12 minute read
Cybereason continues to investigate the related threats to protect our customers against adversaries targeting still-vulnerable and patched but not fully remediated Microsoft Exchange servers...
March 18, 2021 / 2 minute read
Cybereason researchers have discovered a new campaign targeting US taxpayers with documents that purport to contain tax-related content but ultimately deliver NetWire and Remcos malware - two prolific remote access trojans.
March 18, 2021 / 4 minute read
Business units are challenged to demonstrate ROI on their spending, why should information security departments be any different? Tune in to the latest podcast episode to learn why calculating ROI for security may not be necessary and how reducing risk involves different considerations
March 17, 2021 /
Watch the discussion between leading security CEOs at Cybereason's roundtable event as they are addressing increased security funding in the recently passed American Rescue Package legislation in the wake of two devastating attacks.
March 16, 2021 / 37 minute read
Cyberattacks targeting IT infrastructure systems are highly-scalable, campaign-style efforts with a widespread impact. With their high degree of success in recent months, we can expect this trend to continue in the future. Now is the time to learn how to end these attacks. Join our webinars to learn more!
March 16, 2021 / 1 minute read
“It’s one thing to have solutions in place that can detect one component of an attack, but it’s another thing to understand that individual events represent aspects of a larger malicious operation." Yonatan Striem-Amit, CTO and co-founder of Cybereason
March 15, 2021 / 3 minute read
Join leaders from Cybereason's Nocturnus Research and Incident Response teams as they explore insights based upon what is happening in the underground and their first-hand experience with ransomware attacks encountered in the wild.
March 12, 2021 / 1 minute read
Let’s strive for us women to continue to push each other and ourselves to our next level constantly, to make ourselves comfortable in uncomfortable situations, and then take another step forward into the discomfort.
March 12, 2021 / 2 minute read
Digital attackers compromised the live feeds of 150,000 surveillance cameras made by enterprise security camera system manufacturer Verkada.
March 11, 2021 / 3 minute read
Although equality issues in workplaces for women have generally improved over the last few years, there is still a great deal of room for improvement...
March 11, 2021 / 3 minute read
The CISO position in some organizations is relatively new, but the role has actually been evolving over the past 25 years - ever since Citibank named the first CISO, Steve Katz, in 1995. Join this podcast to learn how Steve navigated the early days of security and the changes he sees in the role today...
March 10, 2021 /
"Win as One” means we succeed or fail as a team, regardless of gender identity, sexual orientation, religion, or race. I am inspired every day by this approach and the modeling of it by our management team...
March 10, 2021 / 2 minute read
To attract and retain more women in the tech fields, we need to change our thinking to focus on whether a candidate is a Culture Add rather than a Culture Fit...
March 9, 2021 / 2 minute read
Organizations are again scrambling to assess the impact of a recently disclosed attack attributed to the Chinese state-sponsored HAFNIUM APT group that targets vulnerabilities in Microsoft Exchange. Cybereason protected all of our customers from both the SolarWinds and HAFNIUM attacks.
March 8, 2021 / 3 minute read
Getting ahead in business doesn’t mean suppressing my femininity, it means using the best of who I am and finding ways for that authentic me to continue to advance in business – without apologies...
March 8, 2021 / 3 minute read
"Bob Bigman, former CISO for the CIA, simplifies the conversation by slaughtering some of the industry’s most sacred cows like risk tolerance as a key driver for security programs..."
March 4, 2021 /
Join us as we welcome special guest Marci McCarthy, CEO and President at T.E.N. Inc., to learn how CISOs can better maintain self-awareness, exercise empathy and emotional intelligence to gain trust of others, and exercise appropriate self-care.
March 3, 2021 /
Host Ran Levi is joined by Amit Serper, the first researcher to tackle NotPetya and provide a solution when he was Principal Security Researcher at Cybereason...
March 3, 2021 / 13 minute read
Top-tier defender Keith Barros of Seton Hall University discusses the successes achieved with a deployment of Cybereason solutions to secure endpoints and ramp-up students to Level1 Analyst level performance....
March 2, 2021 / 1 minute read
Organizations need to be conscious of where they are in reference to the ‘creepy line.’ Join this podcast with special guest Valerie Lyons to learn how to determine the data collection and processing appropriate for your organization...
February 25, 2021 /
We need to shift away from our reliance on IOC artifacts and leverage Indicators of Behavior (IOBs), the subtle chains of behavior that can reveal an advanced attack long before it escalates to a major security event...
February 24, 2021 / 3 minute read
“Abigail, Stephan and Ahmed each bring unique skill sets that will have a profound impact as we continue to meet the need for future-ready security by enhancing partnerships with organizations that are in the battle with defenders everyday..." ~Eric Apple, SVP Sales at Cybereason.
February 23, 2021 / 2 minute read
“We chose Cybereason was because of our need for comprehensive detection that’s mapped to MITRE ATT&CK... and to increase the speed to mitigation...” ~Nick LaPointe, Infosec Admin for SCM Insurance Services.
February 23, 2021 / 2 minute read
Recent research found the average ransom payment paid had decreased by a third in the final quarter of 2020, dropping to $154,108 in Q4 from $233,817 in Q3. This was attributed to victims choosing not to give into demands for payment, not that attacks are diminishing overall.
February 22, 2021 / 4 minute read
Kia Motors America stated that a ransomware attack was not the apparent cause of an extended systems outage affecting the automobile dealer’s IT systems. It all started with an error message…
February 19, 2021 / 3 minute read
Cybereason is pleased to announce a partnership with Oxygen DMCC, the Dubai-based leader in AI-powered cybersecurity and mobility solutions, enabling enterprises across the Middle East and North Africa (MENA) to detect and end cyber attacks on endpoints anywhere on their networks.
February 18, 2021 / 2 minute read
Host Ran Levi is joined by attorney and privacy expert Ted Claypoole, and Andrew Maximov, CEO at Promethean AI who uses AI to fight Belarus's dictatorship, to explore the implications...
February 17, 2021 / 15 minute read
"The size of the leak is not as important as the substance... The big concern here is where that data went and how threat actors might use it." ~Sam Curry, Cybereason CSO
February 17, 2021 / 3 minute read
The Cybersecurity Coalition’s Ari Schwartz brings us up to date on some of the organization’s initiatives and then dives into some of the challenges SLED defenders are facing in trying to do more with less…
February 17, 2021 /
The NetWalker ransomware has been targeting organizations in the US and Europe including several healthcare organizations, despite several known threat actors publicly claiming to abstain from targeting such organizations due to COVID-19.
February 16, 2021 / 4 minute read
A look at some of the reasons why we often get notes from our customers to the effect of, “I’m having fun watching our pentesters get frustrated over and over again as they attempt to bypass Cybereason - literally throwing the kitchen sink at it to no avail!”
February 15, 2021 / 2 minute read
Enjoy this podcast with special guest Mischel Kwon to learn how to translate information security technical issues into a business-focused language and determine the right amount of technical language to share with executives…
February 12, 2021 /
Clearview AI scrapes billions of images off social media and the open web, applies facial recognition algorithms on them, and sells that data to law enforcement agencies all over the world. But who are the people behind this secretive company, and what did a breach into its databases reveal?
February 12, 2021 / 21 minute read
Defenders must be able to quickly identify, and respond to malicious operations (Malops) with surgical precision, to be able to think, adapt, and act more swiftly than attackers can adjust their tactics.
February 10, 2021 / 1 minute read
"For nearly one year since the beginning of the COVID-19 pandemic, threat actors have carried numerous acts of war against research companies, hospitals and other first responders. These attacks have been brazen, shocking and downright maniacal..." ~ Sam Curry, CSO at Cybereason
February 9, 2021 / 3 minute read
An attacker group published information stolen from two healthcare service providers in a reported attempt to extort them for money.
February 8, 2021 / 3 minute read
One feature that Cybereason provides to protect users from exploit attacks is our Exploit Protection. This blog provides a quick rundown of some of the key terms used in understanding exploit attacks.
February 4, 2021 / 2 minute read
With Cybereason XDR, defenders can pinpoint, understand and end any Malop™ (malicious operation) across the entire IT stack whether on-premises, mobile or in the cloud.
February 4, 2021 / 2 minute read
Clearview AI scrapes billions of images off social media and the open web, applies facial recognition algorithms on them, and sells that data to law enforcement agencies all over the world. But who are the people behind this secretive company, and what did a breach into its databases reveal?
February 3, 2021 / 17 minute read
Brandon Wales, acting director of the Cybersecurity and Infrastructure Security Agency (CISA), said in an interview that 30% of victims weren’t running SolarWinds’ Orion platform but suffered a compromise anyway.
February 3, 2021 / 3 minute read
This talk with investigative reporter Brian Krebs and Cybereason CSO Sam Curry will examine some of the more alarming trends in cybercrime today and offer some perspectives on how businesses, consumers and infosec pros can up their game in response.
February 2, 2021 /
The United Kingdom’s National Health Service (NHS) warned that scammers are in the process of sending out fake COVID-19 vaccine invitations.
February 1, 2021 / 3 minute read
Law enforcement entities and judicial authorities located around the world succeeded in disrupting the Emotet botnet’s infrastructure through a coordinated takedown effort.
January 28, 2021 / 3 minute read
National Privacy Day is a time to look at the current state of privacy and to set the direction and tone for the future. On January 28, 2021, let’s stop and think not just about the minimum requirements of privacy legislation but rather about the world we’re building and handing to our children.
January 28, 2021 / 2 minute read
Partnering with Ensign enables cyber defenders to take the fight directly to the adversary across endpoints, the enterprise and everywhere cyber battles are fought.
January 28, 2021 / 2 minute read
Each week has brought new insights into what happened. Most of those updates have confirmed what we already know: whoever perpetrated these attacks were intent on not being detected. The most recent update on the attacks was no exception…
January 27, 2021 / 6 minute read
The Cybereason Nocturnus Team has been tracking the activity around the RansomEXX, being used as a part of multi-staged human-operated attacks targeting various government related entities and tech companies.
January 26, 2021 / 4 minute read
The State of Cybersecurity Report 2020 from Wipro highlights trends and insights and provides guidance to help improve and maintain cyber resilience.
January 25, 2021 / 3 minute read
“What matters is whether this is useful to Biden as a tool for his strategy, not the parting shot of the outbound President. This is a chip in a political game and not significant to cyber security unless there’s momentum and more to follow. It’s all up to Biden now...”
January 22, 2021 / 3 minute read
“We need to arm security analysts with tools to make the connection between disparate indicators of compromise—and, more importantly, the more subtle indicators of behavior associated with an attack—so that they can quickly detect and respond to malicious operations with surgical precision."
January 21, 2021 / 3 minute read
Cybereason and SYNNEX Corporation are pleased to announce a strategic agreement that enables SMBs and Enterprises to detect and end cyber attacks on endpoints anywhere on their networks.
January 13, 2021 / 1 minute read
Since first emerging in May 2020, the ransomware operators (aka. the Conti Gang) claim to have over 150 successful attacks with millions in extortion fees. Download the Indicator's of Compromise to search for Conti in your own environment.
January 12, 2021 / 5 minute read
Cybereason® is pleased to announce our collaboration with Intel® Hardware Shield to provide robust protection against ransomware attacks at machine speed.
January 11, 2021 / 2 minute read
In a December 31 blog update, Microsoft revealed that its investigation into Solarwinds had found no evidence of unauthorized access to its production services or customer data, but that effort did uncover another attack attempt.
January 5, 2021 / 3 minute read
We spent some time with Israel Barak, Chief Information Security Officer at Cybereason, who discussed some of the challenges of running a world-wide SOC remotely during the pandemic.
January 4, 2021 / 1 minute read
Over the course of December, 2020, the Cybereason Nocturnus Team has been tracking down cyber crime campaigns related to the holiday season, and more specifically to online shopping. Download the Indicator's of Compromise to search for Dridex in your own environment.
December 24, 2020 / 6 minute read
In the past few months, the Cybereason Nocturnus team has been tracking the activity of the Clop ransomware, a variant of CryptoMix ransomware. Download the Indicator's of Compromise to search for Clop in your own environment.
December 23, 2020 / 3 minute read
On December 13, 2020, IT infrastructure management provider SolarWinds issued a Security Advisory regarding their SolarWinds Orion Platform after experiencing a “highly sophisticated” supply chain attack.
December 22, 2020 / 2 minute read
Here are a handful of likely moves from the cyber adversaries in 2021 and where the risk lies.
December 22, 2020 / 11 minute read
Cybereason has entered a strategic partnership with Oracle to protect global enterprises against advanced cybersecurity threats at every endpoint and across the enterprise.
December 21, 2020 / 2 minute read
A new report from ESG, the Impact of XDR on the Modern SOC, is focused on the perception and value of XDR, and certainly reveals a number of interesting insights around how teams are prioritizing investment against attacks.
December 18, 2020 / 2 minute read
Security researchers observed a politically motivated APT called “Molerats” using three new malware variants to conduct espionage in the Middle East. Download the Indicator's of Compromise to search for Molerats in your own environment.
December 15, 2020 / 3 minute read
On December 13, Reuters reported that malicious actors had gone after both the U.S. Department of Treasury and the U.S. Department of Commerce.
December 14, 2020 / 3 minute read
We spent some time with Jake Williams - founder and President at Rendition Infosec and SANS Instructor - discusses some of the challenges in remotely running a successful infosec consultancy.
December 14, 2020 / 1 minute read
Ryuk ransomware is most often seen as the final payload in a larger targeted attack against a corporation, and since its return in September, it has been mainly delivered via TrickBot or BazarLoader infections.
December 10, 2020 / 3 minute read
The Cybereason Nocturnus Team has identified an active espionage campaign employing three previously unidentified malware variants that use Facebook, Dropbox, Google Docs and Simplenote for command & control and the exfiltration of data from targets across the Middle East.
December 9, 2020 / 2 minute read
We spent some time with Katie Nickels - current Director of Intelligence at Red Canary and formerly MITRE ATT&CK Threat Intelligence Lead - to discuss applied threat intelligence, prioritizing threats for impact, and working incident response in remote environments.
December 7, 2020 / 1 minute read
Join us for an hour-long panel on the intricacies of XDR and how it will affect the security industry. Learn what XDR is, specific use cases, and how security practitioners can easily integrate this new technology into their security stack.
December 4, 2020 / 1 minute read
One owl was no longer enough to represent all the many special superpowers defenders need to fight and win against today’s cyber attackers. We’d need a team of owls to tell this big a story. And this is how Cybereason’s League of Defenders was born.
December 4, 2020 / 2 minute read
Exercising caution around email links, locking down payment cards and investing in a password vault can help users stay safe and happy online during the holidays.
December 2, 2020 / 2 minute read
We spent some time with Rachel Tobac discussing techniques, awareness and training for organizations seeking to limit the risk from one of the most difficult security threats to counter - social engineering attacks
November 30, 2020 / 1 minute read
Egregor is a newly identified ransomware variant that was first discovered in September, 2020, and has recently been identified in several sophisticated attacks on organizations worldwide, including the games industry giants Crytek and Ubisoft.
November 26, 2020 / 5 minute read
Cybereason is pleased to announce we were named one of the Top Places to Work in 2020 by The Boston Globe, which recognizes the most admired workplaces in the state voted on by the people who know them best—their employees.
November 23, 2020 / 2 minute read
Cybereason CSO Sam Curry shares insights on tackling tough security challenges from a strategic perspective as well as from the point of view of a leader of security operations teams working tirelessly to reverse the adversary advantage and return the high ground to the defenders.
November 23, 2020 / 1 minute read
There have been reports of MedusaLocker attacks across multiple industries, especially the healthcare industry which suffered a great deal of ransomware attacks during the COVID-19 pandemic.
November 19, 2020 / 4 minute read
Shoppers flocking to online sites for their holiday shopping this year can do it safely and securely by following Cybereason’s recommendations.
November 18, 2020 / 3 minute read
The Cybereason Nocturnus Team has identified an active campaign targeting customers of a larger e-commerce platform with newly identified multi-stage malware that evades antivirus tools dubbed Chaes.
November 18, 2020 / 2 minute read
Not long ago we were fortunate to grab some time with Steph Ihezukwu who shared her insights and observation on everything from diversity in tech to how to collaborate with teams in the age of remote work and heightened security concerns.
November 16, 2020 / 1 minute read
Cybereason XDR is a unified solution that is operation-centric, fusing endpoint telemetry with behavioral analytics to empower global enterprises to swiftly detect and end entire attack operations on the endpoint, in the cloud, on mobile devices and everywhere on their networks.
November 11, 2020 / 3 minute read
Cybereason co-founder Yonatan Striem-Amit discusses the challenges inherent in addressing security breaches remotely.
November 9, 2020 / 1 minute read
We were lucky enough to grab some time with Tanya Janca to discuss some key issues around security in times of crisis.
November 2, 2020 / 1 minute read
The Cybereason Nocturnus Team has been tracking a North Korean cyber espionage group known as Kimsuky and has identified a new spyware suite along with new attack infrastructure.
November 2, 2020 / 14 minute read
On October 29, CISA published a joint alert with the FBI and HHS. In it, they claimed to “have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.”
October 30, 2020 / 3 minute read
Cybereason recommends activating their prevention stack to be set on “Prevent” mode (AV, NGAV, Powershell, AntiRW) to protect against Ryuk ransomware.
October 30, 2020 / 3 minute read
On that day, the veneer was torn away and I saw the heart of cyber darkness and knew that I was a Defender.
October 29, 2020 / 2 minute read
We are pleased to announce the Cybereason Breach Protection Warranty (PDF), which provides up to $1 Million in coverage in the event of a breach.
October 28, 2020 / 1 minute read
Today is a monumental day at Cybereason as we step forward to re-launch our brand and begin to tell our story more boldly. The heart of this company and the thing that truly makes us different – our deep dedication to defenders – is now also the heart of our brand.
October 26, 2020 / 2 minute read
In August, we hosted our first ever Cybereason Capture The Flag competition. We heard your feedback: More, More, MORE! We had a blast building the challenges and interacting with all the participants, and hope you’ll join us for a future event! We are working on the next iteration, so stay tuned for our next CTF announcement.
October 16, 2020 / 4 minute read
This is not the time to bludgeon the rest of our company’s with reminders to use AV and keep it up to date or to “think before you click.” Instead, it’s a time to push the boundaries of cyber awareness in three ways: new audiences, deeper messages, and innovation, especially around emerging technology.
October 15, 2020 / 2 minute read
According to recent reports, a woman in Germany died after a ransomware attack against a hospital system forced her to be rerouted to a more remote facility, delaying critical treatment by an hour. It is also a prime example of the reason we in the security community exist and what we work daily to protect against, and a stark reminder that what we do is important and cannot be taken for granted.
September 24, 2020 / 2 minute read
Cybereason Nocturnus Team members Daniel Frank and Lior Rochberger will be presenting a session titled, Anchor, Bazar, and the Trickbot Connection, examining some new developments regarding a familiar threat actor.
September 22, 2020 / 1 minute read
With 25,000 participants expected to attend, and keynotes from Serena Williams and Megan Rapinoe, the Grace Hopper Celebration brings together women in STEM across the globe, in the first ever virtual edition of the conference.
September 15, 2020 / 2 minute read
Cybereason is focusing internal efforts on one of our Company values we call “UbU” which strives to embrace and encourage employees who exemplify our Company's commitment to diversity in all its forms.
September 8, 2020 / 1 minute read
In this research, we dive into the recent activity of the Evilnum group and explore its new infection chain and tools.
September 3, 2020 / 9 minute read
If you are still using Symantec, you’re most likely tired of the complex workflows, the gaps in detection, and a resource-heavy solution that inhibits workflows and productivity. If so, it’s time to level up to a better solution that’s leading the industry.
August 25, 2020 / 3 minute read
While the ability to allow staff to work remotely when needed gives greater flexibility to corporations, it also comes with cybersecurity risks. Not only can remote workers put their own privacy at risk, but working remotely could result in a breach in the company’s security.
August 20, 2020 / 5 minute read
Deepfakes, a rapidly advancing technique for generating very realistic media, has the potential to be very disruptive when misused.
August 18, 2020 / 4 minute read
A few months ago, in light of the ongoing pandemic, fears that hacker summer camp would be cancelled were realized. However, festivities still continued for some conferences, albeit in a virtual format.
August 13, 2020 / 2 minute read
In pivoting an entire workforce to remote work, employers need to be prepared for the cybersecurity risks involved. To guard against these threats, employers should have a remote work policy that all employees are aware of and comply with.
August 10, 2020 / 2 minute read
With the sudden increase in telework, the traditional approach of reacting to cyber threats and security issues only after a breach is discovered is no longer sufficient.
August 6, 2020 / 3 minute read
We are still on course for an interesting Black Hat so we thought it would be helpful to highlight some of the sessions we are the most excited for.
August 4, 2020 / 2 minute read
During the past few months, many companies have contacted us with various questions and requests about remote security. In our conversations with them, we’ve noticed four key challenges that we wanted to explore.
August 3, 2020 / 3 minute read
Cyber attackers seeking to take advantage of the influx of employees working from home will increase phishing attacks and start attacking online services that are being used more than usual.
July 28, 2020 / 2 minute read
Are you feeling cooped up after months of social distancing? Suffering from video conferencing meeting fatigue? Do you need to reawaken your curious analyst? Come capture flags and win prizes with Cybereason!
July 22, 2020 / 1 minute read
With the recent surge of employees working from home, the use of a VPN tool has become an important topic within many companies.
July 22, 2020 / 4 minute read
July ruling by EU Court of Justice deemed EU-US Privacy Shield as inadequate. Cybereason is the only EPP vendor that gives you full control of your data.
July 20, 2020 / 1 minute read
In this analysis, our Nocturnus research team shows how the Bazar malware is sent via phishing emails that take advantage of the ongoing coronavirus pandemic, employee payroll reports, and customer complaints.
July 16, 2020 / 14 minute read
We are proud to announce the Cybereason XDR Platform has attained the AV Comparatives “Business Security” product certification!
July 15, 2020 / 2 minute read
Security teams that have accepted the post-breach mindset understand that cybersecurity is an ongoing chess match with no end. They focus on reducing risk as much as possible through visibility and automation, instead of searching for a one-size-fits-all solution.
July 8, 2020 / 2 minute read
Over the past year, we have seen many different types of ransomware attacks evolving, especially evolving into multistage ransomware that not only ransoms data, but also exfiltrates as much data as possible. This blog explores three of the most common modern ransomware attacks we are seeing today.
July 6, 2020 / 2 minute read
The Cybereason Nocturnus team is investigating a new campaign involving FakeSpy, an Android mobile malware used to steal SMS messages, send SMS messages, steal financial data, read account information and contact lists, steal application data, and do much more.
July 1, 2020 / 10 minute read
Whenever there’s a decline in ransomware cases, or other more popular threats seem to be on the rise, new innovative techniques and even offerings seem to emerge.
June 30, 2020 / 4 minute read
Ransomware attacks are an efficient and effective weapon for criminals who want to harm any business through crucial data loss, damaged productivity, and injured brand reputation.
June 24, 2020 / 2 minute read
Next-generation antivirus combines traditional antivirus with behavioral-based prevention to find prevent more evasive threats than legacy antivirus alone.
June 23, 2020 / 3 minute read
With Cybereason, customers are able to protect themselves from cyber threats that are both known and unknown, minimize their overall security risks, all while reducing their overall security costs by $4.2M and attaining a ROI of 308% over three years!
June 16, 2020 / 3 minute read
UbU (“you be you”) is the value that sits front and center at Cybereason. Acceptance of every person is at the heart of who we are as a company. As we celebrate PRIDE week (as we do every year), we also grieve the racism and violence taking place around us.
June 12, 2020 / 1 minute read
Earlier this year, Cybereason launched its latest honeypot to analyze the tactics, techniques, and procedures used by state-sponsored groups and cyber crime actors to target critical infrastructure providers.
June 11, 2020 / 6 minute read
In this article I describe a security strategy that helped my organization avoid this scenario by simply ignoring the perimeter, making us indifferent to the location our employees are working from.
June 10, 2020 / 7 minute read
Though AEPs are especially important when testing and building a strong defense, they are often overlooked for TTPs by security practitioners versed in the “trench warfare” of day-to-day security operations.
June 8, 2020 / 2 minute read
One could argue that, if you can detect all the TTPs in ATT&CK, you should also be able to defend against all of the adversaries in ATT&CK. While technically true, many TTPs are not inherently malicious.
June 1, 2020 / 2 minute read
The Valak Malware is a sophisticated malware that can steal enterprise mailing information and passwords along with the enterprise certificate. This has the potential to access critical enterprise accounts, causing damage to organizations, brand degradation, and ultimately a loss of consumer trust.
May 28, 2020 / 13 minute read
Proactive defense is about predicting, understanding, and preventing as many moves as possible that an attacker could make against you. You have to stay a step ahead of the enemy and lure them into a trap of your own.
May 27, 2020 / 2 minute read
IOCs are valuable when preventing known malware, but over 350,000 new strains of malware are detected every day, and fileless malware attacks are on the rise. IOCs are no longer an innovative or sufficient standalone method for defense.
May 21, 2020 / 2 minute read
Among endpoint solutions, there’s a staggeringly clear distinction between solutions that are cloud-native and those whose cloud capabilities are either non-existent or partial at best.
May 19, 2020 / 2 minute read
Since the acquisition of Symantec in September, Cybereason has received a flood of requests from concerned customers interested in making the switch to Cybereason.
May 18, 2020 / 2 minute read
MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (MITRE ATT&CK) is a model and knowledge base of adversary behavior that has become a staple of the endpoint security space.
May 12, 2020 / 2 minute read
At Cybereason, we want to assure our customers and prospects that we support various on-premises deployment options to address their entire endpoint protection security needs.
May 11, 2020 / 2 minute read
It might be appealing to have a clear-cut, black-and-white measure for when to talk or when to shut down talks; but the nuances of when it makes sense to enter into negotiations and when it makes sense to pay ransoms for hostages or not is not as straightforward as a five-word policy.
May 7, 2020 / 3 minute read
In this blog, I'll be exploring the traditional approaches to protecting and managing both endpoint and mobile devices and identify how both approaches have evolved.
May 5, 2020 / 2 minute read
Ultimately, the goal of MITRE ATT&CK and other product evaluations is to identify which products can best contain attacks and provide you with actionable threat detection to reduce overall Mean Time To Respond.
May 4, 2020 / 2 minute read
The Cybereason Nocturnus team is investigating EventBot, a new type of Android mobile malware. EventBot abuses accessibility features to steal user data from financial applications, read user SMS messages, and steal SMS messages to allow the malware to bypass two-factor authentication.
April 30, 2020 / 12 minute read
In security data analysis, hunting and AI-driven automated detection, the quality of your results depends heavily on the quality of your data. In this blog, I’d like to discuss a few strategies for handling the data and the advantages and disadvantages of each approach.
April 27, 2020 / 3 minute read
Today, we take another step towards our vision to protect it all by releasing a new offering to defend mobile devices: Cybereason Mobile.
April 23, 2020 / 2 minute read
Today, we are happy to announce that the Cybereason XDR Platform has been evaluated by MITRE ATT&CK to illustrate how we approach threat detection in the context of the MITRE ATT&CK framework.
April 22, 2020 / 2 minute read
Get a refresher on the MITRE ATT&CK APT29 Evaluations.
April 21, 2020 / 4 minute read
I have been actively counseling CEOs on how best to secure business continuity during this difficult time, and want to make those recommendations available to everyone.
April 20, 2020 / 2 minute read
At Cybereason, we are finding different ways to stay healthy during the COVID-19 pandemic. In conversations across the team, we realized we have the basis for an awesome recommended reading list we can share with the community.
April 16, 2020 / 2 minute read
“56% of breaches took months or longer to discover." Unfortunately, this is not earth shattering news. The current state of time to detect and respond being unacceptable across the industry, regardless of who you ask.
April 15, 2020 / 4 minute read
'Responding to the unknown is part of our DNA.' Read more of a Q&A with Lior Div on how Cybereason responded to the COVID-19 pandemic.
April 13, 2020 / 5 minute read
Executive teams from Sprint and Cybereason recently sponsored an on-stage chat between Sam Curry, CISO of Cybereason and Ed Amoroso, CEO of TAG Cyber. The ground rules were simple: Our experts were to openly address serious issues in cyber security with no holding back – and they certainly did not disappoint.
April 9, 2020 / 2 minute read
When trying to address the question “Is my SOC as effective as possible?”, one of the most challenging components you will face is staffing. In this blog, I'll be covering how to answer some of the more difficult questions when it comes to building a SOC.
April 6, 2020 / 5 minute read
In this blog, you'll find perspectives from several of our experts with experience in managing crises across security and business functions.
April 2, 2020 / 3 minute read
While it is important to stay vigilant, wash our hands, and maintain social distancing policies, it is also important that we talk about another kind of hygiene, (and I know this sounds corny): our cyber hygiene.
March 30, 2020 / 3 minute read
Cybereason Remote Workforce Protection is built to help organizations secure their new, evolving-everywhere office, and to ease the burden on IT and security teams.
March 25, 2020 / 1 minute read
With more and more employees encouraged to isolate and stay in their homes, a big question on every CEO’s mind is how to ensure her business is able to continue to function when all employees are remote.
March 23, 2020 / 5 minute read
Cybereason is proud to announce the Cybereason XDR Platform has achieved the ‘AA’ product rating in NSS Labs, Inc 2020 Advanced Endpoint Protection (AEP) testing.
March 19, 2020 / 2 minute read
A disturbing polemic is emerging against the background noise of coronavirus reports from around the world: the cause of the problem is the other, the foreign.
March 19, 2020 / 3 minute read
We are excited to announce that Cybereason has been named a strong performer, with the highest score in the “current offering” category amongst 11 other vendors in The Forrester Wave™: Endpoint Detection & Response Q1 2020.
March 18, 2020 / 2 minute read
Cybereason Remote Workforce Protection combines Cybereason NGAV multi-layered prevention, EDR analysis and response, with Cybereason MDR to manage it all for you, and remote incident response services across workstations, laptops, and mobile devices.
March 18, 2020 / 1 minute read
Cybereason’s Nocturnus team is continuing to observe hundreds of phishing attacks that use coronavirus-themed files and domains to distribute malware and infect victims all over the world.
March 18, 2020 / 5 minute read
As an organization, our top priority continues to be providing a seamless defense for all of our customers, especially in these difficult times.
March 16, 2020 / 1 minute read
This blog is a summary of the research and perspective of Cybereason CSO Sam Curry and Dr. Alon Kaufman of Duality on AI and Privacy titled: Ghost in the Machine, reconciling AI and Trust in the Connected World.
March 12, 2020 / 4 minute read
Cybereason Nocturnus is investigating a campaign where attackers are trojanizing multiple hacking tools with njRat, allowing the attackers to completely take over the victim’s machine.
March 10, 2020 / 8 minute read
Our kernel team researches how to reliably authenticate in kernel mode using ci.dll.
March 5, 2020 / 8 minute read
Cybereason's Nocturnus team has been tracking recent espionage campaigns specifically directed at entities and individuals in the Palestinian territories.
February 13, 2020 / 7 minute read
Cybereason's Nocturnus team has been tracking recent espionage campaigns specifically directed at entities and individuals in the Palestinian territories.
February 13, 2020 / 11 minute read
Cybereason is following an active campaign to deliver multiple different types of malware to victims all over the world. This attack is able to steal data, mine for cryptocurrency, and in specific cases deliver ransomware.
February 5, 2020 / 9 minute read
The malware previously described by DHS as the most destructive ever is surging yet again. Why is Emotet so popular and who is it targeting now?
January 28, 2020 / 3 minute read
To close out the year and celebrate seventy episodes of Malicious Life, we’re listing the best cybersecurity podcast episodes we’ve released in 2019.
January 14, 2020 / 5 minute read
We are three days into 2020, and the world is already on high alert. For reasons unknown given their classified nature, yesterday evening the US government killed prominent Maj. Gen. Qasem Soleimani in an overnight airstrike at the Baghdad airport.
January 3, 2020 / 3 minute read
Mobile now accounts for over half of Internet traffic worldwide. Is your organization addressing this growing security threat?
January 2, 2020 / 3 minute read
As we enter the New Year, we need to keep in mind how nation state evolution, new targets, and security vendor stagnation will serve as motivation for hackers.
December 19, 2019 / 2 minute read
A new malware called Anchor is being leveraged to infect, explore, and exploit high-value targets that implement point of sale systems.
December 17, 2019 / 2 minute read
Cybereason Nocturnus detected a series of targeted attacks against high-profile targets that uses a new variant of Anchor_DNS and a new malware dubbed Anchor.
December 11, 2019 / 15 minute read
Cybereason’s Nocturnus team is tracking a new keylogger gaining traction among cybercriminals called Phoenix. Read about it and its reception in the underground here.
November 20, 2019 / 11 minute read
Security teams at universities face a difficult task: how to reconcile full cybersecurity protection with an open IT environment.
November 19, 2019 / 5 minute read
Since April 2019, the Cybereason Nocturnus team has investigated infections of the Raccoon stealer in the wild across organizations. Read about it here.
October 24, 2019 / 14 minute read