<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=116645602292181&amp;ev=PageView&amp;noscript=1">
Cybereason + Arm: Securing The Core of IoT
LEARN MORE →
Securing IoT
LEARN MORE →

New Ursnif Variant Comes with Enhanced Information Stealing Features

Research

New Ursnif Variant Comes with Enhanced Information Stealing Features

The Cybereason research team observed a new campaign involving Ursnif in the beginning of 2019 attacking users in Japan across multiple customer environments. This Ursnif variant has enhanced stealing modules focused on taking data from mail clients and email credentials stored in browsers.

New Ursnif Variant Targets Japan Packed with New Features

Research

New Ursnif Variant Targets Japan Packed with New Features

In this research we dissect a recent campaign that uses language checks and steganography to evade detection. The new variant features a stealthy persistence mechanism, revamped information-stealing modules focusing on mail clients and cryptocurrency, and targets Japanese security products.

The Newest Variant of the Astaroth Trojan Evades Detection in the Sneakiest Way

Next Generation Antivirus

The Newest Variant of the Astaroth Trojan Evades Detection in the Sneakiest Way

In this overview, we explain one of the most recent and unique campaigns involving the Astaroth trojan. This spam campaign targeted Brazil and was able to infiltrate systems in a unique way - using processes in some security products.

LOLbins and trojans: How the Ramnit Trojan spreads via sLoad in a cyberattack

Phishing

LOLbins and trojans: How the Ramnit Trojan spreads via sLoad in a cyberattack

Cybereason detected an evasive infection technique used to spread a variant of the Ramnit banking Trojan as part of an Italian spam campaign. We investigate this attack, its use of sLoad, and its adoption of LOLbins to minimize discovery.

Pervasive Brazilian financial malware targets bank customers in Latin America and Europe

Research

Pervasive Brazilian financial malware targets bank customers in Latin America and Europe

Cybereason’s Nocturnus team analyzed numerous campaigns related to Brazilian financial malware and found that these programs have become pervasive and infected 60 banks in nearly a dozen countries throughout South America, Spain and Portugal.

New Betabot campaign under the microscope

Research

New Betabot campaign under the microscope

The Cybereason SOC has detected multiple Betabot infections in customer environments. In this blog, Cybereason researchers study Betabot’s infection chain and self-defense mechanisms using data gathered from customer environments.

VAI MALANDRA: A LOOK INTO THE LIFECYCLE OF BRAZILIAN FINANCIAL MALWARE: Part one

Research

VAI MALANDRA: A LOOK INTO THE LIFECYCLE OF BRAZILIAN FINANCIAL MALWARE: Part one

Cybereason's Nocturnus Research team analyzes campaigns targeting the Brazilian financial sector, focusing on infection vectors and the threat actor's toolset and techniques.

Wannamine cryptominer that uses EternalBlue still active

Research

Wannamine cryptominer that uses EternalBlue still active

The Wannamine cryptominer, which uses the EternalBlue exploits, is still active although a patch that fixes these well-known vulnerabilities was released last March. Amit Serper, Cybereason's head of security research, examines this variant and makes the case for patching your systems.

ICS Threat Broadens: Nation-State Hackers Are No Longer The Only Game In Town

IoT

ICS Threat Broadens: Nation-State Hackers Are No Longer The Only Game In Town

APT actors and nation states aren't the only adversaries interested in ICS environments. Threat actors who use sophisticated techniques but are also amateurish are now targeting utility providers. That's according to the data from a honeypot Cybereason setup to emulate the power transmission substation of a major electricity provider.

No Win32_Process Needed – Expanding the WMI Lateral Movement Arsenal

Research

No Win32_Process Needed – Expanding the WMI Lateral Movement Arsenal

Cybereason researchers have discovered new lateral movement techniques that abuse WMI. They also created a tool that lets analysts see the potential harm attackers could cause if they used these techniques.