Blog

DEMO THE CYBEREASON DEFENSE PLATFORM

Future-Ready Cybersecurity Protection

See how Cybereason allows defenders to detect earlier and remediate faster with one lightweight agent and an array of deployment options.
Back to Newsroom

Cybereason’s Nocturnus Research Team Discovers Spike in Betabot Malware Infections

Oct 4, 2018

Cybereason, creators of the leading cybersecurity AI Hunting Platform, today announced its security research team Nocturnus discovered a spike in Betabot malware infections originating from phishing emails. A new Nocturnus blog delves into Betabot’s self-defense mechanisms and reveals the infection chains based on Cybereason telemetry data gathered from multiple customer endpoints.

Betabot is a sophisticated infostealer malware that’s evolved significantly since it first appeared in late 2012. The malware began as a banking Trojan and is now packed with features that allow its operators to practically take over a victim’s machine and steal sensitive information.

"Betabot infections seen in our telemetry originated from phishing campaigns that used social engineering to persuade users to download and open what appears to be Word documents attached to an email,” said Assaf Dahan, senior director, threat hunting, Cybereason. “Betabot also seeks to find and eliminate any other malware on the system with heuristic approaches that would put many security products to shame.”

Best practices to minimize the risk of Betabot infections:

1. Avoid clicking links and downloading or opening attachments from unknown senders.
2. Look for misspellings, typos and other suspicious content in emails and attachments and report any abnormalities to IT or information security.
3. Keep your software up-to-date and install Microsoft security patches, especially https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882
4. Consider disabling the Equation Editor feature in Microsoft Office by editing the following registry entries:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common\COM Compatibility\{0002CE02-0000-0000-C000-000000000046}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\COM Compatibility\{0002CE02-0000-0000-C000-000000000046}]
"Compatibility Flags"=dword:00000400

About Cybereason’s Nocturnus Researchers
Nocturnus is a group of cybersecurity experts with broad experience in cyber offense and defense with a focus on cutting edge, advanced research. The team has spent years studying the adversary and defending against some of the most advanced cyber attacks. The team’s findings of new attack tools, techniques, and methodologies are used to better protect our customers and educate the broader information security community.

Cybereason is one of the fastest growing technology companies in the world. Founded in 2012 by Lior Div, Yossi Naar and Yonatan Striem-Amit, Cybereason has exploded from a three-person team to more than 450 employees globally.

About Cybereason
Cybereason, creators of the leading cybersecurity data analytics platform, gives the advantage back to the defender through a completely new approach to cybersecurity. Cybereason offers endpoint detection and response (EDR), next-generation antivirus (NGAV), and active monitoring services, all powered by its proprietary data analytics platform. The Cybereason suite of products provides unmatched visibility, increases analyst efficiency and effectiveness, and reduces security risk. Cybereason is privately held, having raised $189 million from top-tier VCs, and is headquartered in Boston, with offices in London, Tel Aviv and Tokyo.

Learn more: https://www.cybereason.com/

Media Contact
Bill Keeler
Director, Public Relations
Cybereason
bill.keeler(at)cybereason.com
(929) 259-3261