The Danger in Outsourcing Cybersecurity to Foreign-Based Firms

Sending cybersecurity work offshore isn’t just a bad idea for individual organizations; it can be a security issue. Facing a severe shortage of qualified cybersecurity workers—the InfoSec unemployment rate is expected to be zero until at least 2021—many organizations have no choice but to outsource at least some of their cybersecurity functions. Security services are..
Read more

Security Patches: Move Faster to Keep Up With the Bad Guys

You’re tired of hearing it. Most security pundits are tired of saying it. Applying and testing security patches with alacrity is one of the keys to avoiding data breaches. And it looks like that could become even more imperative. A new Ponemon Institute study, commissioned by ServiceNow, concludes that cybercriminals and hackers have responded more..
Read more

2018 Emerging Threats Show New Sophistication in Hackers

One of the problems with threat prevention is that we get too hung up on yesterday’s threats. Security systems are designed for the types of attacks we’ve seen in the past. That’s necessary, of course, because we know bad guys use the methods proven effective. We also know that cybercriminals don’t rest on their laurels...
Read more

An in-depth malware analysis of QuantLoader

QuantLoader is a Trojan downloader that has been used in campaigns serving a range of malware, including ransomware, Banking Trojans, and RATs. In this post, we'll take a high-level look at the campaign flow, as well as a deep dive into how the malware executes. Categories: Malware Threat analysis Tags: backdoormalware analysisQuantLoaderQuantLoader Trojantrojan (Read more...) The post An in-depth malware analysis...
Read more

Encryption 101: Decryptor’s thought process

In the previous parts 1, 2 and 3 of this series, we covered the basics of encryption, walked through a live example of a ransomware in detail, and talked about encryption weaknesses. In this part of the encryption 101 series, we will begin wrapping it up by going into detail on a ransomware with weak... Categories: Malware Threat analysis Tags: break encryptiondecryptorencrpytion functionalityencryptionPrincessLockerransomware (Read more...) The post
Read more

Malicious cryptomining and the blacklist conundrum

When threat actors take to free and disposable cloud services, the battle against malicious cryptomining becomes a lot more difficult. Categories: Cryptomining Threat analysis Tags: adblockersblacklistcoinhivecryptominerscryptominingGitHub (Read more...) The post Malicious cryptomining and the blacklist conundrum appeared first on Malwarebytes Labs.
Read more

SANNY Malware Delivery Method Updated in Recently Observed Attacks

Introduction In the third week of March 2018, through FireEye’s Dynamic Threat Intelligence, FireEye discovered malicious macro-based Microsoft Word documents distributing SANNY malware to multiple governments worldwide. Each malicious document lure was crafted in regard to relevant regional geopolitical issues. FireEye has tracked the SANNY malware family since 2012 and believes that it is unique to a group focused on Korean Peninsula issues. This group has consistently targeted diplomatic entities worldwide, primarily using lure documents written in English and Russian. As part of these recently observed attacks, the threat actor has ...
Read more

Nation State Cyberespionage: Iran and North Korea

The nation state threat posed by Iran and North Korea is very real. Both have evolved into formidable adversaries for both government and industry. When confronted with the knowledge that either of these country’s intelligence apparatus has their crosshairs ranged in on a country or company, there isn’t an infosec team that doesn’t belt themselves..
Read more

DOSfuscation: Exploring the Depths of Cmd.exe Obfuscation and Detection Techniques

Skilled attackers continually seek out new attack vectors, while employing evasion techniques to maintain the effectiveness of old vectors, in an ever-changing defensive landscape. Many of these threat actors employ obfuscation frameworks for common scripting languages such as JavaScript and PowerShell to thwart signature-based detections of common offensive tradecraft written in these languages. However, as defenders' visibility into these popular scripting languages increases through better logging and defensive tooling, some stealthy attackers have shifted their tradecraft to languages that do not support this additional visibility. At a minimum, determined attackers...
Read more
Page 1 of 3612345...102030...Last »