Endpoint Security OT Security Dtrack: In-depth analysis of APT on a nuclear power plant November 21, 2019 by arpit Dtrack is a RAT (Remote Administration Tool) allegedly written by the North Korean Lazarus group. Recently the Dtrack malware was found in the Indian nuclear power planet “Kudankulam Nuclear Power Plant” (KNPP). The variant of Dtrack that attacked this power planet included hardcoded credentials for KNPP’s internal network, suggesting that it was a targeted attack. It […] Read more » APT Dtrack
Endpoint Security Cryptocurrency Miners Now Using Evasive Tactics to Exploit Airport Resources October 16, 2019 by arpit While rolling out Cyberbit’s Endpoint Detection and Response (EDR) in an international airport in Europe, our researchers identified an interesting crypto mining infection, where cryptocurrency mining software was installed on more than 50% of the airport’s workstations. The findings raise concerns regarding the ease of installing malicious software within corporate networks despite being protected by […] Read more » cryptominer EDR
Endpoint Security HawkEye Malware Changes Keylogging Technique August 13, 2019 by arpit Cyberbit Labs have observed HawkEye malware variants changed their keylogging technique. Until now, the most pervasive keylogger malware technique was to register a procedure into the message hook chain of a window using SetWindowsHookExA API. The new variants exploit RegisterRawInputDevices API to register for input from the keyboard. This technique is not a new one. […] Read more » Hawkeye Keylogging Malware
Endpoint Security 3 Ways EDR Prevents Financial Cyberattacks June 23, 2019 by arpit Financial institutions are highly vulnerable to cyberattacks. According to Verizon’s 2019 Data Breach Investigations Reports, 10% of breaches were breaches of the Financial industry. Not only is the number of attacks increasing, but the attacks have become ever more sophisticated and targeted. As a result, regulatory bodies worldwide like the Reserve Bank of India (RBI) […] Read more » cyber attacks EDR Financial Services
Endpoint Security Formbook Research Hints Large Data Theft Attack Brewing June 12, 2019 by arpit In this blog post we will present the latest droppers of Formbook data stealing malware – an advanced malware that uses diverse and innovative techniques to evade security products. We will reverse engineer all the different droppers and suggest ways to detect them. We also show how Cyberbit EDR detects the latest Formbook dropper. Formbook […] Read more » droppers EDR Formbook malware
Endpoint Security Hawkeye Malware Analysis May 19, 2019 by arpit What is Hawkeye Malware? Hawkeye malware is a credential-stealing malware that is sold as a software-as-a-service. It uses keylogging to target the endpoint and a free tool, contained in an encrypted resource section of the binary to extract sensitive login data from web browsers. Hawkeye is a file-less attack that can often evade signature-based detection […] Read more » Hawkeye Malware
Endpoint Security New Ursnif Malware Variant – a Stunning Matryoshka (Матрёшка) January 30, 2019 by arpit Ursnif malware is an information stealing/banking Trojan that has been around since 2016 and continues to evolve. Its capabilities include stealing of: System information List of installed applications List of installed drivers List of running processes List of network devices External IP address Email credentials (IMAP, POP3, SMTP) Cookies Certificates Screen video captures (.AVI) Financial […] Read more » Malware ursnif
Endpoint Security Malware Mitigation when Direct System Calls are Used November 27, 2018 by arpit In 2018 we have seen an increase in the malicious use of direct system calls in order to evade security product hooks. These hooks are used to monitor API calls which may hint to malicious activity. Direct system calls evasion method utilizes reading system call numbers from ntdll.dll, putting the appropriate system call number on […] Read more » malware mitigation
Endpoint Security Detecting Reverse Shell with Machine Learning November 15, 2018 by arpit Amongst Cyber attackers and penetration testers, obtaining a reverse shell on a remote machine is considered a ‘home-run’. Once the reverse shell has been obtained, the remote machine is at the mercy of the attacker. Existing attack platforms such as Metasploit, Empire, and others offer myriad techniques and implementations for obtaining different types of reverse […] Read more » machine learning malware detection reverse shell