Endpoint Security Locky Ransomware: New Evasion Techniques Discovered June 30, 2016 by arpit | 95 Comments on Locky Ransomware: New Evasion Techniques Discovered Cyberbit’s Advanced Malware Research Group has recently discovered new evasion techniques used in the new Locky ransomware campaign. Locky, one of the most dominant ransomware, has recently reappeared in the wild after a pause of several weeks. The new campaign introduces new techniques for evading automatic analysis systems, such as virtualized sandboxes. FireEye analyzed one […] Read more » Locky Ransomware
OT Security How this Attack on a German SCADA Network Could Have Been Prevented June 23, 2016 by arpit | 110 Comments on How this Attack on a German SCADA Network Could Have Been Prevented In December, 2014 the German Federal Office for Information Security notified about a malicious attack on a steel mill operated by a German based company. The attack was initiated using spear phishing. Attackers gained access to the corporate network and moved into the plant network. According to the report, the adversary, showing extensive knowledge of […] Read more »
Endpoint Security Serialization Vulnerabilities Explained June 6, 2016 by arpit | 90 Comments on Serialization Vulnerabilities Explained Remote code execution Overview Serialization is a useful and widely supported feature. However, it also provides an easy target for hackers to try and execute malicious commands using the external shell. This article will demonstrate, by using code samples, how serialization vulnerabilities can be exploited to execute commands remotely, and how, by implementing secure coding […] Read more »
Endpoint Security Unpacking Dyre Part I May 29, 2016 by arpit | 97 Comments on Unpacking Dyre Part I Edited by Alon Slotky Dyre had become one of the most dangerous financial Trojans, targeting login credentials for banks accounts and other online services via Man-in-the-Browser exploits. In this post we will look into the mechanism of Dyre unpacking its own code. Dyre executes an obfuscated shellcode from its own .text section. In the flow […] Read more »
OT Security Scada Network Visibility April 6, 2016 by arpit | 78 Comments on Scada Network Visibility What an Attack on a Water Company can Teach Us About SCADA Network Visibility In a recent case study Verizon describes how hackers were able to penetrate a water company’s SCADA network and change the amounts of chemicals mixed into tap water. Here is our analysis of the event, and what OT and IT managers in critical […] Read more » Network Visibility
Endpoint Security How does Dridex gain persistency January 13, 2016 by arpit | 102 Comments on How does Dridex gain persistency Several researchers have noticed that Dridex does not guarantee its own persistency until it absolutely has to, just a moment before shutdown. This tactic allows Dridex to hardly leave any footprint on the file system and registry, making it harder to detect and remove. How does it do it? In Windows, every window has a […] Read more » Dridex Malware