A Contrarian Approach to Cybersecurity – Less is More

In a recent print edition of The Economist, there is a very relevant article – “Modeling Brains: Does not compute.” It provides a cautionary tale about promises of modern brain […]

January 31st, 2017 by Manoj Leelanivas

DDoS and The Internet of Things

In the last few days, we heard a lot about the Mirai Internet-of-Things botnet, which caused a DDoS attack against Dyn. But Mirai is a relatively small botnet because the majority […]

November 3rd, 2016 by Alex Burt

RIG Exploit Kit says “I Do”

Cyphort Labs discovered a new attack campaign that links to malicious exploits from hijacked DNS servers of personal wedding websites. Personal wedding websites are used to aid in planning and communicating important details for a […]

October 24th, 2016 by Nick Bilogorskiy

Threat Insights

Cerber Ransomware

Cerber is file Encrypting ransomware known to delivered by Exploit kits specifically. It encrypts files with various file extension on the victim and asks the victim to pay ransomware.  1)Files The following files are usually seen on the system: Decrypt My files.html Decrypt My files.txt  A copy of the malware is seen in %appdata% Also…

January 3rd, 2017 by Abhijit Mohanta

Trojan Qadars

  Qadars is a dangerous banking Trojan similar to Zeus and Carberp. It is currently on version 3 and the latest version we have seen is v3.0.0.1. Qadars started in 2013 to attack banks in France and Netherlands. In 2015 and 2016, they expanded their target to the United States, Canada, Australia and the Netherlands. According…

December 27th, 2016 by Paul Kimayong

Ghost Push

What is Ghost Push? Ghost Push (a.k.a Gooligan) is a type of Trojan that hides in popular apps by repackaging them and inserting itself. It is capable of rooting an Android device and installing other apps.  It gains root access by beaconing to its CnC server, and the CnC would reply a download URL for…

December 22nd, 2016 by Marci Kusanovich

Malware’s Most Wanted

Topic: The Rise and Fall of Angler

We have talked about the recent ransomware resurgence and now Cyphort Labs wants to spend some time on one of the most effective methods of delivering ransomware and that is exploit kits. In this edition we’ll, cover:

  • The evolution of exploit kits such as Angler, Nuclear, Rig and Neutrino
  • Show real examples of drive-by exploits in popular websites discovered in our crawler
  • Examine the relationship between exploits, kits and payload
  • Watch on-demand:
Director of Threat Operations
Nick Bilogorskiy
Date and time
On Demand

MMW Archive

Ransomware Resurgence: Locky and Other “New Cryptolockers”

Date and Time: On-Demand

Ransomware has come a long way from non-encrypting lockscreen FBI scare warnings like Reveton. In 2016 alone, there have been new ransomware families popping up and we expect that to only pick up steam over the summer. In this edition of MMW, Nick Bilogorskiy, Nick will discuss, Locky, the new “it” ransomware and how it works and other new ransomware families and why it’s becoming the preferred monetization method for attackers. Attendees may opt in to receive a special edition t-shirt.

Malware Self-protection Matrix: From Anti-reversing to Anti-sandboxing

Date and Time: On-Demand

In this Malware’s Most Wanted Cyphort Lab’s Marion Marschalek sheds light on malware self-protection. The audience gets an overview of how malware evasion evolved over the years and how malware defense evolved with it, or vice versa as it occasionally happens in the digital arms race. The various observed anti-analysis tricks are put in relation to the respective counter measures in order to showcase challenges of modern day security products.

Machine Learning: The Gold Standard for Threat Detection

Date and Time: On-Demand

Machine learning is a powerful tool with many well-suited applications for malware detection, classification, and risk quantification. Despite its reputation as a “black box” component to an enterprise security solution, designing a robust machine learning model for malware detection is an involved process: its success hinges on understanding the problem you’re trying to solve, the underlying data you utilize, and most importantly, its limitations. In this Malware Most Wanted session, we analyze working models discuss the strengths, pitfalls, and high-level trade-offs of using machine learning for successful malware detection.

Cybersecurity – Getting Down To Implementation Practice

Date and Time: On-Demand

NIST Cybersecurity Framework is a good starting point for many enterprises to harden their security posture against advanced threats. In this webinar, we will share the major take-aways from the framework. More importantly, we will explain the 5 critical factors in implementing cybersecurity defense, and how to handle them with best practice.

Want to See the Fabric in Action?

Schedule a live demo at your convenience, and we’ll show you exactly how the Adaptive Detection Fabric can protect your organization.