The Case for Behavioral Analysis

In this article, we will lay out arguments with real-life examples in support of behavioral detection of malware as opposed to more traditional static methods of detection. For the sake […]

February 28th, 2017 by Mounir Hahad

A Contrarian Approach to Cybersecurity – Less is More

In a recent print edition of The Economist, there is a very relevant article – “Modeling Brains: Does not compute.” It provides a cautionary tale about promises of modern brain […]

January 31st, 2017 by Manoj Leelanivas

DDoS and The Internet of Things

In the last few days, we heard a lot about the Mirai Internet-of-Things botnet, which caused a DDoS attack against Dyn. But Mirai is a relatively small botnet because the majority […]

November 3rd, 2016 by Alex Burt

Threat Insights


Kuluoz Malware family is known to spread through Spam emails. The general email subject or spam attachments would come by names related to parcel deliveries, Airline tickets, applications, resumes etc. They come with a Microsoft Word Document associated icon. The malware checks whether it runs in the context of a debugger by using ‘IsDebuggerPresent’ API…

March 13th, 2017 by Marci Kusanovich


Gamarue is a worm that can be distributed by exploit kits, spam emails, USB drive or dropped by another malware.   Gamarue performs a multi-level process hollowing to hide itself. It executes its code by mapping into wuauclt.exe rather than changing the entry point using setThreadContext() like most process hollowing techniques. Here’s a dump of how that is achieved:…

March 13th, 2017 by Marci Kusanovich

Cerber Ransomware

Cerber is file Encrypting ransomware known to delivered by Exploit kits specifically. It encrypts files with various file extension on the victim and asks the victim to pay ransomware.  1)Files The following files are usually seen on the system: Decrypt My files.html Decrypt My files.txt  A copy of the malware is seen in %appdata% Also…

January 3rd, 2017 by Abhijit Mohanta

Malware’s Most Wanted

Topic: The Rise and Fall of Angler

We have talked about the recent ransomware resurgence and now Cyphort Labs wants to spend some time on one of the most effective methods of delivering ransomware and that is exploit kits. In this edition we’ll, cover:

  • The evolution of exploit kits such as Angler, Nuclear, Rig and Neutrino
  • Show real examples of drive-by exploits in popular websites discovered in our crawler
  • Examine the relationship between exploits, kits and payload
  • Watch on-demand:
Director of Threat Operations
Nick Bilogorskiy
Date and time
On Demand

MMW Archive

Ransomware Resurgence: Locky and Other “New Cryptolockers”

Date and Time: On-Demand

Ransomware has come a long way from non-encrypting lockscreen FBI scare warnings like Reveton. In 2016 alone, there have been new ransomware families popping up and we expect that to only pick up steam over the summer. In this edition of MMW, Nick Bilogorskiy, Nick will discuss, Locky, the new “it” ransomware and how it works and other new ransomware families and why it’s becoming the preferred monetization method for attackers. Attendees may opt in to receive a special edition t-shirt.

Malware Self-protection Matrix: From Anti-reversing to Anti-sandboxing

Date and Time: On-Demand

In this Malware’s Most Wanted Cyphort Lab’s Marion Marschalek sheds light on malware self-protection. The audience gets an overview of how malware evasion evolved over the years and how malware defense evolved with it, or vice versa as it occasionally happens in the digital arms race. The various observed anti-analysis tricks are put in relation to the respective counter measures in order to showcase challenges of modern day security products.

Machine Learning: The Gold Standard for Threat Detection

Date and Time: On-Demand

Machine learning is a powerful tool with many well-suited applications for malware detection, classification, and risk quantification. Despite its reputation as a “black box” component to an enterprise security solution, designing a robust machine learning model for malware detection is an involved process: its success hinges on understanding the problem you’re trying to solve, the underlying data you utilize, and most importantly, its limitations. In this Malware Most Wanted session, we analyze working models discuss the strengths, pitfalls, and high-level trade-offs of using machine learning for successful malware detection.

Cybersecurity – Getting Down To Implementation Practice

Date and Time: On-Demand

NIST Cybersecurity Framework is a good starting point for many enterprises to harden their security posture against advanced threats. In this webinar, we will share the major take-aways from the framework. More importantly, we will explain the 5 critical factors in implementing cybersecurity defense, and how to handle them with best practice.

Want to See the Fabric in Action?

Schedule a live demo at your convenience, and we’ll show you exactly how the Adaptive Detection Fabric can protect your organization.