Research, enSilo Breaking Malware
Usually, Adwares are not a particularly interesting research subject. However, when we detected a DealPly variant that evaded AV detection we decided to dig deeper.
Malware, enSilo Breaking Malware, Process Doppelganging, Threat Intelligence
A new loader-type malware adopted a technique similar to Process Doppelgänging and spread like wildfire in the last year and half. This loader is a significant threat, besides GandCrab, that closed up shop earlier this year, it delivers over a dozen other payloads like FormBook, LokiBot, SmokeLoader, AZORult, NetWire, njRat and Pony stealer.
Malware, enSilo Breaking Malware, Threat Intelligence
Article Summary
In May 2019, enSilo’s Threat Intelligence team observed activity by a cybercrime group, spreading Metamorfo - A Brazilian banking trojan. The variants we discovered abuse an executable digitally signed by Avast, which is one of the most popular AV products in the world for consumers. We were able to connect this activity to a
Version 4.0 is a key part of our mission to protect businesses around the world from data breaches and disruption caused by cyber attacks. It squarely addresses the challenge faced by security and operations teams of combating the growth in the attack surface created by rising numbers of vulnerabilities and devices. We’ve added predictive and
Malware, APT, enSilo Breaking Malware, APT10, Threat Intelligence
Article Summary
In April 2019, enSilo detected what it believes to be new activity by Chinese cyber espionage group APT10. The variants discovered by enSilo are previously unknown and deploy malware that is unique to the threat actor. These malware families have a rich history of being used in many targeted attacks against government and
cybersecurity, enSilo Corporate and Product
In 2017 we said, "By now everyone knows about WannaCry and the problem with unpatched systems. But, what happens when the next Windows vulnerability is released, and no patch is issued on an end-of-life product?" That moment might have arrived.
cybersecurity, enSilo Corporate and Product
enSilo CEO Roy Katmor and CTO Udi Yavo delivered an in-depth presentation at RSA Conference 2019 called “The New Gold Rush: How to Hack Your Own Best Mining Rig”. The session addressed the state of cryptominers versus ransomware, how to build a stealthy and well-distributed miner, and several miner detection methods. Also, the team unveiled
cybersecurity, enSilo Corporate and Product
Towards the end of 2018, enSilo blocked a suspicious attack attempt originating from a generic PowerShell script. While investigating the attack our team discovered an interesting loader malware that delivers different payloads. During the time of writing this post, commercial Anti-Viruses (AVs) did not identify this script as hostile.
Tags
- enSilo Corporate and Product (204)
- Weekly Security News (96)
- Windows (50)
- Malware (45)
- cybersecurity (31)
- enSilo Breaking Malware (28)
- Industry (23)
- Research (23)
- Business (14)
- Ransomware (13)
- code injection (9)
- Vulnerabilities (7)
- AtomBombing (6)
- WannaCry (6)
- POS malware (5)
- RAT (5)
- APT (4)
- NSA (4)
- Process Doppelganging (4)
- exploit (4)
- Endpoint Protection (3)
- Mac OS X (3)
- Moker (3)
- NotPetya (3)
- Threat Intelligence (3)
- UAC (3)
- Web Malware (3)
- documentation (3)
- hooking (3)
- vulnerability (3)
- Android (2)
- ArdBot (2)
- CFG (2)
- Control Flow Guard (2)
- Emotet Botnet (2)
- Fileless Malware (2)
- Furtim (2)
- Gartner (2)
- GlobeImposter (2)
- Injection Techniques (2)
- Windows XP (2)
- av (2)
- elevation (2)
- meltdown (2)
- tools (2)
- APC (1)
- APT10 (1)
- Bad Rabbit (1)
- CVS (1)
- CryFile (1)
- Detours (1)
- ESTEEMAUDIT (1)
- Equifax (1)
- FindADetour (1)
- GOZI (1)
- HIPAA (1)
- Hancitor (1)
- KPTI (1)
- Linux (1)
- Lockerpin.A (1)
- MSSP (1)
- ModPOS (1)
- NtSetInformationVirtualMemory (1)
- PCI DSS (1)
- Patch (1)
- PatchGuard (1)
- SCADA (1)
- Scarab (1)
- Unix (1)
- Verizon (1)
- Windows 10 (1)
- anti-virus (1)
- avulnerabilitychecker (1)
- bypass UAC (1)
- command injection (1)
- environment variable (1)
- excel-scriptlet (1)
- hospitality (1)
- media (1)
- path redirect (1)
- spectre (1)
- variable expansion (1)
- variables (1)
Subscribe
Subscribe to enSilo's Blog
and Stay on Top of the
Latest Security Research
and Industry News