DealPly Revisited: Leveraging Reputation Services To Remain Under The Radar

Research, enSilo Breaking Malware

Usually, Adwares are not a particularly interesting research subject. However, when we detected a DealPly variant that evaded AV detection we decided to dig deeper.

Read More

WannaCry Jr. : The Little Ransom That Couldn't

Research, Windows, Malware, enSilo Corporate and Product, WannaCry

Earlier today, we caught a new in-the-wild version of what seemed to be WannaCry. A check with VirusTotal showed that this sample hasn't been seen before. After a brief investigation, we can conclude that this is WannaCry with slight variations. Notably, malware writers removed the kill switch from the original version. The fact that

Read More

The NotPetya ‘Not’ Killswitch

Research, Windows, Malware, enSilo Corporate and Product, Ransomware, NSA, NotPetya

In the past few days a new Petya-like ransomware, dubbed NotPetya, infected machines across the world by leveraging some of the NSA’s exploits for the SMB protocol (EternalBlue, EternalRomance), similarly to the WannaCry attack last month. This attack overwrites the MBR (Master Boot Record) and encrypts the file-system, rendering the system

Read More

ShadowGroup Reveals All? Initial Analysis of the Equation Group Dump

Research, enSilo Corporate and Product

 

On Good Friday, April 14, The Shadow Brokers released to the public a bunch of powerful Windows’ exploits, tools and exploit kits used by The Equation Group – the group supposedly behind the NSA.

We’re currently analyzing the data, and would like to share some initial analyses and recommendations. Understanding the impact will allow security

Read More

Open Door: Unix Open Source Vulnerabilities Affect Mac OS X

Research, Vulnerabilities, enSilo Corporate and Product, Mac OS X, Unix

Today, Apple’s MacOS X 10.12.4 update includes security fixes for several open source vulnerabilities. The update includes a vulnerability fix that enSilo’s researcher, Omer Medan, disclosed to Apple whereas the vulnerability allows an attacker to change file system permissions on arbitrary files (CVE-2017-2390). The vulnerability affects all

Read More

AtomBombing Goes Nuclear

Research, cybersecurity, Windows, Malware, code injection, AtomBombing, enSilo Corporate and Product

In late 2016, enSilo researchers shared AtomBombing with the security world. More of a “proof of concept” than an actual exploit, AtomBombing took advantage of Microsoft Windows built-in atom tables that would allow specific API calls to inject code into the read-write memory space of a targeted process.

(NOTE: enSilo endpoint protection

Read More

Customer Advisory Warning: The Comeback of the Hancitor Campaign

Research, Windows, Malware, enSilo Corporate and Product, Hancitor, Fileless Malware

We are currently witnessing an active malware campaign involving the Hancitor Trojan/Pony botnet. Once installed on the victim’s machine, Hancitor prepares the groundwork for the download of further malicious modules such as ransomware or data stealing malware.

enSilo provides complete endpoint security, including blocking Hancitor/Pony

Read More

After the (Atom)Bombing

Research, enSilo Corporate and Product

In late October enSilo researchers discovered a new code injection technique that leveraged atom tables – an underlying component of the Windows Operating System.

While code injection isn’t new, utilizing the atom tables in Windows is. The atom tables are a Windows OS feature that allow software programs to store and share data with each other.

Read More

AtomBombing: A Code Injection that Bypasses Current Security Solutions

Research, Windows, Malware, code injection, AtomBombing, enSilo Corporate and Product

Our research team has uncovered new way to leverage mechanisms of the underlying Windows operating system in order to inject malicious code.  (This research is one way enSilo ensures complete endpoint protection.) Threat actors can use this technique, which exists by design of the operating system, to bypass current security solutions that

Read More

AtomBombing: Brand New Code Injection for Windows

Research, Windows, Injection Techniques, Malware, code injection, AtomBombing, APC, enSilo Breaking Malware

TL;DR Here’s a new code injection technique, dubbed AtomBombing, which exploits Windows atom tables and Async Procedure Calls (APC). Currently, this technique goes undetected by common security solutions that focus on preventing infiltration.

Read More