Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Malware

Facade of Security

In the past few months, Cyberint has observed a series of suspicious PDF files mentioning different retail brands, scanned to an anti-virus repository. Seeing as the files were flagged as malicious by the repository, Cyberint’s working assumption is that the retailers were mentioned in order to lure their employees or customers into opening the files.

How to build a malware analysis sandbox with Elastic Security

As a security analyst on Elastic’s InfoSec team, a common scenario we see is users coming to our team and asking: “Is this file safe to open?” Or one user reports a phishing email with an attachment that they didn’t open, but we see from the logs that 10 other users also received that email but didn’t report it and no alerts went off on their systems.

REvil, Ryuk and Tycoon Ransomware: How They Work and How to Defend Against Them

It is the Tuesday morning after a long weekend. You come into work early to get caught up on emails only to find you are completely locked out. You have been hit by a ransomware attack. You ask yourself, “What happened? And how do I fix it?” This post will explore three of the most significant ransomware families of 2020: Tycoon, Ryuk and REvil.

TeamTNT delivers malware with new detection evasion tool

AT&T Alien Labs™ has identified a new tool from the TeamTNT adversary group, which has been previously observed targeting exposed Docker infrastructure for cryptocurrency mining purposes and credential theft. The group is using a new detection evasion tool, copied from open source repositories. The purpose of this blog is to share new technical intelligence and provide detection and analysis options for defenders.