1/13/2016 Update: The blog has been updated to reflect the translation of the BlackEnergy word document. On January 4th, ESET released an amazing blog post about the BlackEnergy Trojan being used to attack power companies in the Ukraine to knock out the power in some areas. While this is not the first time we’ve seen cyber attacks become kinetic, the BlackEnergy attacks could have been prevented.
Analysis overview: 8 million emails over a 13 month span 75% of organizations are training more than 1,000 employees Representing organizations from US (86%) and Europe (14%) Representing 23 industries Tackling a mountain of unmined data in search of answers can be a daunting task. Starting from scratch, we understood that we would likely face challenges to our pre-conceived notions of what works well and were prepared to accept what the data would tell us, however challenging it might be. Our goals were simply to understand what and how much data was available for analysis. We began with basic questions;…
During malware analysis we often see attackers using features in creative ways to deliver and obfuscate malware. We’ve recently seen an increase with samples leveraging RTF temp files as a delivery method to encapsulate and drop malware.
CNBC Squawk Box Tackles Multi-Billion Dollar Enterprise Phishing Problem, Taps PhishMe CEO Rohyt Belani for Expert Opinion
NEW YORK, NEW YORK — This morning, CNBC Squawk Box anchors tackled the enterprise phishing scourge with the assistance of PhishMe CEO and recognized cybersecurity thought leader, Rohyt Belani. As pointed out by anchor Andrew Ross Sorkin at the beginning of the segment, phishing attacks are responsible for more than 90 percent of the major data breaches taking place today and were cybercriminals’ primary attack vector for recent compromises at the OPM and Anthem.
When reversing malware samples, one of the things that we as analysts look for are places where the attackers slip up. This can be anywhere from using the same strings, to weak obfuscation routines, or re-using the same snippet of code. When we talk about the attackers, there is this misconception that they are these super villains who can only do evil, but keep in mind they are humans too.
When people refer to PhishMe as the awareness company, we smile and nod. I want to correct them, but the label ‘security awareness’ is comfortable and relatable. One of the activities that organizations commonly believe will help reduce risk is mandatory security awareness computer-based training (CBT) lessons. The hope is that if we enroll our humans in online courses about how the bad guys hack us, they will walk away with a wealth of new-found awareness and avoid being victimized. (Try to visualize how far in the back of my head my eyes are rolling…)