Counterintelligence Archives

Take Stock of Cyber Risk in Light of Russian Cyber Activity

Many leaders in enterprise information security and IT operations organizations are taking stock of the potential for risk due to cyber operations between Russia and western countries that show support for Ukraine. Russian President Putin has said there will be “consequences” for nations that interfere, which could come in the form of cyberattacks, particularly on […]

Advice for Defenders Responding to the log4j Vulnerability CVE-2021-44228

Binary Defense Security Operations, Engineering, and Threat Hunting analysts have been working alongside our clients and our friends in the infosec community to mitigate the threat to organizations as a result of the critical Apache log4j vulnerability that is actively being exploited by threat actors. We are especially thankful for our colleagues at TrustedSec, who […]

An Overview of the Unethical Services Offered on the Darknet

By: Dan McNemar Editor’s Note: Binary Defense does not condone, nor does it offer, the services described in this post. We protect businesses against many of the actions taken by the criminals offering these services. It is not a new concept that criminals use the Darknet to buy and sell products and information. Everyone has […]

Intro to Threat Hunting

If you’ve been around the information security community, you’ve probably heard the term “Threat Hunting” and considered how you can apply these techniques to enhancing the security of your organization’s network and computer systems. In this blog post, we’re going to describe what threat hunting means, how you can get started, and what you’re going […]

An Updated ServHelper Tunnel Variant

James Quinn, Threat Researcher for Binary Defense Executive Summary Binary Defense Researchers discovered active Command and Control (C2) servers and a new version of ServHelper, a malicious Remote Desktop Protocol (RDP) backdoor program known to be used by the threat group TA505. TA505 is a financially motivated threat group that has been active since at […]

Disney+ Account Passwords Found on Dark Web: Prevent Your Account from Being Sold

As reported by ZDNet, Fox News and other news sources this week, a large number of usernames and passwords for accounts with Disney’s new and extremely popular video streaming service, Disney+, appeared for sale on criminal forums and Darknet hidden websites, accessible only via the Tor network. Binary Defense Intelligence Analysts observed a significant amount […]

Ransomware: what is it, and why should your organization be concerned?

Businesses of all sizes can be a target for ransomware attacks. Small business owners might think a hacker will ignore their organization in favor of a larger company with more data. In fact, small businesses are the low-hanging fruit of cybercriminals everywhere. This is partly because small-to-medium business owners think “it won’t ever happen to […]

Identifying Threats: Why Behavior Matters

Attacker methods are evolving. Join us for an upcoming webinar to learn why cybersecurity teams must identify and track suspicious behaviors and patterns to stay a step ahead.

SOC Alert! Uptick in Ursnif Distribution

Binary Defense has noticed a recent uptick in Ursnif distributed using Reply-Chain attacks and password protected .zip files across multiple clients. Inside of the .zip files will be documents containing macros which execute and reach out to a Ursnif distribution server to download the payload. The Reply-Chain attacks are carried out by infecting one victim, accessing their emails, locating […]

TrickBot: Ono! New Tricks!

During the past few weeks, my team and I (The Binary Defense Security Operations Center Threat Hunters), have been tracking a TrickBot gtag that has been behaving differently compared to the other TrickBot gtags. In those weeks, we observed differences in its: Distribution Runtime Post-infection High-level TrickBot Exploitation Flow TrickBot’s actions in runtime Let’s look […]

Don’t Fall Victim to Wire Transfer Fraud: Tips to Stay Safe

Hackers employ a multitude of methods in order to gain access to a company’s data, but at the end of the day, they are looking for the fastest route to payday. One such method is known as a wire transfer scam. This scam has been around for a while; you’ve surely heard of the famous […]

Phishing Financial Firms is Big Business

Cyberattacks on financial institutions in the US occur at the staggering rate of approximately 30 times per second. The reality is while major news outlets report on wide-scale breaches such as the 143 million US resident records accessed in the Equifax breach, countless other successful breaches happen daily that don’t earn national headlines. Information security […]

12 Essentials for a Successful SOC Partnership

Cyber War: Hackers’ Transformation from Cyber Criminals to Hacktivists

The war in Ukraine and its impact on how China views Taiwan

A Day in the Life of a SOC Analyst

Tag: Counterintelligence