Take Stock of Cyber Risk in Light of Russian Cyber Activity
Many leaders in enterprise information security and IT operations organizations are taking stock of the potential for risk due to cyber operations between Russia and western countries that show support for Ukraine. Russian President Putin has said there will be “consequences” for nations that interfere, which could come in the form of cyberattacks, particularly on […]
Binary Defense Named a Leader by Forrester in The Forrester Wave™: Managed Detection and Response, Q1 2021
I’m really proud of our team! Binary Defense has been named a “Leader” in the Forrester Wave™ Managed Detection & Response, Q1 2021 Evaluation. Forrester is one of the most respected analyst firms because they truly provide unbiased reviews of emerging technology and services. The report evaluates the 15 most significant managed detection and response […]
Ransomware: what is it, and why should your organization be concerned?
Businesses of all sizes can be a target for ransomware attacks. Small business owners might think a hacker will ignore their organization in favor of a larger company with more data. In fact, small businesses are the low-hanging fruit of cybercriminals everywhere. This is partly because small-to-medium business owners think “it won’t ever happen to […]
SOC Alert! Uptick in Ursnif Distribution
Binary Defense has noticed a recent uptick in Ursnif distributed using Reply-Chain attacks and password protected .zip files across multiple clients. Inside of the .zip files will be documents containing macros which execute and reach out to a Ursnif distribution server to download the payload. The Reply-Chain attacks are carried out by infecting one victim, accessing their emails, locating […]
TrickBot: Ono! New Tricks!
During the past few weeks, my team and I (The Binary Defense Security Operations Center Threat Hunters), have been tracking a TrickBot gtag that has been behaving differently compared to the other TrickBot gtags. In those weeks, we observed differences in its: Distribution Runtime Post-infection High-level TrickBot Exploitation Flow TrickBot’s actions in runtime Let’s look […]
Don’t Fall Victim to Wire Transfer Fraud: Tips to Stay Safe
Hackers employ a multitude of methods in order to gain access to a company’s data, but at the end of the day, they are looking for the fastest route to payday. One such method is known as a wire transfer scam. This scam has been around for a while; you’ve surely heard of the famous […]
Phishing Financial Firms is Big Business
Cyberattacks on financial institutions in the US occur at the staggering rate of approximately 30 times per second. The reality is while major news outlets report on wide-scale breaches such as the 143 million US resident records accessed in the Equifax breach, countless other successful breaches happen daily that don’t earn national headlines. Information security […]
Secure Your Site(s): Avoid SSL/TLS Certificate Expiration
Not too many years ago, a few websites began adding an extra layer of security in the form of Secure Sockets Layer (SSL) certification. Today, most legitimate business sites are sure to have SSL certificates installed. Many of the SSL certificates installed and available today are actually Transport Layer Security (TLS) certificates, although they are […]
Using Sysmon and ETW For So Much More
Recently the team over at Microsoft’s SysInternals team Mark Russinovich and Thomas Garnier landed a new version of Sysmon v10 which adds a new event ID type Event ID 22 (DNS). If you are not familiar with Sysmon, it’s a free tool from Microsoft which incorporates a number of enhanced events from the operating system, […]
Gh0stCringe (Formerly CirenegRAT)
Since early December, 2018, I’ve been seeing a new type of Gh0stRAT-like malware being distributed over SMB. This sample has been dubbed Gh0stCringe by @James_InThe_Box on twitter. While the network communications of this new malware is very similar to that of Gh0stRAT, there are some key differences: Instead of the use of Zlib compression on […]
Binary Defense surges amid awareness, product launch
Credit: Crain’s Cleveland Business Crain’s Cleveland Business recently published an article on the growth of Binary Defense. Binary Defense CEO, Mike Valentine, explains how hackers are using different methods of attacks. “Today’s savvy malware perpetrators offer customer-support lines to help their victims figure out how to buy cryptocurrency, like bitcoin, to pay the ransom. They […]
Threat Intelligence: Employees’ Private Data Compromised in Airbus Data Breach
Aeronautical giant Airbus has recently discovered a breach in their system which led to unauthorized parties accessing employee information. The company assured that none of their commercial operations were affected. Information such as employee contact details and IT identification details were accessed. “Investigations are ongoing to understand if any specific data was targeted, however, we […]
