Ransomware: what is it, and why should your organization be concerned?

Businesses of all sizes can be a target for ransomware attacks. Small business owners might think a hacker will ignore their organization in favor of a larger company with more data. In fact, small businesses are the low-hanging fruit of cybercriminals everywhere. This is partly because small-to-medium business owners think “it won’t ever happen to […]

SOC Alert! Uptick in Ursnif Distribution

Binary Defense has noticed a recent uptick in Ursnif distributed using Reply-Chain attacks and password protected .zip files across multiple clients. Inside of the .zip files will be documents containing macros which execute and reach out to a Ursnif distribution server to download the payload. The Reply-Chain attacks are carried out by infecting one victim, accessing their emails, locating […]

Using Sysmon and ETW For So Much More

Recently the team over at Microsoft’s SysInternals team Mark Russinovich and Thomas Garnier landed a new version of Sysmon v10 which adds a new event ID type Event ID 22 (DNS). If you are not familiar with Sysmon, it’s a free tool from Microsoft which incorporates a number of enhanced events from the operating system, […]

Gh0stCringe (Formerly CirenegRAT)

Gh0stCringe Malware communicating its login packet to my server

Since early December, 2018, I’ve been seeing a new type of Gh0stRAT-like malware being distributed over SMB.  This sample has been dubbed Gh0stCringe by @James_InThe_Box on twitter.  While the network communications of this new malware is very similar to that of Gh0stRAT, there are some key differences: Instead of the use of Zlib compression on […]

Credential Stuffing…A Side Effect of Data Breaches

credential stuffing

Credential stuffing is a type of brute force cyberattack which uses automation in an effort to gain unauthorized access to systems around the world…and it all starts with a simple data breach. Data from One Breach Poses Risks to Additional Systems An alarming number (almost half) of people use the same or similar password across […]

Threat Intelligence: Nine Adware Apps Discovered on Play Store

Threat Intelligence Nine Adware Apps Discovered on Play Store

Unwanted ads are being hidden within nine apps found on the Google Play Store and have been flooding users’ devices. One of the apps has already been downloaded five million times while the total of the nine apps is nearly eight million globally. These apps are non-functioning and are placed specifically to deploy adware in […]

Binary Defense and Ingram Micro Announce Strategic Distribution Relationship

Binary Defense and Ingram Micro Announce Strategic Distribution Relationship

Binary Defense™—a leader in Managed Endpoint Detection and Response (EDR) now with built-in Endpoint Platform Protection (EPP)—today announced it has entered into a distribution relationship with Ingram Micro Inc., a global force in technology solutions, mobility, cloud, and supply chain services. The relationship will add significant value to customers by more easily addressing specific regional […]

EvilOSX

On February 14th, 2018, a new variant of an OS X RAT called “EvilOSX” has appeared on Github. A RAT (Remote Access Trojan) is a type of malware designed to control the infected system remotely. With 21 code changes in the 9 days since its initial release, it appears to be under active development. EvilOSX […]

Social Media: The Overlooked Critical Infrastructure of Chinese Manufacturing

It is no doubt that social media has a hold on people around the world, but it has an especially mesmerizing effect on the factory workers of China’s migrant manufacturing towns.  In a number of formerly rural communities, China has set up large manufacturing towns which have begun to fill with migrants from the countryside […]

Massive Botnet Turns Windows Machines into Miners

Researchers have discovered a massive botnet that has taken over half a million Windows devices and turned them into cryptocurrency miners. The botnet has been dubbed “Smominru” and is powered by the NSA exploit EternalBlue. The botnet peaked at 526,000 nodes and can regenerate itself which makes this botnet very powerful. It has mined 8,900 […]