latest insights

seculert blog

Unsplashed background img 1

Nymaim: Deep Technical Dive - Adventures in Evasive Malware

Nymaim is mostly known worldwide as a downloader, although it seems they evolved from former versions, now having new functionalities to obtain data on the machine with no need to download a new payload. Some of the exported functionalities allow harvesting passwords and browsers data from the machine, hidden on the file system until communication occurs. Payloads downloaded from the C&C are not saved locally on the machine but instead are loaded dynamically to memory with a unique internal calling convention.

One of the signature features I noticed when I began analyzing the Nymaim payload were the novel anti-reverse engineering and obfuscation techniques. Frustrating the analyzer many different code pieces for the same function requires piecing them together in order to fully understand the code. Most of the code is heavily obfuscated using ‘spaghetti code’ methods but we'll dive into that in a 1 (bit).

read more
Oct 11, 2016 5:30:00 AM

Ursnif: Deep Technical Dive

While attack tools around the world are stealthy and stay under the radar, we at Seculert examine many different malicious tools. This is done to stay at least one step ahead of the attackers, and improve our advanced analytics technology to detect their artistic evasive techniques.

read more

Possible Nation State Attackers ProjectSauron to Covertly Eavesdrop on Government Organizations

InfoSec professionals know that most so-called Advanced Persistent Threats (APTs) are, frankly speaking, not truly APTs. But every now and then, a real persistent attack using different advanced evasive techniques emerges on the cyber threat landscape, and it’s critical for organizations to sit up and take notice. And the most recent addition to this Most Unwanted List is courtesy of a hacker group calling itself ProjectSauron.

read more

Security Analytics: A "Top Four" Topic At Black Hat

A significant and respected collective of global IT security professionals congregate in the U.S. twice yearly, for RSA during the mild and temperate San Francisco winters, and later for Black Hat & Defcon, annually held in the sweltering and abysmal heat of a Las Vegas August.

Unfriendly outdoor temperatures aside, last week's #BHUSA 2016 featured all of the usual demonstrations of 'how to hack anything with a network connection', keynotes by industry luminaries, and parties (it is Vegas after all). The problem with being on the ground at Black Hat is that no matter how much effort you expend, it's only possible to see and absorb a portion of it - even if you spend every waking hour in sessions or on the show floor. Thus, I've made it a ritual to review and read what other attendees had to share in the aftermath of these conferences.

read more

451 Research Report on Javelin Attack Simulator

Those of you who follow this space may likely have noticed Seculert's announcement of a significant product line extension 60 days ago. The "Seculert Javelin Attack Simulator" is the culmination of our efforts to extend a critical piece of the knowledge embodied in Seculert's "Attack Detection Platform" to a wider audience.

read more
May 19, 2016 12:06:19 PM

There's a hole in my bucket, dear Liza

Say you’ve got a bucket with some holes in it. Much like Henry in the famous song, you would really like to mend them. But, before you actually mend the holes you would need to discover whether you do have open holes, or maybe all of them are already mended.

Similarly, as the person in charge for the security of your enterprise network, you would most likely want to know if your web gateway (whether it’s a proxy, a secure web gateway, or next gen firewall) will be able to block the attackers’ tools from communicating back to the attackers. Because, we all know by now that eventually an attacker will be able to get inside your network and compromise at-least one of the devices. In fact, in our recent research we discovered that an average of 2% of the devices in a typical enterprise environment are already compromised.

This is exactly why Seculert created Javelin. Javelin is an attack simulator, which will “pour water” across your network environment and will try to reach out to places which your web gateway should have already blocked.
In order to do that, we have picked the top and latest bad actors that we could find by analyzing the traffic logs of our 2 million enterprise users. We then safely simulate the outbound communication behavior of each of the tools those bad actors are using in their attacks. You then have instant visibility on whether your web gateway was able to block those potential attacks or not. This is all done without the need to install any software or hardware.

If your web gateway is configured properly, and it is really is able to protect you against the latest attacks, you should see a result similar to this:

read more

2016: Smarter Bad Guys, Better-Armed Good Guys

By InfoSecurity Magazine on November 25, 2015

read more

Seculert Revamps Incident Review Workflow in Seculert Web Portal [Product Update]

When responding to cyber attack incidents SOC teams need to be able to prioritize and to minimize time between alert and containment.

read more
Nov 15, 2015 6:30:00 AM

Seculert Emphasizes Visibility for Security Executives [Product Update]

Through a new dashboard, IT executives can gain visibility into the cyber threats successfully targeting their organization and benchmark effectiveness of their response processes.

read more
Nov 10, 2015 12:11:56 PM

What to Look for in Machine Learning Based Security Solutions

After a relentless stream of high profile data breaches, the spotlight is on corporations to improve their security operations. As the recent disclosure from Experian demonstrated, even enterprises with the most sophisticated prevention layers are vulnerable. Most CISOs are now searching for “post-prevention” systems that can provide visibility on active attacks that have defeated their prevention systems.

read more

Subscribe to Email Updates

Contact Us

Unsplashed background img 2