latest insights

seculert blog

Unsplashed background img 1

Possible Nation State Attackers ProjectSauron to Covertly Eavesdrop on Government Organizations

InfoSec professionals know that most so-called Advanced Persistent Threats (APTs) are, frankly speaking, not truly APTs. But every now and then, a real persistent attack using different advanced evasive techniques emerges on the cyber threat landscape, and it’s critical for organizations to sit up and take notice. And the most recent addition to this Most Unwanted List is courtesy of a hacker group calling itself ProjectSauron.

read more

There's a hole in my bucket, dear Liza

Say you’ve got a bucket with some holes in it. Much like Henry in the famous song, you would really like to mend them. But, before you actually mend the holes you would need to discover whether you do have open holes, or maybe all of them are already mended.

Similarly, as the person in charge for the security of your enterprise network, you would most likely want to know if your web gateway (whether it’s a proxy, a secure web gateway, or next gen firewall) will be able to block the attackers’ tools from communicating back to the attackers. Because, we all know by now that eventually an attacker will be able to get inside your network and compromise at-least one of the devices. In fact, in our recent research we discovered that an average of 2% of the devices in a typical enterprise environment are already compromised.

This is exactly why Seculert created Javelin. Javelin is an attack simulator, which will “pour water” across your network environment and will try to reach out to places which your web gateway should have already blocked.
In order to do that, we have picked the top and latest bad actors that we could find by analyzing the traffic logs of our 2 million enterprise users. We then safely simulate the outbound communication behavior of each of the tools those bad actors are using in their attacks. You then have instant visibility on whether your web gateway was able to block those potential attacks or not. This is all done without the need to install any software or hardware.

If your web gateway is configured properly, and it is really is able to protect you against the latest attacks, you should see a result similar to this:

read more

What to Look for in Machine Learning Based Security Solutions

After a relentless stream of high profile data breaches, the spotlight is on corporations to improve their security operations. As the recent disclosure from Experian demonstrated, even enterprises with the most sophisticated prevention layers are vulnerable. Most CISOs are now searching for “post-prevention” systems that can provide visibility on active attacks that have defeated their prevention systems.

read more

DGA.Changer Playing The Imitation Game With Sandboxes

Seculert researchers closely follow the evolution of major malware families while examining the behavioral malware profiles that are a core part of our breach analytics platform. Back in 2013 I wrote about the enhancements to the DGA.Changer malware that allowed it to change its seed which in turn allowed  it to connect to a different stream of domain names.

read more

New Dyre Version- Yet Another Malware Evading Sandboxes

Last fall, we posted about the new tricks of the Tinba trojan. Now the Dyre malware, another trojan, has some new tricks of its own.

read more

Perimeter Security Defenses: A Technical Review

As my colleague and co-founder, Dudi Matot, noted in his Perimeter Security Defense: Time to “Think Different”? post last week, we’ve just finished a very interesting piece of Big Data research focused on the behavior of the malware that has succeeded in infecting our customer’s networks. Just to set a little context, all of Seculert’s customers run very sophisticated, multi-layered malware prevention systems that include Next Generation Firewalls, modern Intrusion Prevention Systems, inline sandbox technologies, Secure Web Gateways, and current endpoint security. These are some of the most cyber-security oriented enterprises on earth and yet they are still finding malware infecting their networks on a daily basis.

read more

DGAs: A Domain Generation Evolution

You may remember hearing about Domain Generating Algorithms, aka DGAs, from our coverage of the PushDo malware or from the malware we dubbed DGA.Changer, or more recently from our post on the Tinba Trojan. Malware threats that contain DGAs are not new, but they are more difficult to prevent and detect.

read more

Tiny Tinba Trojan Could Pose Big Threat

In July 2014, the original source code of Tinba was made public in an underground forum. This leaked version comes with complete documentation and full source code. This follows other source code leaks from much more infamous and prevalent threats, which researchers worry that attackers could use as the basis for new versions. Similar to what happened with the 2011 Zeus source code leak that then lead to the creation of Citadel.

read more

Subscribe to Email Updates

Contact Us

Unsplashed background img 2