849 matches found
Delivering Intrinsic, Intelligent and Informed Security: VMware Completes Acquisition of Carbon Black
Editor's Note: This blog also appears on VMware's Newsroom. We are delighted to announce that VMware has completed its acquisition of endpoint security leader Carbon Black. With this move, VMware is launching a new Security Business Unit under the leadership of Patrick Morley, who has led Carbon...
Using MixMode and Carbon Black to Spot a Watering Hole Attack
For those not familiar with watering hole attacks, they are attacks on a specific place—such as a restaurant—that many people visit. They generally involve malicious code being injected into an iframe on the company’s website. In the case of a restaurant, for example, the online menu would be a...
Partner Perspectives: Disrupt Advanced Threats with Blumira + Carbon Black
Matt Warner is the CTO of Blumira. Modern security challenges are not easy to fix or even identify, and despite misleading advertising from some vendors, there is no one-size-fits-all solution. Blumira frequently observes large visibility gaps in existing security implementations, allowing obviou...
CB TAU Threat Intelligence Notification: Nemty Ransomware
While Nemty Ransomware is distributed by various exploit kits, its behavior is similar to other variants of ransomware. It will perform “task kill” on processes to ensure the encryption of files such as databases SQL server, perform the deletion of volume shadow copies, and disable Windows...
CB Threat Analysis Unit: Technical Analysis of “Crosswalk”
The technical analysis is related to the TAU-TIN for the same malware which can be located in this post. FireEye recently reported on APT41, a Chinese state sponsored espionage group. The group has been documented as targeting healthcare, high-tech, and telecommunications companies for traditiona...
CB TAU Threat Intelligence Notification: Qbot/Qakbot Attempts to Evade Detection By Overwriting Itself
Qbot, or Qakbot, is a banking trojan that has been seen in the wild for at least 10 years. Recent campaigns have been often delivered by exploit kits and weaponized documents delivered via context-aware phishing campaigns. Qbot has also been suspected of delivering MegaCortex ransomware. Many...
CB TAU Threat Intelligence Notification: JSWorm Ransomware Encrypts Files, Amends File Extensions
JSWorm Ransomware is a well known ransomware malware that has been seen in the wild for years and has been discovered updated to version 4. After it performs file encryption, it will append “.Generated IDContact Email.JSWRM” as file extension to the encrypted file and display the ransom note in...
CB TAU Threat Intelligence Notification: Common to Russian Underground Forums, AZORult Aims to Connect to C&C Server, Steal Sensitive Data
AZORult is an info stealing trojan that will steal various sensitive data from the victim's computer. It is commonly sold in Russian underground forums and is often actively being delivered via spear-phishing campaigns or, as in the recent attack, distributed via a fake website, pretending to be...
CB TAU Threat Intelligence Notification: Formbook Harvests Data By Intercepting Clients
Formbook is an information stealer which has been around for the past few years. Formbook acts as a form grabber which harvests credentials, passwords, banking details, key strokes and network requests, by intercepting web browser and other clients such as email and IM. The particular sample...
Building a New Language for Data Processing
Building a New Language for Data Translation In previous posts, we’ve talked about the plan for and implementation of EQR Event Query Router—a system we created to solve the problem of querying large quantities of disparate data by end-user analysts in real-time. As with any major project, we fac...
Congratulations to our Query of the Month Winner for August 2019!
Our Query of The Month competition recognizes the top community-shared query that provides value to other Osquery users. To determine the query of the month, our team selects the customer query that has the most engagement or helps solve an important problem. The winner of the contest each month...
The Role of Human Error in Cyberattacks
One surefire way to guarantee cybersecurity is to restrict access to or stay off the internet. Unfortunately, this isn’t a feasible option, since the internet is such a crucial part of day-to-day life. As such, companies work to protect their data with endpoint security, selecting reputable web...
The 10 Most Common Attacks
This post is an excerpt from The Ultimate Cybersecurity Guide for the IT Professional. Common Attacks Today’s organizations face four main categories of adversaries. In order to fully defend against these four types, you must also understand what motivates them. This context will best position yo...
Partner Perspectives: Endpoint Protection & Asset Management: Making Sure Everything That Should Be Protected, Is Protected
It’s a common refrain in cybersecurity: you can only protect what you can see. And while advances in endpoint protection technology have drastically increased the security of devices, organizations still struggle to understand which assets they have, and whether they’re properly covered by securi...
Introducing the Cognitive Attack Loop and Its 3 Phases
At Carbon Black, we believe that the more insight we have into cybercriminal behavior, the more effective our technology can be at successfully recognizing suspicious activity and combating it. By conducting behavioral threat research, we discover new patterns attackers are using across the kill...
7 Hidden Signs That Your Network is Under Attack
Editor’s Note: Sam Bocetta, a guest author on the Carbon Black blog, is a freelance journalist specializing in U.S. diplomacy and national security, with emphases on technology trends in cyber warfare, cyber defense, and cryptography. When you think of hackers, do you picture some teenage prodigy...
The Need for an Updated Kill Chain
“Cyber Kill Chain” The “Cyber Kill Chain”—created in 2011 by Lockheed Martin—was designed to be a model that “identifies what…adversaries must complete in order to achieve their objective.” This framework has been widely used through the cybersecurity world and informs prevention-heavy strategy. ...
CB Threat Analysis Unit Technical Breakdown: GermanWiper Ransomware
Editor's Note: The TAU-TIN related to this write up can be located here. GermanWiper Ransomware was found distributed via spam email campaign in Germany. It’s a data-wiping malware and the ransom note was written in German language. The malware pretends to be ransomware but is actually a wiper th...
Implementing EQR — Creating a Solution for Real-Time Processing of Disparate Big Data Sources
Building an Event Query Router for Big Data Translation and Processing In a previous post, we discussed the data engineering challenge of scaling security. Analyzing the volume and variety of data required by a cybersecurity application isn’t an easy process, so we are always looking for innovati...
How To Handle Evolutions in Cybercrime
Cybercriminals are Evolving Attackers are constantly evolving their techniques—finding ways to evade your defenses and stay in your systems longer. Today, 68% of attacks remain undetected for months or more. Traditional antivirus AV can’t hold up against the modern hacker. New attacks, like...
CB TAU Threat Intelligence Notification: Winnti Malware 4.0
Winnti is a family of malware used by multiple Chinese threat actors like APT41. Carbon Black’s Threat Analysis Unit TAU is providing this technical analysis, YARA rules, IOCs and product rules for the research community. Behavioral Summary Winnti malware is installed manually with stolen...
CB TAU Threat Intelligence Notification: State-Sponsored Espionage Group Targeting Multiple Verticals with ‘Crosswalk’
FireEye recently reported on APT41, a Chinese state-sponsored espionage group. The group has been documented as targeting healthcare, high-tech, and telecommunications companies for traditional corporate espionage purposes. Additionally this group has also targeted companies in the video game...
The “New” Easy Target: State and Local Governments, Education
One of the “new” easy targets for cybercriminals are state governments, local governments and educational institutions. Over the past few months, we have seen several national news stories of cities, like Baltimore, that have been crippled by cybercrime, specifically ransomware attacks. However,...
CB Partner Spotlight Series: Slipstream Cyber Security
Slipstream Cyber Security is a managed cyber-security service provider enterprise with a Cyber Security Operations Centre CSOC is located in Perth, Western Australia. Staffed by experienced security professionals with backgrounds in cyber operations, anti-fraud, intelligence and more, the team...
The Future of Cloud Endpoint Protection Platform Starts Now
Each year, Gartner evaluates each competitive market according to customer feedback, detailed vendor surveys, and video demonstrations of the capabilities in action. Their flagship report for this analysis is the Magic Quadrant, and this year’s Endpoint Protection Platform EPP report has a lot to...
CB Customer Spotlight: Q&A with MEDNAX’s Don Cox
With over 30 years of experience in the technology landscape, Don Cox knows what it takes to be a leader in the industry. Currently residing as the CISO at MEDNAX, the physician-led healthcare organization headquartered in Sunrise, FL, Cox is responsible for cyber operations and engineering,...
The Next Chapter in Our Story: VMware + Carbon Black
I am excited to share with you a significant milestone in Carbon Black’s history. Earlier today, Carbon Black entered into a merger with VMware, who as of moments ago announced its intention to acquire Carbon Black. You can also read the press release with more details here, but first I’d like to...
The Twists and Turns on the Road to Binee
On August 10, we introduced Binee—a binary emulation environment—to the world at DEFCON and, in an earlier blog, we shared a little bit of how and why we created this tool. Today, Binee is a tool that malware researchers can use as part of their reverse engineering processes. It’s an open-sourced...
CB TAU Threat Intelligence Notification: GermanWiper Ransomware
GermanWiper Ransomware was found distributed via spam email campaign in Germany. It’s a data-wiping malware and the ransom note was written in German language. The malware pretends to be ransomware but is actually a wiper that destroys the data instead of encrypting it. Figure 1: Screenshot of th...
CB TAU Threat Intelligence Notification: Sodinokibi Ransomware
Sodinokibi otherwise known as Sodin or REvil is a ransomware variant that has recently been observed evolving its delivery techniques, leveraging fake antivirus software and PowerShell droppers. This malware appears to be related to GandCrab and is likely a result of their operation closing up...
CB TAU Threat Intelligence Notification: Trickbot Banking Trojan Continues to Evolve
There has been various coverage recently regarding newly identified Trickbot samples found in the wild. A recent sample identified by TAU includes additional techniques that leverage LOLBin's, which are used by Trickbot to enumerate the network environment, and additionally perform a dump of the...
The 4 Types of Attackers and Their Motives
This post is an excerpt from The Ultimate Cybersecurity Guide for the IT Professional. Attackers + Their Motives Today’s organizations face four main categories of adversaries. In order to fully defend against these four types, you must also understand what motivates them. This context will best...
Congratulations to our Query of the Month Winner for July 2019!
Our Query of The Month competition recognizes the top community-shared query that provides value to other Osquery users. To determine the query of the month, our team selects the customer query that has the most engagement or helps solve an important problem. The winner of the contest each month...
CB TAU Threat Intelligence Notification – Karagany Malware
Secureworks recently reported in regards to an update of Karagany malware last month. The malware is used by the IRON LIBERTY threat group also known as DragonFly2.0 and Energetic Bear, targeting energy companies and organizations. Carbon Black Threat Analysis Unit TAU provides the product rules ...
CB TAU Threat Intelligence Notification: Smominru Botnet Leverages New Attack Techniques
Carbon Black’s Threat Analysis Unit TAU and CB ThreatSight discovered the resurgence of a previously active crypytomining botnet campaign called Smominru. This campaign has evolved since its original discovery in the latter half of 2017, leveraging new techniques including LOLbins, polymorphic...
Binee: Outsmarting Malware with Next-Generation Process Emulation
The Problem with Malware Analysis Threat researchers get thousands of samples of malware every day and, as every researcher knows, it is very difficult to analyze them in a way that allows for intelligent decisions regarding whether a sample’s reputation is good or bad. There are already some qui...
Announcing New CB ThreatHunter App for Phantom
Today’s cybersecurity landscape is facing multiple challenges - and not just from cyber attackers. Security teams are understaffed and struggling to find the talent they need to complete their day-to-day tasks, with limited visibility across their security stack. To address these challenges, SOC...
Carbon Black Threat Analysis Unit (TAU) Uncovers Significant Evolution of Popular Cryptomining Campaign Affecting More than 500,000 Computers
Carbon Black’s CB Threat Analysis Unit TAU has uncovered a secondary component in a well-known cryptomining campaign. The malware has been enhanced to also steal system access information for possible sale on the dark web. Combined together, this attack is being classified as “Access Mining.” Thi...
Lessons from a CISO: 15 Ways to Do More with Less
This post originally appeared in Carbon Black's User Exchange Community. I’ve learned a ton of lessons over my years in the InfoSec world. I’ve made a lot of the right calls, but also a bunch of wrong ones. One of the lessons I have learned is how to operate in an environment of scarcity. This...
How To Build a Better Bug Bounty Program
Editor’s Note: Sam Bocetta, a guest author on the Carbon Black blog, is a freelance journalist specializing in U.S. diplomacy and national security, with emphases on technology trends in cyber warfare, cyber defense, and cryptography. Every software company in the world, regardless of whether the...
Introducing the Cognitive Attack Loop and the 3 Phases of Cybercriminal Behavior
We have a fundamental saying at Carbon Black: “Cybersecurity is all about the data.” I love this saying. In understanding the data, we can better understand behaviors. And, in better understanding behaviors, we can better understand attackers. Much like a detective in the physical world pieces...
CB TAU Threat Intelligence Notification – MegaCortex Ransomware
MegaCortex is a unique form of ransomware that was initially discovered earlier this year. It proved to be a very complex form of malware that required additional steps of operation that were only recoverable during incident responses. Since then, MegaCortex has been updated to become more generi...
Flexible and Controlled Openness: Carbon Black’s API Approach
At Carbon Black, we believe that making our customers successful requires both an open platform and the control they need to build endpoint protection into the ideal security processes they’ve designed for their specific organization. From maintaining relationships with our 100+ integration...
CB Customer Spotlight: Q&A with Chick-fil-A’s Geoffrey Cole
In his 3-year tenure at Chick-fil-A’s Atlanta headquarters, Geoffrey Cole has already made a big impact in the company’s cybersecurity posture. Starting in systems engineering, Cole then moved to managing the endpoint security suite for both the corporate hub and satellite restaurants, and now...
VIDEO: Utilizing Tape Storage as a Malware Failsafe
Tape storage is commonly accepted as a cost-effective backup target, and it also can play an even more strategic role in combatting cybercrime. In a recent video with Storage Switzerland, Lead Analyst George Crump and David Balcar, security strategist for Carbon Black, discussed how to use tape...
Introducing EQR — The Need for Petabyte-Scale Real-Time Analysis
Making Fast Decisions from Lots of Data One of the most difficult things to solve for in the Security industry is scale. Security is essentially a big data problem—data that is dynamic, and variadic. You need to correlate lots of disparate data elements that contain dynamically changing parameter...
Lessons Learned from the Incident Response Trenches: Investigating and Eradicating Kwampirs
Kroll has deployed CB Response during hundreds of cyber investigations because it can provide insights throughout each stage of the incident response IR process see graphic. One of Kroll’s recent investigations, which involved the Kwampirs malware, illustrates how CB Response helps uncover critic...
CB TAU Technical Analysis: DLTMiner Campaign Targeting Corporations in Asia
A CB customer recently provided a series of commands that they had observed for analysis. The customer felt that the associated attacker activity may have been attempting to tamper with the Carbon Black product. It turned out they were not, but the attackers were specifically looking for the...
Partner Perspectives: From Alert to Action: How VMRay Provides Carbon Black with Detail-Rich Threat Intelligence
Good things happen when two leaders in their respective fields bring together their complementary capabilities. That’s the case with Carbon Black’s deep expertise in endpoint detection and response EDR and VMRay’s singular focus on dynamic malware analysis. The sum ends up being even greater than...
Our Approach to Data Engineering
Our Approach to Data Engineering At Carbon Black, our R&D team is working on the cutting edge of data engineering. We’ve developed our own language and make our data compile down to bytecode to process super-fast. We’re pushing the boundaries of Kubernetes and Kinesis. And we’re having a blast...