Triton Malware Spearheads Latest Attacks on Industrial Systems | McAfee Blogs

ARCHIVED STORY Triton Malware Spearheads Latest Attacks on Industrial Systems Alexandre Mundo · MAR 26, 2020 Malware that attacks industrial control systems ICS, such as the Stuxnet campaign in 2010, is a serious threat. This class of cyber sabotage can spy on, disrupt, or destroy systems that...

Ransomware Maze

ARCHIVED STORY Ransomware Maze Alexandre Mundo · MAR 26, 2020 Overview The Maze ransomware, previously known in the community as “ChaCha ransomware”, was discovered on May the 29th 2019 by Jerome Segura1. The main goal of the ransomware is to crypt all files that it can in an infected system and...

Triton Malware Spearheads Latest Attacks on Industrial Systems | McAfee Blogs

ARCHIVED STORY Triton Malware Spearheads Latest Attacks on Industrial Systems Alexandre Mundo · MAR 26, 2020 Malware that attacks industrial control systems ICS, such as the Stuxnet campaign in 2010, is a serious threat. This class of cyber sabotage can spy on, disrupt, or destroy systems that...

Ransomware Maze

ARCHIVED STORY Ransomware Maze Alexandre Mundo · MAR 26, 2020 Overview The Maze ransomware, previously known in the community as “ChaCha ransomware”, was discovered on May the 29th 2019 by Jerome Segura1. The main goal of the ransomware is to crypt all files that it can in an infected system and...

SMBGhost – Analysis of CVE-2020-0796

ARCHIVED STORY SMBGhost – Analysis of CVE-2020-0796 By Eoin Carrol - March 12, 2020 The Vulnerability The latest vulnerability in SMBv3 is a “wormable” vulnerability given its potential ability to replicate or spread over network shares using the latest version of the protocol SMB 3.1.1. As of...

SMBGhost – Analysis of CVE-2020-0796

ARCHIVED STORY SMBGhost – Analysis of CVE-2020-0796 By Eoin Carrol - March 12, 2020 The Vulnerability The latest vulnerability in SMBv3 is a “wormable” vulnerability given its potential ability to replicate or spread over network shares using the latest version of the protocol SMB 3.1.1. As of...

Our Experiences Participating in Microsoft’s Azure Sphere Bounty Program | McAfee Blogs

CSI: Evidence Indicators for Targeted Ransomware Attacks – Part II Christiaan Beek · FEB 20, 2020 In our first article we discussed the growing pattern of targeted ransomware attacks where the first infection stage is often an info-stealer kind of malware used to gain credentials/access to...

CSI: Evidence Indicators for Targeted Ransomware Attacks - Part II | McAfee Blogs

CSI: Evidence Indicators for Targeted Ransomware Attacks – Part II Christiaan Beek · FEB 20, 2020 In our first article we discussed the growing pattern of targeted ransomware attacks where the first infection stage is often an info-stealer kind of malware used to gain credentials/access to...

CSI: Evidence Indicators for Targeted Ransomware Attacks - Part II | McAfee Blogs

CSI: Evidence Indicators for Targeted Ransomware Attacks – Part II Christiaan Beek · FEB 20, 2020 In our first article we discussed the growing pattern of targeted ransomware attacks where the first infection stage is often an info-stealer kind of malware used to gain credentials/access to...

Our Experiences Participating in Microsoft’s Azure Sphere Bounty Program | McAfee Blogs

CSI: Evidence Indicators for Targeted Ransomware Attacks – Part II Christiaan Beek · FEB 20, 2020 In our first article we discussed the growing pattern of targeted ransomware attacks where the first infection stage is often an info-stealer kind of malware used to gain credentials/access to...

Introduction and Application of Model Hacking

ARCHIVED STORY Introduction and Application of Model Hacking By Steve Povolny · Febraury 19, 2020 Catherine Huang, Ph.D., and Shivangee Trivedi contributed to this blog. The term “Adversarial Machine Learning” AML is a mouthful! The term describes a research field regarding the study and design o...

Model Hacking ADAS to Pave Safer Roads for Autonomous Vehicles

ARCHIVED STORY Model Hacking ADAS to Pave Safer Roads for Autonomous Vehicles Steve Povolny · FEB 19, 2020 The last several years have been fascinating for those of us who have been eagerly observing the steady move towards autonomous driving. While semi-autonomous vehicles have existed for many...

Model Hacking ADAS to Pave Safer Roads for Autonomous Vehicles

ARCHIVED STORY Model Hacking ADAS to Pave Safer Roads for Autonomous Vehicles Steve Povolny · FEB 19, 2020 The last several years have been fascinating for those of us who have been eagerly observing the steady move towards autonomous driving. While semi-autonomous vehicles have existed for many...

Introduction and Application of Model Hacking

ARCHIVED STORY Introduction and Application of Model Hacking By Steve Povolny · Febraury 19, 2020 Catherine Huang, Ph.D., and Shivangee Trivedi contributed to this blog. The term “Adversarial Machine Learning” AML is a mouthful! The term describes a research field regarding the study and design o...

CSI Evidence Indicators for Targeted Ransomware Attacks

ARCHIVED STORY CSI: Evidence Indicators for Targeted Ransomware Attacks – Part I By Trellix · Febraury 12, 2020 For many years now I have been working and teaching in the field of digital forensics, malware analysis and threat intelligence. During one of the classes we always talk about Lockard’s...

CSI Evidence Indicators for Targeted Ransomware Attacks

ARCHIVED STORY CSI: Evidence Indicators for Targeted Ransomware Attacks – Part I By Trellix · Febraury 12, 2020 For many years now I have been working and teaching in the field of digital forensics, malware analysis and threat intelligence. During one of the classes we always talk about Lockard’s...

Iran Cyber Threat Update

ARCHIVED STORY Iran Cyber Threat Update By Trellix · January 08, 2020 Recent political tensions in the Middle East region have led to significant speculation of increased cyber-related activities. McAfee is on a heightened state of alert to monitor the evolving threats and rapidly implement...

Iran Cyber Threat Update

ARCHIVED STORY Iran Cyber Threat Update By Trellix · January 08, 2020 Recent political tensions in the Middle East region have led to significant speculation of increased cyber-related activities. McAfee is on a heightened state of alert to monitor the evolving threats and rapidly implement...

We Be Jammin’ – Bypassing Chamberlain myQ Garage Doors

ARCHIVED STORY We Be Jammin’ – Bypassing Chamberlain myQ Garage Doors Sam Quinn · JAN 06, 2020 The idea of controlling your garage door remotely and verifying that everything is secure at home, or having packages delivered directly into your garage is enticing for many people. The convenience tha...

The Cloning of The Ring – Who Can Unlock Your Door?

ARCHIVED STORY The Cloning of The Ring - Who Can Unlock Your Door? By Eoin Carroll · January 06, 2020 Steve Povolny contributed to this report. The Cloning of The Ring McAfee’s Advanced Threat Research team performs security analysis of products and technologies across nearly every industry...

We Be Jammin’ – Bypassing Chamberlain myQ Garage Doors

ARCHIVED STORY We Be Jammin’ – Bypassing Chamberlain myQ Garage Doors Sam Quinn · JAN 06, 2020 The idea of controlling your garage door remotely and verifying that everything is secure at home, or having packages delivered directly into your garage is enticing for many people. The convenience tha...

The Cloning of The Ring – Who Can Unlock Your Door?

ARCHIVED STORY The Cloning of The Ring - Who Can Unlock Your Door? By Eoin Carroll · January 06, 2020 Steve Povolny contributed to this report. The Cloning of The Ring McAfee’s Advanced Threat Research team performs security analysis of products and technologies across nearly every industry...

Analysis of LooCipher, a New Ransomware Family Observed This Year

ARCHIVED STORY Analysis of LooCipher, a New Ransomware Family Observed This Year By ATR Operational Intelligence Team · December 05, 2019 Co-authored by Marc RiveroLopez. Initial Discovery This year seems to again be the year for ransomware. Notorious attacks were made using ransomware and new...

Analysis of LooCipher, a New Ransomware Family Observed This Year

ARCHIVED STORY Analysis of LooCipher, a New Ransomware Family Observed This Year By ATR Operational Intelligence Team · December 05, 2019 Co-authored by Marc RiveroLopez. Initial Discovery This year seems to again be the year for ransomware. Notorious attacks were made using ransomware and new...

Spanish MSSP Targeted by BitPaymer Ransomware

ARCHIVED STORY Spanish MSSP Targeted by BitPaymer Ransomware By ATR Operational Intelligence Team · November 08, 2019 Co-authored by Marc RiveroLopez Initial Discovery This week the news hit that several companies in Spain were hit by a ransomware attack. Ransomware attacks themselves are not new...

Spanish MSSP Targeted by BitPaymer Ransomware

ARCHIVED STORY Spanish MSSP Targeted by BitPaymer Ransomware By ATR Operational Intelligence Team · November 08, 2019 Co-authored by Marc RiveroLopez Initial Discovery This week the news hit that several companies in Spain were hit by a ransomware attack. Ransomware attacks themselves are not new...

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service - Crescendo

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Crescendo By Jessica Saavedra-Morales · October 20, 2019 Episode 4: Crescendo This is the final installment of the McAfee Advanced Threat Research ATR analysis of Sodinokibi and its connections to GandGrab, the most prolific...

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service - Crescendo

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Crescendo By Jessica Saavedra-Morales · October 20, 2019 Episode 4: Crescendo This is the final installment of the McAfee Advanced Threat Research ATR analysis of Sodinokibi and its connections to GandGrab, the most prolific...

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Follow The Money

ARCHIVED STORY McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Follow The Money By John Fokker · October 14, 2019 Episode 3: Follow the Money This is the third installment of the McAfee Advanced Threat Research ATR analysis of Sodinokibi and its connections to GandCrab, the mos...

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Follow The Money

ARCHIVED STORY McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Follow The Money By John Fokker · October 14, 2019 Episode 3: Follow the Money This is the third installment of the McAfee Advanced Threat Research ATR analysis of Sodinokibi and its connections to GandCrab, the mos...

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service - What The Code Tells Us

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – What The Code Tells Us By McAfee Labs · October 2, 2019 Episode 1: What the Code Tells Us McAfee’s Advanced Threat Research team ATR observed a new ransomware family in the wild, dubbed Sodinokibi or REvil, at the end of April 201...

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service - The All-Stars | McAfee Blogs

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – The All-Stars John Fokker · OCT 02, 2019 Episode 2: The All-Stars Analyzing Affiliate Structures in Ransomware-as-a-Service Campaigns This is the second installment of the McAfee Advanced Threat Research ATR analysis of Sodinokibi...

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service - What The Code Tells Us

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – What The Code Tells Us By McAfee Labs · October 2, 2019 Episode 1: What the Code Tells Us McAfee’s Advanced Threat Research team ATR observed a new ransomware family in the wild, dubbed Sodinokibi or REvil, at the end of April 201...

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service - The All-Stars | McAfee Blogs

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – The All-Stars John Fokker · OCT 02, 2019 Episode 2: The All-Stars Analyzing Affiliate Structures in Ransomware-as-a-Service Campaigns This is the second installment of the McAfee Advanced Threat Research ATR analysis of Sodinokibi...

HVACking: Understanding the Delta Between Security and Reality

ARCHIVED STORY HVACking: Understanding the Delta Between Security and Reality By Douglas McKee · August 09, 2019 The McAfee Labs Advanced Threat Research team is committed to uncovering security issues in both software and hardware to help developers provide safer products for businesses and...

HVACking: Understanding the Delta Between Security and Reality

ARCHIVED STORY HVACking: Understanding the Delta Between Security and Reality By Douglas McKee · August 09, 2019 The McAfee Labs Advanced Threat Research team is committed to uncovering security issues in both software and hardware to help developers provide safer products for businesses and...

Industrial Security Featuring Delta's enteliBUS Manager

ARCHIVED STORY From Building Control to Damage Control: A Case Study in Industrial Security Featuring Delta's enteliBUS Manager By Mark Bereza · August 09, 2019 Management. Control. It seems that you can’t stick five people in a room together without one of them trying to order the others around...

Industrial Security Featuring Delta's enteliBUS Manager

ARCHIVED STORY From Building Control to Damage Control: A Case Study in Industrial Security Featuring Delta's enteliBUS Manager By Mark Bereza · August 09, 2019 Management. Control. It seems that you can’t stick five people in a room together without one of them trying to order the others around...

Avaya Deskphone: Decade-Old Vulnerability Found in Phone's Firmware

ARCHIVED STORY Avaya Deskphone: Decade-Old Vulnerability Found in Phone’s Firmware By Philippe Laulheret · August 08, 2019 Avaya is the second largest VOIP solution provider source with an install base covering 90% of the Fortune 100 companies source, with products targeting a wide spectrum of...

Avaya Deskphone: Decade-Old Vulnerability Found in Phone's Firmware

ARCHIVED STORY Avaya Deskphone: Decade-Old Vulnerability Found in Phone’s Firmware By Philippe Laulheret · August 08, 2019 Avaya is the second largest VOIP solution provider source with an install base covering 90% of the Fortune 100 companies source, with products targeting a wide spectrum of...

Clop Ransomware

ARCHIVED STORY Clop Ransomware Alexandre Mundo · AUG 01, 2019 This new ransomware was discovered by Michael Gillespie on 8 February 2019 and it is still improving over time. This blog will explain the technical details and share information about how this new ransomware family is working. There a...

Clop Ransomware

ARCHIVED STORY Clop Ransomware Alexandre Mundo · AUG 01, 2019 This new ransomware was discovered by Michael Gillespie on 8 February 2019 and it is still improving over time. This blog will explain the technical details and share information about how this new ransomware family is working. There a...

McAfee ATR Aids Police in Arrest of Rubella & Dryad Office Macro Builder

ARCHIVED STORY McAfee ATR Aids Police in Arrest of Rubella & Dryad Office Macro Builder By John Fokker · July 16, 2019 Everyday thousands of people receive emails with malicious attachments in their email inbox. Disguised as a missed payment or an invoice, a cybercriminal sender tries to entice a...

McAfee ATR Aids Police in Arrest of Rubella & Dryad Office Macro Builder

ARCHIVED STORY McAfee ATR Aids Police in Arrest of Rubella & Dryad Office Macro Builder By John Fokker · July 16, 2019 Everyday thousands of people receive emails with malicious attachments in their email inbox. Disguised as a missed payment or an invoice, a cybercriminal sender tries to entice a...

In NTDLL I Trust – Process Reimaging and Endpoint Security Solution Bypass

ARCHIVED STORY In NTDLL I Trust – Process Reimaging and Endpoint Security Solution Bypass By Eoin Carroll · June 20, 2019 Process Reimaging Overview The Windows Operating System has inconsistencies in how it determines process image FILEOBJECT locations, which impacts non-EDR Endpoint Detection a...

In NTDLL I Trust – Process Reimaging and Endpoint Security Solution Bypass

ARCHIVED STORY In NTDLL I Trust – Process Reimaging and Endpoint Security Solution Bypass By Eoin Carroll · June 20, 2019 Process Reimaging Overview The Windows Operating System has inconsistencies in how it determines process image FILEOBJECT locations, which impacts non-EDR Endpoint Detection a...

Mr. Coffee with WeMo: Double Roast

ARCHIVED STORY Mr. Coffee with WeMo: Double Roast By Sam Quinn · May 30, 2019 McAfee Advanced Threat Research recently released a blog detailing a vulnerability in the Mr. Coffee Coffee Maker with WeMo. Please refer to the earlier blog to catch up with the processes and techniques I used to...

Mr. Coffee with WeMo: Double Roast

ARCHIVED STORY Mr. Coffee with WeMo: Double Roast By Sam Quinn · May 30, 2019 McAfee Advanced Threat Research recently released a blog detailing a vulnerability in the Mr. Coffee Coffee Maker with WeMo. Please refer to the earlier blog to catch up with the processes and techniques I used to...

Crypto Currency Laundering Service, BestMixer.io, Taken Down by Law Enforcement

ARCHIVED STORY Cryptocurrency Laundering Service, BestMixer.io, Taken Down by Law Enforcement By John Fokker · May 22, 2019 A much overlooked but essential part in financially motivated cybercrime is making sure that the origins of criminal funds are obfuscated or made to appear legitimate, a...

Crypto Currency Laundering Service, BestMixer.io, Taken Down by Law Enforcement

ARCHIVED STORY Cryptocurrency Laundering Service, BestMixer.io, Taken Down by Law Enforcement By John Fokker · May 22, 2019 A much overlooked but essential part in financially motivated cybercrime is making sure that the origins of criminal funds are obfuscated or made to appear legitimate, a...