Detection of ‘Leave Behinds’ From Nation-State Actors

Who left the backdoor open? By Trellix · March 28, 2022 In our recent report, In the Crosshairs: Companies and Nation-State Cyber Threats, over 800 IT decision makers from around the world were interviewed on their experiences with nation-state cyber attacks. One of the questions sought to...

PlugX: A Talisman to Behold

PlugX: A Talisman to Behold By Max Kersten, Marc Elias, Leandro Velasco, and Alexandre Mundo Alguacil · March 28, 2022 For over a decade, the PlugX malware has been observed internationally with different variants found around the world. This blog covers a PlugX variant that we have named Talisma...

Executive Summary: Organizations and Nation-State Cyber Threats

Executive Summary: Organizations and Nation-State Cyber Threats By John Fokker · March 28, 2022 Traditionally when we talk about threat actors, we first need to make the split between cybercrime and nation-state sponsored operations. Where cybercrime is mostly focused on financial gain,...

Nation-State Crosshairs: France, Germany & United Kingdom

In the Nation-State Crosshairs: France, Germany & the United Kingdom By Trellix · March 28, 2022 Today Trellix and the Center for Strategic and International Studies CSIS released a global report, In the Crosshairs: Organizations and Nation-State Cyber Threats, examining security professionals’...

Nation-State Crosshairs: Australia, India & Japan

In The Nation-State Crosshairs: Australia, India & Japan By Trellix · March 28, 2022 Today Trellix and the Center for Strategic and International Studies CSIS released a global report, In the Crosshairs: Organizations and Nation-State Cyber Threats, examining security professionals’ mindsets...

Nation-State Crosshairs: France, Germany & United Kingdom

In the Nation-State Crosshairs: France, Germany & the United Kingdom By Trellix · March 28, 2022 Today Trellix and the Center for Strategic and International Studies CSIS released a global report, In the Crosshairs: Organizations and Nation-State Cyber Threats, examining security professionals’...

PlugX: A Talisman to Behold

PlugX: A Talisman to Behold By Max Kersten, Marc Elias, Leandro Velasco, and Alexandre Mundo Alguacil · March 28, 2022 For over a decade, the PlugX malware has been observed internationally with different variants found around the world. This blog covers a PlugX variant that we have named Talisma...

Nation-State Crosshairs: Australia, India & Japan

In The Nation-State Crosshairs: Australia, India & Japan By Trellix · March 28, 2022 Today Trellix and the Center for Strategic and International Studies CSIS released a global report, In the Crosshairs: Organizations and Nation-State Cyber Threats, examining security professionals’ mindsets...

Executive Summary: Organizations and Nation-State Cyber Threats

Executive Summary: Organizations and Nation-State Cyber Threats By John Fokker · March 28, 2022 Traditionally when we talk about threat actors, we first need to make the split between cybercrime and nation-state sponsored operations. Where cybercrime is mostly focused on financial gain,...

Detection of ‘Leave Behinds’ From Nation-State Actors

Who left the backdoor open? By Trellix · March 28, 2022 In our recent report, In the Crosshairs: Companies and Nation-State Cyber Threats, over 800 IT decision makers from around the world were interviewed on their experiences with nation-state cyber attacks. One of the questions sought to...

Trellix Global Defenders: LAPSUS$ Data Breaches and Proactive Protections

Trellix Global Defenders: LAPSUS$ Data Breaches and Proactive Protections By Taylor Mullins · March 23, 2022 Trellix is continuing to monitor the threat activity related to the LAPSUS$ threat group and their recent breaches of large organizations such as NVIDIA, Samsung, Microsoft, and Okta. This...

Trellix Global Defenders: LAPSUS$ Data Breaches and Proactive Protections

Trellix Global Defenders: LAPSUS$ Data Breaches and Proactive Protections By Taylor Mullins · March 23, 2022 Trellix is continuing to monitor the threat activity related to the LAPSUS$ threat group and their recent breaches of large organizations such as NVIDIA, Samsung, Microsoft, and Okta. This...

Suspected DarkHotel APT Activity Update

Suspected DarkHotel APT activity update One Hotel to rule them all, One Hotel to find them, One Hotel to bring them all and in the darkness bind them. By John Fokker · March 17, 2022 This story was also written by Thibault Seret Introduction: Our advanced threat research team has discovered a...

Suspected DarkHotel APT Activity Update

Suspected DarkHotel APT activity update One Hotel to rule them all, One Hotel to find them, One Hotel to bring them all and in the darkness bind them. By John Fokker · March 17, 2022 This story was also written by Thibault Seret Introduction: Our advanced threat research team has discovered a...

White House Executive Order – Navigating EDR Implementation

White House Executive Order – Navigating Endpoint Detection and Response EDR Implementation Tom Gann · March 08, 2022 This is the fourth in a series of blogs on the Biden Administration’s Executive Order EO on Improving the Nation’s Cybersecurity. I encourage you to read those you may have missed...

White House Executive Order – Navigating EDR Implementation

White House Executive Order – Navigating Endpoint Detection and Response EDR Implementation Tom Gann · March 08, 2022 This is the fourth in a series of blogs on the Biden Administration’s Executive Order EO on Improving the Nation’s Cybersecurity. I encourage you to read those you may have missed...

Validate the Efficacy of your Endpoint Security Controls Continuously with Breach and Attack Simulations

Validate the efficacy of your Endpoint Security controls continuously with Breach and Attack Simulations By Nicolas Stricher, Trellix XDR solution Architect, EMEA and Doron RosenbergTrellix Senior Sales Engineer, Israel · March 4, 2022 Efficacy of Trellix Endpoint Security At Trellix we are proud...

Validate the Efficacy of your Endpoint Security Controls Continuously with Breach and Attack Simulations

Validate the efficacy of your Endpoint Security controls continuously with Breach and Attack Simulations By Nicolas Stricher, Trellix XDR solution Architect, EMEA and Doron RosenbergTrellix Senior Sales Engineer, Israel · March 4, 2022 Efficacy of Trellix Endpoint Security At Trellix we are proud...

Digging into HermeticWiper

Digging into HermeticWiper By Max Kersten · March 2, 2022 A special thanks to Marc Elias for his help during my analysis. Additionally, I’d like to commend all researchers who have publicly shared their initial findings to help incident response teams; I hope this deep dive contributes to a furth...

The Bug Report - February 2022 Edition

The Bug Report - February 2022 By Jesse Chick · March 2, 2022 Your Cybersecurity Comic Relief Image courtesy of https://toggl.com/ Why am I here? Welcome back to the Bug Report, stubby-month edition! For those in the audience unfamiliar with our shtick, every month we compile a shortlist of the t...

The Bug Report - February 2022 Edition

The Bug Report - February 2022 By Jesse Chick · March 2, 2022 Your Cybersecurity Comic Relief Image courtesy of https://toggl.com/ Why am I here? Welcome back to the Bug Report, stubby-month edition! For those in the audience unfamiliar with our shtick, every month we compile a shortlist of the t...

Digging into HermeticWiper

Digging into HermeticWiper By Max Kersten · March 2, 2022 A special thanks toMarc Elias for his help during my analysis. Additionally, I’d like to commend all researchers who have publicly shared their initial findings to help incident response teams; I hope this deep dive contributes to a furthe...

Trellix “Catmen Sanfrancisco” Capture the Flag Results!

Trellix “Catmen Sanfrancisco” Capture the Flag Results! By Trellix · February 28, 2022 This story was written by Steve Povolny. And just like that, it’s all over! Our annual Capture the Flag contest expired at 11:59pm PST, on February 25th. We wanted to take a moment to thank all of our...

Trellix Global Defenders: Analysis and Protections for BlackByte Ransomware

Trellix Global Defenders: Analysis and Protections for BlackByte Ransomware By Taylor Mullins · February 28, 2022 BlackByte Ransomware has been in the news of late due to a successful attack against a National Football League NFL Franchise and a Joint Cybersecurity Advisory by the Federal Bureau ...

Analysis and Protections for RagnarLocker Ransomware

Trellix Global Defenders: Analysis and Protections for RagnarLocker Ransomware By Taylor Mullins · February 28, 2022 The United States Federal Bureau of Investigation FBI has released a Flash Alert warning that the RagnarLocker ransomware gang has breached the networks of at least fifty-two...

Cyberattacks Targeting Ukraine and HermeticWiper Protections

Trellix Global Defenders: Cyberattacks Targeting Ukraine and HermeticWiper Protections By Taylor Mullins · February 28, 2022 Trellix is monitoring the ongoing cyberattacks targeting the Ukraine and any threat activity targeting entities outside of the Ukraine. Trellix is continuing to add...

Trellix Global Defenders: Analysis and Protections for BlackByte Ransomware

Trellix Global Defenders: Analysis and Protections for BlackByte Ransomware By Taylor Mullins · February 28, 2022 BlackByte Ransomware has been in the news of late due to a successful attack against a National Football League NFL Franchise and a Joint Cybersecurity Advisory by the Federal Bureau ...

Analysis and Protections for RagnarLocker Ransomware

Trellix Global Defenders: Analysis and Protections for RagnarLocker Ransomware By Taylor Mullins · February 28, 2022 The United States Federal Bureau of Investigation FBI has released a Flash Alert warning that the RagnarLocker ransomware gang has breached the networks of at least fifty-two...

Trellix “Catmen Sanfrancisco” Capture the Flag Results!

Trellix “Catmen Sanfrancisco” Capture the Flag Results! By Trellix · February 28, 2022 This story was written by Steve Povolny. And just like that, it’s all over! Our annual Capture the Flag contest expired at 11:59pm PST, on February 25th. We wanted to take a moment to thank all of our...

Cyberattacks Targeting Ukraine and HermeticWiper Protections

Trellix Global Defenders: Cyberattacks Targeting Ukraine and HermeticWiper Protections By Taylor Mullins · February 28, 2022 Trellix is monitoring the ongoing cyberattacks targeting the Ukraine and any threat activity targeting entities outside of the Ukraine. Trellix is continuing to add...

Looking Over the Nation-State Actors’ Shoulders

Looking over the nation-state actors’ shoulders: Even they have a difficult day sometimes By Trellix and Marc Elias · Febraury 17, 2022 Have you ever been curious about how nation-state actors operate and what their day-to-day work looks like? This blog reveals some of these details observed base...

Looking Over the Nation-State Actors’ Shoulders

Looking over the nation-state actors’ shoulders: Even they have a difficult day sometimes By Trellix and Marc Elias · Febraury 17, 2022 Have you ever been curious about how nation-state actors operate and what their day-to-day work looks like? This blog reveals some of these details observed base...

Trellix Global Defenders: BlackCat Ransomware as a Service - The Cat is certainly out of the bag!

Trellix Global Defenders: BlackCat Ransomware as a Service - The Cat is certainly out of the bag! By Trellix · February 8, 2022 Research Contributions and Analysis: Filippo Sitzia This story was written by Arnab Roy Threat Summary Blackcat also known as ALPHV/Noberus is a Ransomware as a Service...

Trellix Global Defenders: BlackCat Ransomware as a Service - The Cat is certainly out of the bag!

Trellix Global Defenders: BlackCat Ransomware as a Service - The Cat is certainly out of the bag! By Trellix · February 8, 2022 Research Contributions and Analysis: Filippo Sitzia This story was written by Arnab Roy Threat Summary Blackcat also known as ALPHV/Noberus is a Ransomware as a Service...

Trellix Global Defenders: Invasion of the Information Snatchers - Protecting against RedLine Infostealer

Trellix Global Defenders: Invasion of the Information Snatchers - Protecting against RedLine Infostealer By Taylor Mullins · February 7, 2022 What information are you storing in your Browsers? Storing credentials and other important information in web browsers is a helpful method to not have to...

Trellix Global Defenders: Invasion of the Information Snatchers - Protecting against RedLine Infostealer

Trellix Global Defenders: Invasion of the Information Snatchers - Protecting against RedLine Infostealer By Taylor Mullins · February 7, 2022 What information are you storing in your Browsers? Storing credentials and other important information in web browsers is a helpful method to not have to...

The Bug Report - January 2022 Edition

The Bug Report - January 2022 By Trellix · February 2, 2022 This story was written by Kevin McGrath Your Cybersecurity Comic Relief Image courtesy of https://toggl.com/ Why am I here? Omicron is the 15th letter in the Greek alphabet, used by Donald Knuth to denote Big-O notation, represented zero...

The Bug Report - January 2022 Edition

The Bug Report - January 2022 By Trellix · February 2, 2022 This story was written by Kevin McGrath Your Cybersecurity Comic Relief Image courtesy of https://toggl.com/ Why am I here? Omicron is the 15th letter in the Greek alphabet, used by Donald Knuth to denote Big-O notation, represented zero...

Trellix Launches Annual CTF Competition – Catmen Sanfrancisco!

Trellix Launches Annual CTF Competition – Catmen Sanfrancisco! By Trellix · February 1, 2022 This story was written by Steve Povolny. The Advanced Threat Research team, now with Trellix, is pleased to announce the return of our second annual Capture the Flag contest featuring 12 new challenges of...

Trellix Launches Annual CTF Competition – Catmen Sanfrancisco!

Trellix Launches Annual CTF Competition – Catmen Sanfrancisco! By Trellix · February 1, 2022 This story was written by Steve Povolny. The Advanced Threat Research team, now with Trellix, is pleased to announce the return of our second annual Capture the Flag contest featuring 12 new challenges of...

Trellix Threat Report: Log4j Attack, Ransomware & APT Threats

Trellix Threat Report: Log4j Attack, Ransomware & APT Threats By Trellix · January 31, 2022 This story was written by Raj Samani. Ransomware continues to threaten enterprises and assets around the globe, but it was the discovery of a new vulnerability affecting widely used Log4j library that...

Trellix Threat Report: Log4j Attack, Ransomware & APT Threats

Trellix Threat Report: Log4j Attack, Ransomware & APT Threats By Trellix · January 31, 2022 This story was written by Raj Samani. Ransomware continues to threaten enterprises and assets around the globe, but it was the discovery of a new vulnerability affecting widely used Log4j library that...

Worming your way in through IIS - CVE-2022-21907

Worming your way in through IIS - CVE-2022-21907 By Trellix · January 27, 2022 This story was written by Eion Carroll. IIS HTTP Stack History In the first patch Tuesday of 2022, Microsoft released a patch for a wormable vulnerability CVE-2022-21907 within the IIS HTTP stack, or more specifically...

Worming your way in through IIS - CVE-2022-21907

Worming your way in through IIS - CVE-2022-21907 By Trellix · January 27, 2022 This story was written by Eion Carroll. IIS HTTP Stack History In the first patch Tuesday of 2022, Microsoft released a patch for a wormable vulnerability CVE-2022-21907 within the IIS HTTP stack, or more specifically...

Prime Minister’s Office Compromised: Details of Recent Espionage Campaign

Prime Minister’s Office Compromised: Details of Recent Espionage Campaign By Marc Elias · January 25, 2022 A special thanks to Christiaan Beek, Alexandre Mundo, Leandro Velasco and Max Kersten for malware analysis and support during this investigation. Executive Summary Our Advanced Threat Resear...

Prime Minister’s Office Compromised: Details of Recent Espionage Campaign

Prime Minister’s Office Compromised: Details of Recent Espionage Campaign By Marc Elias · January 25, 2022 A special thanks to Christiaan Beek, Alexandre Mundo, Leandro Velasco and Max Kersten for malware analysis and support during this investigation. Executive Summary Our Advanced Threat Resear...

Beyond Memory Corruption Vulnerabilities – A Security Extinction and Future of Exploitation

Beyond Memory Corruption Vulnerabilities – A Security Extinction and Future of Exploitation By Chintan Shah · January 24, 2022 Modern exploitation techniques have changed how adversaries execute their attack strategies and how defenders analyze paths from vulnerability to exploitation. Over the...

Beyond Memory Corruption Vulnerabilities – A Security Extinction and Future of Exploitation

Beyond Memory Corruption Vulnerabilities – A Security Extinction and Future of Exploitation By Chintan Shah · January 24, 2022 Modern exploitation techniques have changed how adversaries execute their attack strategies and how defenders analyze paths from vulnerability to exploitation. Over the...

Return of Pseudo Ransomware

Return of Pseudo Ransomware By Trellix, Max Kersten and Raj Samani · January 20, 2022 Arnab Roy, Filippo Sitzia and Mo Cashman contributed to the research supporting this blog Recent news reports of a “ransomware” campaign targeting Ukraine has resulted in significant press coverage regarding not...

Update on WhisperGate, Destructive Malware Targeting Ukraine – Threat Intelligence & Protections Update

Update on WhisperGate, Destructive Malware Targeting Ukraine – Threat Intelligence & Protections Update By Taylor Mullins, Mo Cashman and Raj Samani · January 20, 2022 Recent news reports of a “ransomware” campaign targeting Ukraine has resulted in significant press coverage regarding not only...