Update on WhisperGate, Destructive Malware Targeting Ukraine – Threat Intelligence & Protections Update

Update on WhisperGate, Destructive Malware Targeting Ukraine – Threat Intelligence & Protections Update By Taylor Mullins, Mo Cashman and Raj Samani · January 20, 2022 Recent news reports of a “ransomware” campaign targeting Ukraine has resulted in significant press coverage regarding not only...

Return of Pseudo Ransomware

Return of Pseudo Ransomware By Trellix, Max Kersten and Raj Samani · January 20, 2022 Arnab Roy, Filippo Sitzia and Mo Cashman contributed to the research supporting this blog Recent news reports of a “ransomware” campaign targeting Ukraine has resulted in significant press coverage regarding not...

2022 Threat Predictions

Trellix 2022 Threat Predictions By Trellix · January 19, 2022 Ransomware, nation states, social media, and a shifting reliance on a remote workforce made headlines in 2021, proving that bad actors only continue to rise to the challenge. Defiantly, they thwart solution stacks and gain momentum eac...

Log4J and The Memory That Knew Too Much

Log4J and The Memory That Knew Too Much By Trellix · January 19, 2022 By Guilherme Venere, Ismael Valenzuela, Carlos Diaz, Cesar Vargas, Leandro Costantino, Juan Olle, Jose Luis Sanchez Martinez, AC3 Team Collaborators: Steve Povolny, Douglas McKee, Mark Bereza, Frederick House, Dileep Kumar...

Log4shell Vulnerability is the Coal in Our Stocking for 2021

Log4Shell Vulnerability is the Coal in our Stocking for 2021 By Steve Povolny and Douglas McKee · January 19, 2022 Overview On December 9, a vulnerability CVE-2021-44228 was released on Twitter along with a PoC on GitHub for the Apache Log4j logging library. The bug was originally disclosed to...

The Bug Report - December 2021 Edition

The Bug Report - December 2021 By Philippe Laulheret · January 19, 2022 Your Cybersecurity Comic Relief Why am I here? If you’re reading these words, CONGRATULATIONS! You’ve made it to 2022! And even better, you found your way to ATR’s monthly security digest where we discuss our favorite...

Log4shell Vulnerability is the Coal in Our Stocking for 2021

Log4Shell Vulnerability is the Coal in our Stocking for 2021 By Steve Povolny and Douglas McKee · January 19, 2022 Overview On December 9, a vulnerability CVE-2021-44228 was released on Twitter along with a PoC on GitHub for the Apache Log4j logging library. The bug was originally disclosed to...

2022 Threat Predictions

Trellix 2022 Threat Predictions By Trellix · January 19, 2022 Ransomware, nation states, social media, and a shifting reliance on a remote workforce made headlines in 2021, proving that bad actors only continue to rise to the challenge. Defiantly, they thwart solution stacks and gain momentum eac...

The Bug Report - December 2021 Edition

The Bug Report - December 2021 By Philippe Laulheret · January 19, 2022 Your Cybersecurity Comic Relief Why am I here? If you’re reading these words, CONGRATULATIONS! You’ve made it to 2022! And even better, you found your way to ATR’s monthly security digest where we discuss our favorite...

Log4J and The Memory That Knew Too Much

Log4J and The Memory That Knew Too Much By Trellix · January 19, 2022 By Guilherme Venere, Ismael Valenzuela, Carlos Diaz, Cesar Vargas, Leandro Costantino, Juan Olle, Jose Luis Sanchez Martinez, AC3 Team Collaborators: Steve Povolny, Douglas McKee, Mark Bereza, Frederick House, Dileep Kumar...

The Bug Report November 2021 Edition

The Bug Report — November 2021 Edition By Mark Bereza · November 30, 2021 Your Cybersecurity Comic Relief CVE-2021-20322: Of all the words of mice and men, the saddest are, “it was DNS again.” Why am I here? For all our newcomers, welcome to the Advanced Threat Research team’s monthly bug report ...

The Bug Report November 2021 Edition

The Bug Report — November 2021 Edition By Mark Bereza · November 30, 2021 Your Cybersecurity Comic Relief CVE-2021-20322: Of all the words of mice and men, the saddest are, “it was DNS again.” Why am I here? For all our newcomers, welcome to the Advanced Threat Research team’s monthly bug report ...

Who Will Bend the Knee in RaaS Game of Thrones in 2022?

ARCHIVED STORY Who Will Bend the Knee in RaaS Game of Thrones in 2022? By John Fokker and Raj Samani · November 07, 2021 McAfee Enterprise and FireEye recently released its 2022 Threat Predictions. In this blog, we take a deeper dive into a Game of Thrones power struggle among...

Who Will Bend the Knee in RaaS Game of Thrones in 2022?

ARCHIVED STORY Who Will Bend the Knee in RaaS Game of Thrones in 2022? By John Fokker and Raj Samani · November 07, 2021 McAfee Enterprise and FireEye recently released its 2022 Threat Predictions. In this blog, we take a deeper dive into a Game of Thrones power struggle among...

The Bug Report – October Edition

ARCHIVED STORY The Bug Report – October Edition By Douglas McKee · November 02, 2021 Your Cyber Security Comic Relief Figure 1. Apache server version 2.4.50 CVE-2021-42013 Why am I here? Regardless of the origins, you’ve arrived at Advanced Threat Research team’s monthly bug digest – an overview ...

The Bug Report – October Edition

ARCHIVED STORY The Bug Report – October Edition By Douglas McKee · November 02, 2021 Your Cyber Security Comic Relief Figure 1. Apache server version 2.4.50 CVE-2021-42013 Why am I here? Regardless of the origins, you’ve arrived at Advanced Threat Research team’s monthly bug digest – an overview ...

Nation States Will Weaponize Social and Recruit Bad Guys with Benefits in 2022

ARCHIVED STORY Nation States Will Weaponize Social and Recruit Bad Guys with Benefits in 2022 By Raj Samani · October 31, 2021 McAfee Enterprise and FireEye recently released its 2022 Threat Predictions. In this blog, we take a deeper dive into the continuingly aggressive role Nation States will...

Nation States Will Weaponize Social and Recruit Bad Guys with Benefits in 2022

ARCHIVED STORY Nation States Will Weaponize Social and Recruit Bad Guys with Benefits in 2022 By Raj Samani · October 31, 2021 McAfee Enterprise and FireEye recently released its 2022 Threat Predictions. In this blog, we take a deeper dive into the continuingly aggressive role Nation States will...

Is There Really Such a Thing as a Low-Paid Ransomware Operator?

ARCHIVED STORY Is There Really Such a Thing as a Low-Paid Ransomware Operator? By Thibault Seret · October 18, 2021 Introduction Going by recent headlines you could be forgiven for thinking all ransomware operators are raking in millions of ill-gotten dollars each year from their nefarious...

Is There Really Such a Thing as a Low-Paid Ransomware Operator?

ARCHIVED STORY Is There Really Such a Thing as a Low-Paid Ransomware Operator? By Thibault Seret · October 18, 2021 Introduction Going by recent headlines you could be forgiven for thinking all ransomware operators are raking in millions of ill-gotten dollars each year from their nefarious...

Detecting Credential Stealing Attacks Through Active In-Network Defense

ARCHIVED STORY Detecting Credential Stealing Attacks Through Active In-Network Defense By Chintan Shah · September 22, 2021 Executive Summary Today, enterprises tend to use multiple layers of security defenses, ranging from perimeter defense on network entry points to host based security solution...

Detecting Credential Stealing Attacks Through Active In-Network Defense

ARCHIVED STORY Detecting Credential Stealing Attacks Through Active In-Network Defense By Trellix · September 22, 2021 This blog was written by Chintan Shah Executive Summary Today, enterprises tend to use multiple layers of security defenses, ranging from perimeter defense on network entry point...

BlackMatter Ransomware Analysis; The Dark Side Returns

ARCHIVED STORY BlackMatter Ransomware Analysis; The Dark Side Returns By Alexandre Mundo and Marc Elias · September 22, 2021 BlackMatter is a new ransomware threat discovered at the end of July 2021. This malware started with a strong group of attacks and some advertising from its developers that...

BlackMatter Ransomware Analysis; The Dark Side Returns

ARCHIVED STORY BlackMatter Ransomware Analysis; The Dark Side Returns By Alexandre Mundo and Marc Elias · September 22, 2021 BlackMatter is a new ransomware threat discovered at the end of July 2021. This malware started with a strong group of attacks and some advertising from its developers that...

Finding 0-days with Jackalope

ARCHIVED STORY Finding 0-days with Jackalope By Douglas McKee · September 16, 2021 Overview On March 21st, 2021, the McAfee Enterprise Advanced Threat Research ATR team released several vulnerabilities it discovered in the Netop Vision Pro Education software, a popular schooling software used by...

Finding 0-days with Jackalope

ARCHIVED STORY Finding 0-days with Jackalope By Douglas McKee · September 16, 2021 Overview On March 21st, 2021, the McAfee Enterprise Advanced Threat Research ATR team released several vulnerabilities it discovered in the Netop Vision Pro Education software, a popular schooling software used by...

Operation ‘Harvest’: A Deep Dive into a Long-term Campaign

ARCHIVED STORY Operation ‘Harvest’: A Deep Dive into a Long-term Campaign By Christiaan Beek · September 14, 2021 A special thanks to our Professional Services’ IR team, ShadowServer, for historical context on C2 domains, and Thomas Roccia/Leandro Velasco for malware analysis support. Executive...

Operation ‘Harvest’: A Deep Dive into a Long-term Campaign

ARCHIVED STORY Operation ‘Harvest’: A Deep Dive into a Long-term Campaign By Christiaan Beek · September 14, 2021 A special thanks to our Professional Services’ IR team,ShadowServer, for historical context on C2 domains, and Thomas Roccia/Leandro Velasco for malware analysis support. Executive...

How Groove Gang is Shaking up the RAAS to Empower Affiliates

ARCHIVED STORY How Groove Gang is Shaking up the Ransomware-as-a-Service Market to Empower Affiliates By Max Kersten, John Fokker and Thibault Seret · September 08, 2021 Co-authored with Intel471 and McAfee Enterprise Advanced Threat Research ATR would also like to thank Coveware for its...

How Groove Gang is Shaking up the RAAS to Empower Affiliates

ARCHIVED STORY How Groove Gang is Shaking up the Ransomware-as-a-Service Market to Empower Affiliates By Max Kersten, John Fokker and Thibault Seret · September 08, 2021 Co-authored with Intel471 and McAfee Enterprise Advanced Threat Research ATR would also like to thank Coveware for its...

Breaking the Security Barrier of a Globally Deployed Infusion Pump

ARCHIVED STORY Overmedicated: Breaking the Security Barrier of a Globally Deployed Infusion Pump By Douglas McKee, Steve Povolny and Philippe Laulheret · August 24, 2021 Cyberattacks on medical centers are one of the most despicable forms of cyber threat there is. For instance, on October 28th,...

Vulnerabilities in Globally Used B. Braun Infusion Pump

ARCHIVED STORY McAfee Enterprise ATR Uncovers Vulnerabilities in Globally Used B. Braun Infusion Pump Douglas McKee and Philippe Laulheret · Aug 24, 2021 Overview As part of our continued goal to provide safer products for enterprises and consumers, we at McAfee Advanced Threat Research ATR...

Breaking the Security Barrier of a Globally Deployed Infusion Pump

ARCHIVED STORY Overmedicated: Breaking the Security Barrier of a Globally Deployed Infusion Pump By Douglas McKee, Steve Povolny and Philippe Laulheret · August 24, 2021 Cyberattacks on medical centers are one of the most despicable forms of cyber threat there is. For instance, on October 28th,...

Vulnerabilities in Globally Used B. Braun Infusion Pump

ARCHIVED STORY McAfee Enterprise ATR Uncovers Vulnerabilities in Globally Used B. Braun Infusion Pump Douglas McKee and Philippe Laulheret · Aug 24, 2021 Overview As part of our continued goal to provide safer products for enterprises and consumers, we at McAfee Advanced Threat Research ATR...

See Ya Sharp: A Loaders Tale | McAfee Blogs

ARCHIVED STORY See Ya Sharp: A Loader’s Tale Max Kersten · Aug 04, 2021 Introduction The DotNet based CyaX-Sharp loader, also known as ReZer0, is known to spread commodity malware, such as AgentTesla. In recent years, this loader has been referenced numerous times, as it was used in campaigns...

See Ya Sharp: A Loaders Tale | McAfee Blogs

ARCHIVED STORY See Ya Sharp: A Loader’s Tale Max Kersten · Aug 04, 2021 Introduction The DotNet based CyaX-Sharp loader, also known as ReZer0, is known to spread commodity malware, such as AgentTesla. In recent years, this loader has been referenced numerous times, as it was used in campaigns...

Babuk: Biting off More than they Could Chew by Aiming to Encrypt VM and *nix Systems? | McAfee Blogs

Babuk: Biting off More than they Could Chew by Aiming to Encrypt VM and nix Systems? Thibault Seret · JUL 28, 2021 Co-written with Northwave’s Noël Keijzer. Executive Summary For a long time, ransomware gangs were mostly focused on Microsoft Windows operating systems. Yes, we observed the...

Babuk: Biting off More than they Could Chew by Aiming to Encrypt VM and *nix Systems? | McAfee Blogs

Babuk: Biting off More than they Could Chew by Aiming to Encrypt VM and nix Systems? Thibault Seret · JUL 28, 2021 Co-written with Northwave’s Noël Keijzer. Executive Summary For a long time, ransomware gangs were mostly focused on Microsoft Windows operating systems. Yes, we observed the...

A New Program for Your Peloton – Whether You Like It or Not | McAfee Blogs

ARCHIVED STORY A New Program for Your Peloton – Whether You Like It or Not Sam Quinn · JUN 15, 2021 Executive Summary For those that are not familiar with Peloton, it is a brand that has combined high end exercise equipment with cutting-edge technology. Its products are equipped with a large tabl...

A New Program for Your Peloton – Whether You Like It or Not | McAfee Blogs

ARCHIVED STORY A New Program for Your Peloton – Whether You Like It or Not Sam Quinn · JUN 15, 2021 Executive Summary For those that are not familiar with Peloton, it is a brand that has combined high end exercise equipment with cutting-edge technology. Its products are equipped with a large tabl...

Are Virtual Machines the New Gold for Cyber Criminals?

ARCHIVED STORY Are Virtual Machines the New Gold for Cyber Criminals? ATR Operational Intelligence Team · JUN 10, 2021 Introduction Virtualization technology has been an IT cornerstone for organization for years now. It revolutionized the way organizations can scale up IT systems in a heartbeat,...

Are Virtual Machines the New Gold for Cyber Criminals?

ARCHIVED STORY Are Virtual Machines the New Gold for Cyber Criminals? ATR Operational Intelligence Team · JUN 10, 2021 Introduction Virtualization technology has been an IT cornerstone for organization for years now. It revolutionized the way organizations can scale up IT systems in a heartbeat,...

Netop Vision Pro - Distance Learning Software is 20/20 in Hindsight

ARCHIVED STORY Netop Vision Pro – Distance Learning Software is 20/20 in Hindsight By Sam Quinn · MAR 21, 2021 · 27 MIN READ The McAfee Labs Advanced Threat Research team is committed to uncovering security issues in both software and hardware to help developers provide safer products for...

Netop Vision Pro - Distance Learning Software is 20/20 in Hindsight

ARCHIVED STORY Netop Vision Pro – Distance Learning Software is 20/20 in Hindsight By Sam Quinn · MAR 21, 2021 · 27 MIN READ The McAfee Labs Advanced Threat Research team is committed to uncovering security issues in both software and hardware to help developers provide safer products for...

Operation Dianxun Cyberespionage Campaign Targeting Telecommunication Companies

ARCHIVED STORY Operation Diànxùn: Cyberespionage Campaign Targeting Telecommunication Companies By Thomas Roccia · MAR 16, 2021 In this report the McAfee Advanced Threat Research ATR Strategic Intelligence team details an espionage campaign, targeting telecommunication companies, dubbed Operation...

Operation Dianxun Cyberespionage Campaign Targeting Telecommunication Companies

ARCHIVED STORY Operation Diànxùn: Cyberespionage Campaign Targeting Telecommunication Companies By Thomas Roccia · MAR 16, 2021 In this report the McAfee Advanced Threat Research ATR Strategic Intelligence team details an espionage campaign, targeting telecommunication companies, dubbed Operation...

Seven Windows Wonders – Critical Vulnerabilities in DNS Dynamic Updates

ARCHIVED STORY Seven Windows Wonders – Critical Vulnerabilities in DNS Dynamic Updates Eoin Carroll · MAR 09, 2021 Overview For the March 2021 Patch Tuesday, Microsoft released a set of seven DNS vulnerabilities. Five of the vulnerabilities are remote code execution RCE with critical CVSS Common...

Seven Windows Wonders – Critical Vulnerabilities in DNS Dynamic Updates

ARCHIVED STORY Seven Windows Wonders – Critical Vulnerabilities in DNS Dynamic Updates Eoin Carroll · MAR 09, 2021 Overview For the March 2021 Patch Tuesday, Microsoft released a set of seven DNS vulnerabilities. Five of the vulnerabilities are remote code execution RCE with critical CVSS Common...

McAfee ATR Thinks in Graphs | McAfee Blogs

ARCHIVED STORY McAfee ATR Thinks in Graphs By Valentine Mairet · MAR 08, 2021 · 19 MIN READ 0. Introduction John Lambert, a distinguished researcher specializing in threat intelligence at Microsoft, once said these words that changed perspectives: “Defenders think in lists. Attackers think in...

McAfee ATR Thinks in Graphs | McAfee Blogs

ARCHIVED STORY McAfee ATR Thinks in Graphs By Valentine Mairet · MAR 08, 2021 · 19 MIN READ 0. Introduction John Lambert, a distinguished researcher specializing in threat intelligence at Microsoft, once said these words that changed perspectives: “Defenders think in lists. Attackers think in...