Fileless Infection Steals Creds with Bank Trojan

Infosecurity Magazine | January 28, 2019

Fileless Infection Steals Creds with Bank Trojan
A new variant of the password-stealing Ursnif bank Trojan has been found in the wild delivering fileless infections while remaining undetected, according to Cisco Talos Intelligence. In a blog post, researchers wrote that the banking Trojan employs "fileless persistence which makes it difficult for traditional anti-virus techniques to filter out the C2 traffic from normal traffic. Additionally, Ursnif uses CAB files to compress its data prior to exfiltration, which makes this malware even more challenging to stop.” Researchers received an alert containing a malicious VBA macro coming from a Microsoft Word document that asked users to enable macros. Once enabled, PowerShell is executed and then another PowerShell command downloads the Ursnif malware. Registry data is then created for the next stage of execution in which the command executes PowerShell using Windows Management Instrumentation Command-line (WMIC). Among the APIs imported from kernel32 were GetCurrentProcess, VirtualAllocEx, GetCurrentThreadID, QueueUserAPC, OpenThread and SleepEx, according to the blog.

Spotlight

The threat of user-based attacks has never been higher, with 76% of all breaches coming from accounts with access to sensitive data. With the exploitation of remote vendor access a huge concern, learn how to make working with your contractors more secure with this free e-Book from ObserveIT. Download this ebook today, and make working with IT contractors more secure.

Spotlight

The threat of user-based attacks has never been higher, with 76% of all breaches coming from accounts with access to sensitive data. With the exploitation of remote vendor access a huge concern, learn how to make working with your contractors more secure with this free e-Book from ObserveIT. Download this ebook today, and make working with IT contractors more secure.

Related News

DATA SECURITY

SYNNEX Corporation Adds Proofpoint to its Security and Networking Portfolio

SYNNEX | July 22, 2021

A leading provider of distribution, systems design, and integration services for the technology industry, SYNNEX Corporation (NYSE: SNX) has announced its expansion of networking and security portfolio with a leading cybersecurity and compliance company, Proofpoint products and services. Through SYNNEX, resellers can have access to the whole Proofpoint line. They can leverage their combined suite of cloud-based solutions, assisting companies globally to safeguard their data, stop targeted threats, and make their users stronger against cyber attacks and threats. This agreement boosts compliance solutions and SYNNEX's cybersecurity and guarding people on all channels, including web,email, social media cloud, and mobile messaging. Through SYNNEX, many inclusive pre-sales support offerings will be accessible such as bill of materials design, assistance with opportunity qualification, access to complementary training, and proof of concept demonstrations. In addition, the dedicated team in SYNNEX Proofpoint can assist with product management and specialization, marketing, business development, and overall business management. With renewal automation, SYNNEX also offers rewarding financial assistance and incentives. This support is aimed to help clients upsurge their operational efficiencies and successfully grow their dealings in businesses. About SYNNEX Corporation Founded in 1980, SYNNEX Corporation (NYSE: SNX) is a Fortune 200 corporation. It is also a leading provider of systems design and integration services and a comprehensive range of distribution for the technology industry to many enterprises. It operates in several countries throughout South and North America, Asia-Pacific, and Europe

Read More

DATA SECURITY

Upstream Security Recognized by Frost & Sullivan for Its Contribution to the Automobile Industry

Upstream | August 12, 2021

Upstream Security, provider of a cloud-based mobility cybersecurity and data analytics platform, which is purpose-built for connected vehicles and smart mobility services, announced today that it was selected to receive the 2021 Europe Technology Innovation Leadership Award from leading research group Frost & Sullivan. Following a rigorous process of analysis, consisting of multiple vendor evaluations across various criteria, Frost & Sullivan acknowledged Upstream Security for its visionary outlook and outstanding achievements in developing growth strategies that effectively address new challenges and opportunities in the connected vehicle analytics and cybersecurity space. In its detailed report, Frost & Sullivan noted that Upstream's ability to leverage data, analytics, and cybersecurity technologies helps customers achieve best-in-class vehicle security, higher reliability, and substantial financial savings. Specifically, the following are some of Upstream's values highlighted in the report: ● Unparalleled cybersecurity: Equips original equipment manufacturers (OEMs) with a powerful combination of intrusion prevention and detection systems for automotive telematics protocols, coupled with machine learning algorithms accustomed to fleet and driver behavior. ● Vehicle Security Operations Center (VSOC) integration: Enables both automotive cybersecurity detection and additional non-cyber smart-mobility use cases for deep, contextually rich investigation of automotive related incidents. ● Regulatory compliance: Ensures compliance with UNECE WP.29 (R155). ● Full visibility and flexibility: Provides fleet-wide visibility through analytical tools and real-time actionable insights into fleet health and vehicle activities. ● User-friendly and customizable: Offers a dashboard with crucial insights that enable clients to identify cyber risks in real time, in addition to both pre-built and customizable security policies. Tonya Fowler, Global Research Vice President of Best Practices Recognition at Frost & Sullivan, summarized the company's key contributions to the industry: "Upstream Security has quickly developed an excellent reputation by developing an industry leading cloud-based centralized cybersecurity platform that enables clients to safeguard the technologies and applications of connected and autonomous vehicles via application of big data and Machine Learning." Oded Yarkoni, VP Marketing at Upstream Security, explained the visionary strategy that helped the company clinch this prestigious award: "With vehicles becoming more connected and autonomous, the automotive industry must continually evolve and outpace new risks previously only experienced by the IT industry. At the same time, there is a huge opportunity for car manufacturers, insurers, and the whole industry to better serve and protect drivers while improving operational excellence and financial performance. Upstream Security is at the forefront of this new world, enabling its customers to harness the wealth of information to deliver better results. "We are proud to be recognized for this leadership by Frost & Sullivan, and to continue our mission to become the provider of choice for cybersecurity and data analytics to the connected vehicle industry." More insights about the award selection process and Upstream Security's technology are detailed in the report published by Frost & Sullivan. About Upstream Security Upstream unlocks the value of mobility data through a purpose-built, cloud-based cybersecurity and data analytics platform. The Upstream platform and its pre-built and customizable applications leverage existing mobility data feeds for multiple use cases, including cybersecurity, predictive maintenance, insurance, business intelligence, data quality validation and more. Utilizing data normalization and cleansing; digital twin profiling; artificial intelligence (AI)-powered anomaly detection; and built-in mobility intelligence from AutoThreat® Intelligence, the industry's first mobility-specific threat intelligence and risk assessment solution, Upstream provides unparalleled cybersecurity and data-driven actionable insights that are readily available and seamlessly integrated into the customer's environment. Upstream is privately funded by Mitsui Sumitomo Insurance, Alliance Ventures (Renault, Nissan, and Mitsubishi), Volvo Group, Hyundai, Nationwide Insurance, Salesforce Ventures, CRV, Glilot Capital Partners, and Maniv Mobility. About Frost & Sullivan Frost & Sullivan, the Growth Partnership Company, collaborates with clients to leverage visionary innovation that addresses the global challenges and related growth opportunities that will make or break today's market participants. For more than 50 years, Frost & Sullivan has been developing growth strategies for the Global 1000, emerging businesses, the public sector, and the investment community.

Read More

NETWORK THREAT DETECTION

Frost & Sullivan Awarded Securethings.ai the 2020 Technology Innovation Leadership Award Securethings

Frost & Sullivan | January 24, 2022

Frost & Sullivan has awarded SecureThings.ai the 2020 Technology Innovation Leadership Award based on their recent analysis of the Indian automotive cybersecurity solutions market. By providing continuous vehicle monitoring to detect unknown behaviors and threats, the company takes a holistic approach to solve cybersecurity risks in connected vehicles. SecureThings sets itself apart from the competition with its comprehensive, multi-layer, in-depth defense cybersecurity solutions for electric vehicle manufacturers, fleet owners, OEMs, Tier I suppliers, telematics device vendors, and mobility service providers. SecureThings provides end-to-end vehicle security solutions based on a five-pronged approach: detection, reaction, recovery, identity, and protection. Using patented machine learning-based solutions, we are the leading source of in-vehicle cyber security for OEMs, Tier 1 Suppliers, and Subsystem Manufacturers. OEMs shared services operators and fleet managers can use the company's threat intelligence and cloud security technology to get complete control, extensive monitoring, and effective resolution procedures. The SecureThings Cloud platform provides active defense by integrating external vulnerability searches and new attack chains with the correlation engine of the automobile security operations center. Furthermore, the platform gives precise information and insights into fleets' potentially vulnerable cars, allowing for proactive risk mitigation measures. As a result, OEMs can use safe over-the-air upgrades to detect and fix major and dangerous cybersecurity flaws. "SecureThings offers detailed and customized protection solutions for real-time in-vehicle, network, and in-vehicle network use cases,"Real-time in-vehicle protection provides three security layers to protect a vehicle from various attacks. The first layer secures physical and remote interfaces from any unwanted code entering the automobile's systems. The second layer delivers protection from memory-based attacks, such as memory corruption and buffer overflow attacks. The final layer protects the entire vehicle network by leveraging machine learning software, ensuring security by identifying threats through real-time intelligence." Kaushik Madhavan, Vice President - Mobility at Frost & Sullivan SecureThings has carved out a niche in the industry by offering specialized services like cybersecurity assessment, penetration testing, and ethical hacking to OEMs, Tier 1 suppliers, and mobile service providers. To assure zero exposure, the company's research and advisory staff hunts for and analyses risky autos and devices. In addition, SecureThings' research lab brings together a strong group of industry professionals in enterprise cybersecurity, in-vehicle security, machine learning, and Big Data analytics to offer best practices for implementing robotic cybersecurity solutions to mitigate risks. "SecureThings' protection solution design incorporates deterministic, and machine learning approaches that help customers achieve significant improvements in their cyber defense ratings," noted Madhavan. "Leveraging its industry-leading technologies; advanced research labs; and a cost-effective, customized solution, SecureThings aims to incorporate innovative products and services in its portfolio in the coming years." This award is given by Frost & Sullivan every year to the company that has developed a product with novel features and functionality that is quickly gaining market adoption. The award honors the solution's excellence and the client value additions it enables. Companies in several regional and global markets are honored with Frost & Sullivan Best Practices Awards for exhibiting remarkable achievement and superior performance in leadership, technological innovation, customer service, and strategic product creation. Industry analysts use in-depth interviews, analysis, and extensive secondary research to compare market participants and analyze performance to find the best practices in the industry.

Read More