Disabling Anti-Malware Scanning

2019-02-20T12:54:55+00:00February 20th, 2019|Threats|

This post follows on from the previous blog post, Preview Pane, looking at the later parts of the kill chain for the same malicious document. Here I will detail a technique for disabling the Antimalware Scan Interface (AMSI). This is an interface provided as part of Microsoft Windows for scanning data with anti-malware software installed [...]

Preview Pain: Malware Triggers in Outlook Preview Without User Opening Word Document

2019-02-13T20:43:41+00:00February 13th, 2019|Threats|

A recent malware sample forwarded to our Threat Intelligence service had some very interesting properties which we think would be useful to share. The sample itself is a Word document which is emailed as part of a phishing attack. If the user interacts with the document, it would download a payload to run on the [...]

Super Mario Oddity

2019-02-11T05:33:06+00:00February 8th, 2019|Threats|

A few days ago, I was investigating a sample piece of malware where our static analysis flagged a spreadsheet as containing a Trojan but the behavioural trace showed very little happening. This is quite common for various reasons, but one of the quirks of how we work at Bromium is that we care about getting malware to run and [...]

Emotet: How It Might Infect Your PC

2019-02-05T12:25:11+00:00February 4th, 2019|Threats|

The most prolific malware that Bromium has been seeing in customer environments over the last three months has been Emotet. Since this appears to be the preferred malware campaign of the moment, I wanted to give a technical breakdown on how your PC might get infected by Emotet. I won’t drill into every detail of [...]

Bromium Secure Browsing Isolates Intelligently and Maximizes Browser Choice

2019-01-08T10:30:00+00:00January 8th, 2019|Innovation, Threats|

Web browsing is intensely personal, even at work. Users develop strong preferences, tend to lock in a browser early, and are fiercely loyal to their favored choice. Forcing them to change browsers—or even strongly suggesting it—is often met with resistance, and sometimes with outright subversion by installing and using unauthorized browsers. With the web so [...]

Magellan and the Security Pitfalls of Third-Party Code

2018-12-22T07:22:47+00:00December 22nd, 2018|Threats|

The Security Pitfalls of Third-Party Code As the web evolves, webpages are offering new powerful and interactive features Vulnerabilities in these features may allow remote attackers to run malware on your machine Bromium uses hardware-enforced isolation to protect against these attacks by design The recent Magellan vulnerability in SQLite allows attackers to exploit affected applications [...]

Threatscape Predictions for 2019

2018-12-18T12:25:24+00:00December 18th, 2018|Threats|

Breaches will appear to be more frequent, more public, and more dramatic than in previous years New attack vectors will emerge just as the industry figures out how to foreclose on older ones Artificial intelligence (AI) and machine learning (ML) will increase the stakes for both attackers and defenders Threatscape innovation spurs defensive acceleration to [...]

Data Talks: Why Customers Trust Bromium to Let Malware Run on their Endpoints

2018-12-05T08:16:28+00:00December 5th, 2018|Threats|

Bromium customers enthusiastically choose to let malware keep running in isolated micro-VMs 86% of the time This seemingly counterintuitive approach maximizes threat intelligence, made possible only by virtualization-based security Traditional solutions try to terminate malware upon discovery to minimize breaches, but often act too late and sacrifice learning Let malware run. All of it. Ransomware, [...]

Data Talks: Deeper Down the Rabbit Hole: Second-Stage Attack and a Fileless Finale

2018-12-05T08:17:22+00:00November 5th, 2018|Threats|

­­In our last blog, “Following a Trail of Confusion: PowerShell in Malicious Office Documents”, we systematically unraveled multiple layers of obfuscation initiated by a weaponized first-stage Microsoft Word document to reveal a surreptitious download script and a malicious second-stage binary file dropped onto the victim PC. For those who wish to follow the analysis through [...]

Browser Isolation Eliminates Risk in Context

2018-10-30T05:56:42+00:00October 30th, 2018|Threats|

Browser isolation: Secure, user-centric browsing isolates phishing links, plus high-risk and lightly-trafficked websites Context awareness preserves native browsing for low-risk websites and trusted online enterprise resources Browser isolation fully quarantines web downloads, which comprise most attacks, yet are handled poorly by remote browsing proxies Everyone wants a safe web browsing experience, but nobody likes overprotective [...]

See Bromium in Action

Put an end to malware and attacks once and for all. Request a demo of the Bromium Secure Platform to learn how Bromium uses virtualization-based security to isolate applications and stop threats. Complete the form to request a demo.

Thank you! The information has been submitted successfully.

By continuing to use the site, you agree to the use of cookies. More information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.