Protect Before You Detect: FlawedAmmyy and the Case for Isolation

2019-07-17T10:21:57-07:00July 5th, 2019|Research, Threats|

Posted by Ratnesh Pandey, Alex Holland and Toby Gray. In June 2019, Microsoft issued warnings about a phishing campaign delivering a new variant of the FlawedAmmyy remote access Trojan (RAT), and a spike in the exploitation of CVE-2017-11882 in the wild. In this blog post we take a look at some of the weaknesses of detect-to-protect technologies such [...]

Cryptojacking: An Unwanted Guest

2019-07-17T10:37:36-07:00June 18th, 2019|Threats|

We analyse a cryptojacking attack that mines the Monero cryptocurrency. The value of Monero in US dollars has more than doubled over the first half of 2019, from $46 to $98. The rebound of the cryptocurrencies market means that cryptojacking is an increasingly profitable activity for criminals. The use of freely-available exploits such as EternalBlue and DoublePulsar shows how exploits that were previously only available [...]

Answering Your Emotet Questions from the Webinar, Emotet: Taming a Wild Trojan

2019-06-13T14:16:41-07:00June 13th, 2019|Threats|

On June 12, we hosted a deep-dive technical webinar on Emotet, featuring Robert Bigman, former CISO at the CIA, and James Wright, VP Engineering and Threat Research at Bromium In this blog, we answer your Emotet questions submitted during the webinar If you missed the webinar, you can listen to it on-demand, embedded at the end [...]

Malware Misuses Common Operating System Commands to Perform Targeted Attacks

2019-06-12T13:41:34-07:00June 12th, 2019|Threats|

We previously posted a blog about the Ursnif family of malware using language checks to determine the end user’s location as a means of bypassing sandbox-based endpoint protection during regionally targeted attacks. Since then, we have seen a couple more examples of malware using clever methods to indirectly determine the language of the running machine’s [...]

Now Available: Bromium Threat Insights Report – June 2019 Edition

2019-06-10T19:00:11-07:00June 6th, 2019|Research, Threats|

This month’s most notable threat is Emotet – a rapidly evolving polymorphic banking Trojan If you haven’t yet enabled your Threat Forwarding, we invite you to do so, and join a community of Bromium users who help fuel our unrelenting pursuit of getting ahead of attackers Learn about Emotet and other emerging threats, and join [...]

The Emotet-ion Game (Part 3)

2019-06-11T09:35:33-07:00May 28th, 2019|Research, Threats|

This blog is a continuation of our blog series on the Emotet banking Trojan. So far, we have analysed Emotet’s delivery mechanism and its behaviour through dynamic analysis. The host and network data captured from Emotet found that it escalates its privileges by registering itself as a service, persists in multiple locations on the filesystem [...]

Congratulations, You’ve Won a Meterpreter Shell

2019-06-10T18:52:16-07:00May 17th, 2019|Threats|

Posted by Josh Stroschein, Ratnesh Pandey and Alex Holland. For an attack to succeed undetected, attackers need to limit the creation of file and network artifacts by their malware. In this post, we analyse an attack that illustrates two popular tactics to evade detection: Avoiding saving file artifacts to disk by running malicious code directly [...]

Introducing the Bromium Threat Insights Report

2019-06-10T18:53:01-07:00May 8th, 2019|Company News, Research, Threats|

The Bromium Threat Insights Report is designed to share intelligence about the most notable malware that our experts have analysed, and highlight new techniques used by attackers. The report is made possible by customers who have opted to share their Bromium-isolated threats with Bromium. Learn practical and actionable information about how to protect your organisation [...]

Emotet: Catch Me If You Can (Part 2 of 3)

2019-06-11T09:36:38-07:00April 30th, 2019|Threats|

Emotet is a highly modular banking Trojan that has a proper decision tree-based algorithm to perform designated tasks. Due to Emotet’s capability to deliver obfuscated payloads and extend its capabilities through self-upgradable modules, it has become a commonly-used payload launcher in targeted attacks on organisations. Emotet’s use in multi-stage and multi-vector attacks has given it [...]

Malware Debugs Itself to Prevent Analysis

2019-06-10T18:53:52-07:00April 9th, 2019|Threats|

We recently encountered a piece of malware via a tweet, which caught our eye because it appeared to be searching for folders related to our product. During analysis we discovered that this malware employs a novel technique to prevent reverse engineering via a debugger, and we felt that it was worth writing about, in case [...]

See Bromium in Action

Request a demo and see how Bromium isolation will put an end to malware and attacks once and for all.

Request a Demo

By continuing to use the site, you agree to the use of cookies. More information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close