Cryptojacking: An Unwanted Guest

2019-07-17T10:37:36-07:00June 18th, 2019|Threats|

We analyse a cryptojacking attack that mines the Monero cryptocurrency. The value of Monero in US dollars has more than doubled over the first half of 2019, from $46 to $98. The rebound of the cryptocurrencies market means that cryptojacking is an increasingly profitable activity for criminals. The use of freely-available exploits such as EternalBlue and DoublePulsar shows how exploits that were previously only available [...]

Demonstration of Rising Sun Attack

2019-06-12T16:51:31-07:00June 12th, 2019|

Attackers use social engineering tactics to exploit the fact that most of us are overloaded and juggling too many tasks, and our worries that we might be accidentally missing important deadlines. To get past the initial hurdle, this particular malware is delivered as a link, which is perceived less risky. But once clicked, the link [...]

Malware Misuses Common Operating System Commands to Perform Targeted Attacks

2019-06-12T13:41:34-07:00June 12th, 2019|Threats|

We previously posted a blog about the Ursnif family of malware using language checks to determine the end user’s location as a means of bypassing sandbox-based endpoint protection during regionally targeted attacks. Since then, we have seen a couple more examples of malware using clever methods to indirectly determine the language of the running machine’s [...]

Now Available: Bromium Threat Insights Report – June 2019 Edition

2019-06-10T19:00:11-07:00June 6th, 2019|Research, Threats|

This month’s most notable threat is Emotet – a rapidly evolving polymorphic banking Trojan If you haven’t yet enabled your Threat Forwarding, we invite you to do so, and join a community of Bromium users who help fuel our unrelenting pursuit of getting ahead of attackers Learn about Emotet and other emerging threats, and join [...]

Introducing the Bromium Threat Insights Report

2019-06-10T18:53:01-07:00May 8th, 2019|Company News, Research, Threats|

The Bromium Threat Insights Report is designed to share intelligence about the most notable malware that our experts have analysed, and highlight new techniques used by attackers. The report is made possible by customers who have opted to share their Bromium-isolated threats with Bromium. Learn practical and actionable information about how to protect your organisation [...]

Malware Debugs Itself to Prevent Analysis

2019-06-10T18:53:52-07:00April 9th, 2019|Threats|

We recently encountered a piece of malware via a tweet, which caught our eye because it appeared to be searching for folders related to our product. During analysis we discovered that this malware employs a novel technique to prevent reverse engineering via a debugger, and we felt that it was worth writing about, in case [...]

Mapping Out a Malware Distribution Network

2019-06-10T18:54:31-07:00April 4th, 2019|Breaking News, Threats|

More than a dozen US-based web servers were used to host 10 malware families, distributed through mass phishing campaigns. Malware families include Dridex, GandCrab, Neutrino, IcedID and others. Evidence suggests the existence of distinct threat actors: one responsible for email and malware hosting, and others that operate the malware. Indications that the servers are part [...]

Location-Aware Malware Targets Japanese and Korean Endpoints

2019-06-10T18:55:10-07:00March 14th, 2019|Threats|

New malware samples use location awareness to specifically target Japanese and Korean endpoints. The malware uses two techniques to determine the location in which it is being executed and ensures that the payload will only be triggered in these regions. This approach matches two trends: 1) docs performing regional checks in targeted attacks, and 2) [...]

Preview Pain: Malware Triggers in Outlook Preview Without User Opening Word Document

2019-06-10T18:56:30-07:00February 13th, 2019|Threats|

A recent malware sample forwarded to our Threat Intelligence service had some very interesting properties which we think would be useful to share. The sample itself is a Word document which is emailed as part of a phishing attack. If the user interacts with the document, it would download a payload to run on the [...]

See Bromium in Action

Request a demo and see how Bromium isolation will put an end to malware and attacks once and for all.

Request a Demo

By continuing to use the site, you agree to the use of cookies. More information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close