GoSecure Blog

Sean Bodmer

Recent Posts

Show Us the Way CryptoLocker!

Ransomware is a class of crimeware that locks down an infected system by preventing user’s access to their data stored locally or via accessible shared network drives. Access is only sometimes restored to the victim after a sum of money is transferred to a digitally remote blackmailer.

CryptoLocker is one of the latest variants in this family surfacing over the last few months has recently made some noise across the industry. Ransomware is one of the busiest (and most annoying) threats of 2013, and is experiencing another comeback tour so we decided it’s time to take a peek under the hood of the latest variant’s campaign to see what the author team is up to as of late and how different is the actual threat compared to the evasion techniques.

Read More

Topics: Cyber Crime, Cyber Security, malware, Cyber Attack, APT, cybersecurity, malware infection, malware analysis, Scout, Sentinel, endpoint security, CounterTack, Breaches, Zero-day Attack, in-progress attacks, Sean Bodmer

The Pitfalls Behind and Ahead: Part 2

The Pitfalls Behind and Ahead: Part 2

Read More

Topics: Cyber Security, Detection Gap

Roger Grimes is Right. Make Sure Your Honeynet Solution Is Too

Roger Grimes recently published an article in InfoWorld, “No Honeypot? Don't Bother Calling Yourself a Security Pro,” that argues honeypots should be a pivotal part of any company’s security strategy. He notes that honeypots “can easily capture zero-day exploits, freshly minted malware, and roaming APT hackers,” which are some of the key drivers behind the Detection Gap problem. Despite that, Grimes notes that many businesses have yet to even use them.

So, what’s the holdup? I think many organizations have shied away from honeypots because of perceived difficulties in setting them up and operating them. Traditionally, honeypots also have required highly skilled security professionals to monitor them, scaring off some potential adopters. Also, some organizations mistakenly believe that multilayered firewall, intrusion prevention, antivirus and other defenses provide adequate protection.

Read More

Topics: Cyber attack intelligence, APT, Honeynets

The Pitfalls Behind And Ahead

The pace of advisories and reports surrounding new zer0day activity seems to be accelerating at an alarming rate in 2013. Growing numbers have been seen in the wild exploiting victims and gaining beachheads within enterprises around the world. Meanwhile, as a noted in a recent New York Times article, which highlighted the statistics of crimeware detection and prevention among the world’s top 45 antivirus engines commercially available, the cyber security industry has been slow to adapt. To illuminate some of the mystery behind some of the tools and techniques that makes executable detections more difficult than they used to be, it helps to examine a small chip off of the proverbial iceberg of evasion techniques to make the topic more digestible.

In the book Hacking Exposed – Malware and Rootkits, my co-authors and I discussed many of these evasion techniques and other tools such as crypters, binders, packers, polymorphism, and several other common methods that bolster the survivability of a malicious executable. Almost all of these tactics are incorporated by persistent threats in order to evade detection by most commercially available antivirus or other security products. To understand these methods and related behaviors, one must first examine the motive behind them.

Read More

Topics: Cyber Crime, Cyber Attack, APT, Detecting in-progress attack, in-progress attacks, VirusTotal, Anubis, Broad Crypter

Dissecting Project Blitzkrieg

Reports of a massive, looming cyber attack – coined Project Blitzkrieg – has dominated headlines following the recent release of a new McAfee Labs study.

According to the report, malware has been lying dormant in 30 leading U.S. financial services organizations – including Fidelity, E*Trade, Charles Schwab, PayPal, Citibank, Wachovia, Wells Fargo, Capital One, Navy Federal Credit Union and others – and will be activated by the Spring of next year. The report goes on to say that “the project appears to be moving forward as planned.”

Read More

Topics: Cyber Crime, Cyber Security, malware, Cyber Attack, Research

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all