Urgences 24 sur 7 – (888) 287-5858   Connexion au Portail TitanSupport    Contactez-nous      Blogue

Threat landscape continues to evolve, putting organizations at risk

La Jolla, CA. — GoSecure, a leading provider of Managed Detection and Response (MDR) services, today announced the details of two recent findings from GoSecure Titan Research. The findings are examples of the speed and technical acumen exhibited by today’s modern cybercriminals. They also illustrate the ease by which attacks can breach cybersecurity infrastructure’s that rely on traditional tools.

First appearing in early 2020, the Exorcist ransomware came and went fairly quickly. In September 2020, the GoSecure Titan MDR analyst team observed suspicious behavior when an EXE started copying data from the browser’s directory to random text files. The suspicion leads to full-on alert when the same EXE begins communicating with a known malicious IP which instructs the EXE to perform additional suspicious behaviors:

  • Create file oewvcabkhaw.exe
  • Create a new process using this file
  • Create more suspiciously named files such as poawhepvtl.exe

The coup de grâce comes when a malicious shortcut link, SmartClock.lnk, is added to the user’s startup folder. This shortcut links to a file that is activated using a Registry RunOnce entry, which is, subsequently, deleted.

After GoSecure Titan MDR blocked all suspicious activity, the researchers performed a post-mortem and realized they had found new ransomware, subsequently named Exorcist 2.0 by the media. It was GoSecure’s combination of behavior-based technology and human review that allowed Titan MDR to detect and mitigate this malicious activity. There was no way for traditional solutions to define the action as malicious as none of these tactics had been observed in just this way prior. And it took GoSecure Titan Threat Hunters to identify suspicious activity, correlate all behaviors, and accurately classify the full sequence of events as malicious.

During the 2020 Holiday season, GoSecure Titan Inbox Detection and Response (IDR) spotted email activity that looked suspiciously like BazarLoader. These malspam contained fake employment termination notices and anonymous surveys, creating urgency for recipients to open the attachment. After bypassing the obfuscation techniques, GoSecure Titan researchers noted a Portable Executable (PE) loaded into memory but acting unusually. In particular, the PE acted as ShellCode rather than a PE, eliminating the calls to thread related APIs, making it more challenging for simple behavior-based solutions to detect the activity.

Other interesting activity includes:

  • Check if the keyboard locale is Armenian
  • Check, and prevent, more than one instance of BazarLoader running
  • Non-standard HTML header Update
  • Include the string Stupid Defender to mock researchers

“Organizations face many challenges in today’s threat landscape. Not only are adversaries quickly iterating malware tactics to stay ahead of technique-based cybersecurity solutions, but many organizations also lack sufficient staff and experience to handle the increased sophistication of these attacks,” said Neal Creighton, GoSecure CEO. “With average dwell time of almost 80 days, it is imperative for organizations to stop attacks as quickly as possible to minimize the impact.”

GoSecure Titan MDR dramatically reduces a company’s risk by providing 24/7 visibility into customer environments to identify, track and stop advanced threats. Titan MDR combines the Titan platform with GoSecure’s experienced threat hunting team to identify suspicious activity, correlate behaviors, and accurately classify advanced threats so they are mitigated quickly. In many cases, neither technology nor people, by themselves, can identify and correctly classify – it takes synergy between the two to stop unknown advanced threats like ransomware. GoSecure Titan MDR mitigated over 200 ransomware attacks for customers in 2020 alone.

Key benefits of GoSecure Titan MDR:

  • Visibility: 150 unique event types across endpoint, network, email and user behavior compared to industry average of less than 50
  • Analysis: ML /AI, combined with human review, to correlate behaviors and events with attack strategies
  • Response: Mitigating attacks on average in less than 15 minutes, compared to average dwell time of almost 80 days
  • Expertise: Over 6 years of experience operationalizing the MDR connection between people, processes, and technology

Additional details of these GoSecure Titan Research findings can be found on GoSecure’s Security Blog.

To learn more about these attacks, as well as GoSecure Titan MDR, join our upcoming webinar on March 17th: Are Cybercriminals Taking the Lead? Exorcist 2.0 and BazarLoader Deconstructed. Register here.



About GoSecure
GoSecure is a recognized cybersecurity leader, delivering innovative managed security solutions and expert advisory services. GoSecure Titan® managed security solutions deliver multi-vector protection to counter modern cyber threats through a complete suite of offerings that extend the capabilities of our customers’ in-house teams. GoSecure Titan Managed Detection & Response (MDR) offers a best in class mean-time-to-respond, with comprehensive coverage across customers’ networks, endpoints and inboxes. For over 10 years, GoSecure has been helping customers better understand their security gaps, improve organizational risk and enhance security posture through advisory services provided by one of the most trusted and skilled teams in the industry.

    Media Contact

      info@gosecure.net

Détection et réponse gérées et étendues GoSecure TitanMC (MXDR)

Détection et réponse gérées et étendues GoSecure TitanMC (MXDR) Fondation

Gestion des vulnérabilités en tant que service GoSecure TitanMC (VMaaS)

Surveillance des événements liés aux informations de sécurité gérée GoSecure TitanMC (SIEM gérée)

Défense du périmètre gérée GoSecure TitanMC (pare-feu)

Détection et réponse des boîtes de messagerie GoSecure TitanMC (IDR)

Passerelle de messagerie sécurisée GoSecure TitanMC (SEG)

Modélisateur de menaces GoSecure TitanMC

Identity GoSecure TitanMC

Plateforme GoSecure TitanMC

Services de sécurité professionnels de GoSecure

Services de réponse aux incidents

Évaluation de la maturité de la sécurité

Services de confidentialité

Services PCI DSS

Services de piratage éthique

Opérations de sécurité

MicrosoftLogo

GoSecure MXDR pour Microsoft

Visibilité et réponse complètes au sein de votre environnement de sécurité Microsoft

CAS D'UTILISATION

Cyberrisques

Mesures de sécurité basées sur les risques

Sociétés de financement par capitaux propres

Prendre des décisions éclairées

Sécurité des données sensibles

Protéger les informations sensibles

Conformité en matière de cybersécurité

Respecter les obligations réglementaires

Cyberassurance

Une stratégie précieuse de gestion des risques

Rançongiciels

Combattre les rançongiciels grâce à une sécurité innovante

Attaques de type « zero-day »

Arrêter les exploits de type « zero-day » grâce à une protection avancée

Consolider, évoluer et prospérer

Prenez de l'avance et gagnez la course avec la Plateforme GoSecure TitanMC.

24/7 MXDR

Détection et réponse sur les terminaux GoSecure TitanMC (EDR)

Antivirus de nouvelle génération GoSecure TitanMC (NGAV)

Surveillance des événements liés aux informations de sécurité GoSecure TitanMC (SIEM)

Détection et réponse des boîtes de messagerie GoSecure TitanMC (IDR)

Intelligence GoSecure TitanMC

Notre SOC

Défense proactive, 24h/24, 7j/7

À PROPOS DE GOSECURE

GoSecure est un leader et un innovateur reconnu en matière de cybersécurité, pionnier de l'intégration de la détection des menaces au niveau des terminaux, du réseau et des courriels en un seul service de détection et réponse gérées et étendues (MXDR). Depuis plus de 20 ans, GoSecure aide ses clients à mieux comprendre leurs failles en matière de sécurité et à améliorer leurs risques organisationnels ainsi que leur maturité en matière de sécurité grâce aux solutions MXDR et aux services professionnels fournis par l'une des équipes les plus fiables et les plus compétentes de l'industrie.

CALENDRIER D’ÉVÉNEMENTS

No upcoming events.

DERNIER COMMUNIQUÉ DE PRESSE

AVIS DE SÉCURITÉ

Urgences 24 sur 7 – (888) 287-5858