Contact: US (877) 838-7947 | UK +44 131 260 3044 Blog | Careers | Contact Us | Client Support

Category Archives: CTU Research

Negative Feedback – Attack on a YouTube Channel

Recently, one of my favorite YouTube channels, Dave Jones’ EEVblog, came under attack after having published a series of videos debunking a product claiming to vastly extend the life of alkaline batteries. But just how do you “attack” a YouTube channel? One does not simply DDoS Google in order to silence a YouTube channel; no […]

Revealing the Cyber-Kraken

Few security researchers possess the skills to detect elusive threat actors and gather the evidence of Advanced Persistent Threat (APT) groups lurking beneath the surface of legitimate-appearing network traffic. Dell SecureWorks Counter Threat Unit™ (CTU) researchers gain insights about threats such as Threat Group-3390 (TG-3390) from monitoring clients’ environments, including traffic and endpoints, and conducting intrusion analysis during incident response engagements.

Technical Analysis Tracks the Sakula Malware Family

Dell SecureWorks Counter Threat Unit™ (CTU) researchers conducted a longitudinal analysis of the malware family called Sakula (also known as Sakurel and VIPER), which targeted organizations in multiple verticals. Since at least November 2012, the malware has given threat actors remote access to compromised systems. In 2014, Sakula became publicly known when it was spotted […]

Vertical Hopscotch

Dell SecureWorks Counter Threat Unit researchers have found that threat groups victimizing a particular vertical today may infiltrate new verticals tomorrow. Organizations should never dismiss the threat from groups that seem to only target other industries and should have thorough plans and mitigation strategies in place.

Living off the Land

Dell SecureWorks CTU researchers responded to an intrusion perpetrated by Threat Group-1314 (TG-1314), one of numerous threat groups that employ the “living off the land” technique to conduct their intrusions. Detecting threat actors who are “living off the land,” using credentials, systems, and tools they collect along the way instead of backdoors, can be challenging for organizations that focus their instrumentation and controls primarily on the detection of malware and indicators such as command and control IP addresses, domains, and protocols.

Exploiting Threat Intelligence

Prioritizing resources and effort to improve the overall security posture and incident readiness of any organization is an arduous but necessary task. No organization has unlimited funds and resources; in fact, the truth is quite the opposite. Fully exploiting threat intelligence can help IT professionals make decisions about best utilizing available resources. With respect to […]

ZeroAccess botnet resumes click-fraud activity after six-month break

ZeroAccess (also known as Sirefef) is a peer-to-peer (P2P) botnet for perpetrating advertising click-fraud. It was disrupted by law enforcement in December 2013. The Dell SecureWorks Counter Threat Unit™ (CTU) research team observed the botnet reactivate from March 21, 2014 until July 2, 2014. On January 15, 2015 at 7:58 pm EST, the botnet again […]

Sleeper Agents

During an incident response engagement, Dell SecureWorks Counter Threat Unit™ (CTU) analysts observed lateral movement activities conducted by the adversary to establish a solid foothold within the compromised infrastructure. A remote access trojan (RAT) was copied to and installed on multiple systems as a Windows service, and was then executed via a scheduled task. Each […]

Keeping Cyber Criminals from Breaking into Your Network via Your Vendors

The media has reported that several companies in the past year have suffered significant security breaches, as a result of hackers compromising companies’ third party vendors. Instead of going after large organizations directly, some threat actors are opting to target smaller, third party vendors who do business with the larger companies. The criminals are hoping these third party vendors will have fewer security protections in place. If the hackers are able to break into one of these vendors, get their hands on the credentials the vendor uses to access the larger company’s network and successfully use those credentials, then the criminals have just gained their initial foothold into the target company— all under the guise of a trusted partner. From there, the hackers might go after valuable trade secrets and Intellectual Property, customer credit and debit card data, or Personal Identifiable Information for Employees and Customers (names, addresses, social security numbers, email addresses and phone numbers).

Online Tools

  • Print this Page
  • Share This Resource