Staying hidden is one of the primary goals of an attacker, making the arms race between cybercriminals and security professionals a never-ending battle. At the recent Black Hat Europe 2015 conference in Amsterdam, Dell SecureWorks’ Pierre-Marc Bureau and fellow researcher Christian Dietrich from security vendor CrowdStrike brought attendees behind the frontlines of that fight and revealed how attackers are hiding their command and control communication in an effort to dodge detection.
Recently, Dell SecureWorks Counter Threat Unit™ (CTU) researchers uncovered a set of fake profiles supporting a suspected Iran-based threat group’s cyber operations and documented the findings in a recent threat analysis,
Dell SecureWorks’ Director of Malware Research, Joe Stewart discusses how YouTube channels are being attacked by malicious hackers. One does not simply DDoS Google in order to silence a YouTube channel; no one has that kind of bandwidth. Instead, what the attacker did was to spam the channel with “dislikes,” a way to try and impact the revenue stream of the channel operator by manipulating YouTube’s view recommendation system.
Few security researchers possess the skills to detect elusive threat actors and gather the evidence of Advanced Persistent Threat (APT) groups lurking beneath the surface of legitimate-appearing network traffic. Dell SecureWorks Counter Threat Unit™ (CTU) researchers gain insights about threats such as Threat Group-3390 (TG-3390) from monitoring clients’ environments, including traffic and endpoints, and conducting intrusion analysis during incident response engagements.
Dell SecureWorks Counter Threat Unit™ (CTU) researchers conducted a longitudinal analysis of the malware family called Sakula (also known as Sakurel and VIPER), which targeted organizations in multiple verticals. Since at least November 2012, the malware has given threat actors remote access to compromised systems. In 2014, Sakula became publicly known when it was spotted […]
Dell SecureWorks Counter Threat Unit researchers have found that threat groups victimizing a particular vertical today may infiltrate new verticals tomorrow. Organizations should never dismiss the threat from groups that seem to only target other industries and should have thorough plans and mitigation strategies in place.
Dell SecureWorks Counter Threat Unit™ (CTU) researchers analyzed a stealthy malware family named Stegoloader that has been active since at least 2013 and yet is relatively unknown. It has been distributed through software piracy websites, bundled with software license key generators.
Dell SecureWorks CTU researchers responded to an intrusion perpetrated by Threat Group-1314 (TG-1314), one of numerous threat groups that employ the “living off the land” technique to conduct their intrusions. Detecting threat actors who are “living off the land,” using credentials, systems, and tools they collect along the way instead of backdoors, can be challenging for organizations that focus their instrumentation and controls primarily on the detection of malware and indicators such as command and control IP addresses, domains, and protocols.
Prioritizing resources and effort to improve the overall security posture and incident readiness of any organization is an arduous but necessary task. No organization has unlimited funds and resources; in fact, the truth is quite the opposite. Fully exploiting threat intelligence can help IT professionals make decisions about best utilizing available resources. With respect to […]
ZeroAccess (also known as Sirefef) is a peer-to-peer (P2P) botnet for perpetrating advertising click-fraud. It was disrupted by law enforcement in December 2013. The Dell SecureWorks Counter Threat Unit™ (CTU) research team observed the botnet reactivate from March 21, 2014 until July 2, 2014. On January 15, 2015 at 7:58 pm EST, the botnet again […]