Contact: US (877) 838-7947 | UK +44 131 260 3044 Blog | Careers | Contact Us | Client Support

Category Archives: CTU Research

Cover Their Tracks: How Attackers are Hiding C&C Communication

Staying hidden is one of the primary goals of an attacker, making the arms race between cybercriminals and security professionals a never-ending battle. At the recent Black Hat Europe 2015 conference in Amsterdam, Dell SecureWorks’ Pierre-Marc Bureau and fellow researcher Christian Dietrich from security vendor CrowdStrike brought attendees behind the frontlines of that fight and revealed how attackers are hiding their command and control communication in an effort to dodge detection.

Negative Feedback – Attack on a YouTube Channel

Dell SecureWorks’ Director of Malware Research, Joe Stewart discusses how YouTube channels are being attacked by malicious hackers. One does not simply DDoS Google in order to silence a YouTube channel; no one has that kind of bandwidth. Instead, what the attacker did was to spam the channel with “dislikes,” a way to try and impact the revenue stream of the channel operator by manipulating YouTube’s view recommendation system.

Revealing the Cyber-Kraken

Few security researchers possess the skills to detect elusive threat actors and gather the evidence of Advanced Persistent Threat (APT) groups lurking beneath the surface of legitimate-appearing network traffic. Dell SecureWorks Counter Threat Unit™ (CTU) researchers gain insights about threats such as Threat Group-3390 (TG-3390) from monitoring clients’ environments, including traffic and endpoints, and conducting intrusion analysis during incident response engagements.

Technical Analysis Tracks the Sakula Malware Family

Dell SecureWorks Counter Threat Unit™ (CTU) researchers conducted a longitudinal analysis of the malware family called Sakula (also known as Sakurel and VIPER), which targeted organizations in multiple verticals. Since at least November 2012, the malware has given threat actors remote access to compromised systems. In 2014, Sakula became publicly known when it was spotted […]

Vertical Hopscotch

Dell SecureWorks Counter Threat Unit researchers have found that threat groups victimizing a particular vertical today may infiltrate new verticals tomorrow. Organizations should never dismiss the threat from groups that seem to only target other industries and should have thorough plans and mitigation strategies in place.

Living off the Land

Dell SecureWorks CTU researchers responded to an intrusion perpetrated by Threat Group-1314 (TG-1314), one of numerous threat groups that employ the “living off the land” technique to conduct their intrusions. Detecting threat actors who are “living off the land,” using credentials, systems, and tools they collect along the way instead of backdoors, can be challenging for organizations that focus their instrumentation and controls primarily on the detection of malware and indicators such as command and control IP addresses, domains, and protocols.

Exploiting Threat Intelligence

Prioritizing resources and effort to improve the overall security posture and incident readiness of any organization is an arduous but necessary task. No organization has unlimited funds and resources; in fact, the truth is quite the opposite. Fully exploiting threat intelligence can help IT professionals make decisions about best utilizing available resources. With respect to […]

ZeroAccess botnet resumes click-fraud activity after six-month break

ZeroAccess (also known as Sirefef) is a peer-to-peer (P2P) botnet for perpetrating advertising click-fraud. It was disrupted by law enforcement in December 2013. The Dell SecureWorks Counter Threat Unit™ (CTU) research team observed the botnet reactivate from March 21, 2014 until July 2, 2014. On January 15, 2015 at 7:58 pm EST, the botnet again […]

Online Tools

  • Print this Page
  • Share This Resource