Research and insight on cutting-edge malware and advanced threats

What is Next Generation Endpoint Protection?

By now you have probably heard the term “Next Generation Endpoint Protection. A slew of companies, startups and incumbents alike use the term to describe some of their offerings. But what does it actually mean? What are the capabilities you should look for in a Next Generation Endpoint Protection Platform? What makes it “next generation”?[…]


Turning the Tables on “Rombertik” Reveals the Story Behind the Threat

A malware variant named “Rombertik” recently made headlines for its ability to wipe the Master Boot Record (MBR) of a machine if it detected the presence of analysis or debugging functions. For example, Rombertik can detect system strings that contain “malwar,” “sampl,” “viru,” and “sandb,” – all commonly used strings by malware researchers and online[…]

Network Protection/Security

Understanding “Kjw0rm” Malware – We Dive in to the TV5 Cyber Attack

Pro-Islamic state hackers conducted an attack against “TV5Monde” TV station in France, news sources report that the Islamic hacktivist were apparently unhappy about the TV station that covered the recent events in Paris. TV5Monde’s “defaced” twitter account. Sources report that the attack chain was a social engineering phishing via social networks that was followed by exploitation of java[…]


How to Protect Against Latest OSX Pw2Own Vulnerabilities – SentinelOne Anti-Exploitation

At this year’s CanSecWest security conference, a researcher demonstrated how Apple’s OS X is vulnerable to a software hack in which applications load infected shared software libraries. Applications use dynamic linked libraries, or DLLs, as software repositories. Apple’s OS X can be compromised by a DLL hijack, which tricks Apple’s operating system loader into verifying applications[…]


Anatomy of CryptoWall 3.0 – a look inside ransomware’s tactics

Background CryptoWall is a new and highly destructive variant of ransomware. Ransomware is malicious software (malware) that infects your computer and holds hostage something of value to you in exchange for money. Older ransomware used to block access to computers. Newer ransomware, such as CryptoWall, takes your data hostage. With CryptoWall, thieves use asymmetric encryption,[…]

Security/Sentinel Labs Intelligence Reports/Threats

OSX.IronCore.A or what we know about OSX.FlashImitator.A

On December 12th, Apple updated XProtect, OS X’s built-in malware detection tool, to include a signature for OSX.FlashImitator.A. We analyzed the matched file and found even more samples. For some time now, OS X has been the target of Download Valley companies such as Genieo Innovation and Conduit, until Apple published an adware removal guide. This article is about a new potentially unwanted program,[…]

Security/Sentinel Labs Intelligence Reports

Control Panel in New Zeus Variant Reveals Sophistication of Crime Rings

SentinelOne recently discovered a new variant of the Zeus online banking malware that is targeting Canada’s largest banks including: Bank of Montreal (BMO), Royal Bank of Canada (RBC) and National bank of Canada. The most interesting findings we made were in the control panel used by the attackers. More on that a little later. This[…]

Sentinel Labs Intelligence Reports/Threats

How Technically Accurate is Blackhat the Movie?

This weekend Michael Mann’s latest movie Blackhat, starring Chris Hemsworth, Tang Wei, Viola Davis, Holt McCallany, and Wang Leehom, was released. Given the high profile mainstream media coverage of attacks and data breaches over the past few years, it’s not surprising that Hollywood is capitalizing on cyber-crime trends. We were curious about how accurately the[…]


The Truth About Whitelisting

In recent years, security products utilizing application whitelisting have gained popularity as a cost-effective alternative for fighting malware and advanced persistent threats. In this first in a series of posts about whitelisting, we will discuss the limitations of relying on whitelisting for combatting both common threats and APTs. First generation whitelisting mechanisms were introduced by[…]


2015 Predictions Report: Hostage-Ware, OS X, Power Grids and More

Based on our predictive execution inspection technology, which monitors every process on machines it protects, we have unique visibility into advanced attacks. For example, earlier this year our researchers discovered and reported on government grade attack code being used to make ransomware invisible. As a result, we are regularly called upon by law enforcement and[…]

Security/Sentinel Labs Intelligence Reports/Threats