Security Research

What Really Matters with Machine Learning

What Really Matters with Machine Learning History will look back on our time as the beginning of the artificial intelligence revolution. In 2017, artificial intelligences are beating us at Go, translating  and inventing their own languages, helping us decide what to buy, writing for us, and composing music. Neural networks can even be used for image compression! As you might expect, the endpoint security […]

READ MORE

OSX.CpuMeaner: New Cryptocurrency Mining Trojan Targets macOS

(Image source: Beware of traps, by Carmen) In this post, we analyze a new cryptocurrency mining trojan targeting macOS. The malware hides in the pledge to download pirated applications and secretly mines Monero crypto-currency with the user’s hardware. While the idea is similar to OSX.Pwnet, the means and method of implementation are closer to that […]

READ MORE

New Bad Rabbit Ransomware Attack

It’s been almost exactly four months since the last Petya ransomware outbreak. On October 24th, a new variant of Petya called Bad Rabbit was discovered attacking consumers and organizations, mostly in Russia. Below is a copy of the ransom note, which is similar to Petya’s ransom note: SentinelOne customers are protected from this threat. Below […]

READ MORE

RTF zero day in the wild

FireEye recently published an RTF zero day that has been used in the wild since July. This zero day was used to spread FinSpy/FinFisher malware, a “lawful intercept” product with RAT-like capabilities. The disclosed vulnerability is a logical vulnerability, which means most EMET style anti-exploitation techniques (ASLR, DEP, CFG) are irrelevant. As are any other pre-execution security mechanisms […]

READ MORE

OSX.Pwnet.A – CS: GO Hack and Sneaky Miner

(Photo source: Pony Strike: Global Offense by FilipinoNinja95) We recently found a hack for Counter-Strike: Global Offensive on macOS that is also a trojan that could mine CryptoCurrencies without user consent. According to VirusTotal Retrohunt, the threat is in the wild since the beginning of July 2017. Warning: At the time of this writing, all […]

READ MORE

Measuring the Usefulness of Multiple Models

The past several years have seen a massive increase in products, services, and features which are powered or enhanced by artificial intelligence — voice recognition, facial recognition, targeted advertisements, and so on. In the anti-virus industry, we’ve seen a similar trend with a push away from traditional, signature-based detection towards fancy machine learning models. Machine […]

READ MORE

Dissecting NotPetya: So you thought it was ransomware

By Caleb Fenton, Joseph Landry, Nir Izraeli, Itai Liba, and Udi Shamir, Senior Security Researchers, SentinelOne Labs NotPetya was in the news this week, making headlines for being yet another ransomware attack that spread like fire – affecting organizations in several verticals across 65+ countries, drawing comparisons with the WannaCry attack that recently hit over […]

READ MORE

Petya/NotPetya ransomware: What you need to know

Our SentinelOne research team is actively monitoring the Petya/NotPetya ransomware outbreak and we will update this blog post as more technical information about this attack is discovered. SentinelOne is proactively protecting customers against this latest strain. All SentinelOne customers using SentinelOne Enterprise Protection Platform are proactively protected against this outbreak.* Customers should also ensure that […]

READ MORE

Are we done with WannaCry?

Several customers and industry analysts frequently ask us (and other vendors) about independent validation of our capabilities. We wanted to share information about a recent test conducted by MRG-Effitas to validate the effectiveness of various traditional and next-generation endpoint security suites against the EternalBlue and Doublepulsar exploits/backdoor. These threats were unearthed by “The Shadow Brokers” […]

READ MORE