Results for threat reasearch

Prevalent Threats Targeting Cuckoo Sandbox Detection and Our Mitigation

In this blog post, we will discuss the history of sandbox detection. We will then unveil the malware families that KTIS has observed from spear-phishing emails that attempt to bypass the user-mode API hook in order to evade sandbox detection. And finally, we will share the mitigation method we use to harden the Cuckoo sandbox against this bypass technique.

By Floser Bacurio and Wayne LowJanuary 03, 2018

Threat Research

FortiGuard Labs Telemetry – Round up of 2016 IoT Threats (Part 3) – IP Cameras

IP cameras were the second most attacked devices in 2015, at around 363,000 hits. But in 2016 the number dropped to approximately 36,000 hits

By Gavin ChowMarch 20, 2017

Threat Research

We’re Up All Night to Get Locky

VB 2016 Presentation – Oct 5-7, Denver When we first saw and analyzed Locky back in February, we immediately had a hunch that it was the work of seasoned criminals. The tell-tale signs were strong: massive spam runs were used to spread the ransomware, the malware used domain generation algorithm, the HTTP C2 communication was encrypted (the first version, that is), and the ransomware note was multilingual. The conclusion of our first Locky blog reads: “We also predict that Locky ransomware will be a major player in the ransomware...