Blogs

Fighting the ransomware pandemic

Posted by Chris Morales on May 12, 2017 5:00:14 PM

What just happened?

A ransomware attack is spreading very rapidly among unpatched Windows systems worldwide. This morning, the attack was initially believed to target the UK National Health Service, but throughout the day, it has become apparent this is a global attack.

Kaspersky labs reported on Friday afternoon that at least 45,000 hosts in 74 countries were infected. Avast put the tally at 57,000 infections in 99 countries. All this, during just 10 hours. Of those infected hosts, Russia, Ukraine and Taiwan were the top targets.

Read More »

Topics: Cyberattacks, cyber security, Ransomware, Threat Labs, AI, Attacker Detection, threat research, bitcoin, Windows vulnerability, attacker behavior, shadow brokers


An analysis of the Shamoon 2 malware attack

Posted by Greg Linares on Feb 7, 2017 11:03:14 AM

Saudi officials recently warned organizations in the kingdom to be on the alert for the Shamoon 2 malware, which cripples computers by wiping their hard disks. In 2012, Shamoon crippled Saudi Aramco and this new variant was reportedly targeted at the Saudi labor ministry as well as several engineering and manufacturing companies.

During a recent analysis, Vectra Networks came across a malicious component that appears to be used in conjunction with spear-phishing-delivered malicious documents.

Read More »

Topics: cybersecurity, Threat Labs, AI, threat research


Moonlight – Targeted attacks in the Middle East

Posted by Chris Doman on Oct 26, 2016 1:30:00 AM

Vectra Threat Labs researchers have uncovered the activities of a group of individuals currently engaged in targeted attacks against entities in the Middle East. We identified over 200 samples of malware generated by the group over the last two years. These attacks are themed around Middle Eastern political issues and the motivation appears to relate to espionage, as opposed to opportunistic or criminal intentions.

Read More »

Topics: Targeted Attacks, Malware Attacks, cyber security, Threat Labs


Triggering MS16-030 via targeted fuzzing

Posted by Bill Finlayson on Oct 11, 2016 11:05:35 AM

The need to analyze the patch for MS16-030 recently presented itself to us due to some related product research.  After the analysis was complete, we realized that the attack surface of the patch was pretty interesting and determined it may be beneficial to share part of the analysis.  This post will focus on triggering a patched bug from MS16-030.

Read More »

Topics: fuzzing, patch analysis, Microsoft, Threat Labs, reverse engineering


Subscribe to the Vectra Blog



Follow us