Security Research

Posted on

Dissecting NotPetya: So you thought it was ransomware

By Caleb Fenton, Joseph Landry, Nir Izraeli, Itai Liba, and Udi Shamir, Senior Security Researchers, SentinelOne Labs NotPetya was in the news this week, making headlines for being yet another ransomware attack that spread like fire – affecting organizations in several verticals across 65+ countries, drawing comparisons with the WannaCry attack that recently hit over […]

READ MORE
Posted on

Petya/NotPetya ransomware: What you need to know

Our SentinelOne research team is actively monitoring the Petya/NotPetya ransomware outbreak and we will update this blog post as more technical information about this attack is discovered. SentinelOne is proactively protecting customers against this latest strain. All SentinelOne customers using SentinelOne Enterprise Protection Platform are proactively protected against this outbreak.* Customers should also ensure that […]

READ MORE
Posted on

Armory Sandbox – Building a USB analyzer with USB armory

Some time ago a friend received a mysterious USB pen with a note talking about some kind of heavily persistent malware. He had that USB pen stored untouched and of course my curiosity took over. Since one should never plug in unknown USB devices into a computer (well, any USB device we purchase is unknown […]

READ MORE
Posted on

“Zusy” PowerPoint Malware Spreads Without Needing Macros

By Caleb Fenton and Itai Liba, Senior Security Researchers, SentinelOne Labs A new variant of a malware called “Zusy” has been found in the wild spreading as a PowerPoint file attached to spam emails with titles like “Purchase Order #130527” and “Confirmation”. It’s interesting because it doesn’t require the user to enable macros to execute. […]

READ MORE
Posted on

New “Widia” Ransomware Asks for Credit Card for Payment

By Caleb Fenton and Itai Liba, Senior Security Researchers, SentinelOne Labs While hunting for new types of undetected ransomware, we came across a sample we’re calling Widia. Below is the ransom note it displays once it’s infected the device: Your documents, photos, databases and other important files have been encrypted with the strongest encryption and unique […]

READ MORE
Posted on

Introducing: SentinelOne Enterprise Risk Index

SentinelOne’s new Enterprise Risk Index (ERI) provides new evidence of the proportion of attacks that simply cannot be stopped by traditional, static, file inspection security solutions. It’s further proof that attack methods have rendered AV redundant. The ERI is intended as a resource on the commonly encountered threat vectors seen in production environments, as well […]

READ MORE
Posted on

SentinelOne Detects Shadow Broker Binaries with DFI

Waves of panic were sent through the cybersecurity community as suspected NSA spying tools were released by the Shadow Broker group. What appeared to be potentially one of the most damaging releases of nation-state tool, zero-day exploits was quickly neutralized. Microsoft came forward to announce that although the files contained about 20 different Windows-based exploits, […]

READ MORE
Posted on

CVE-2017-0199: What REAL 0-Day Vulnerability Protection Looks Like

News of a Microsoft Word 0-day vulnerability spread like wildfire this week. Discovered by FireEye, the attack uses is executed when a user opens a Word attachment that includes a malicious OLE2 (Object Linking and Embedding) embedded in a specially-crafted Word document that can then spread the Dridex banking Trojan. The 0-day vulnerability, CVE-2017-0199, was […]

READ MORE
Posted on

Malware Analyst’s Guide to Bitcoin

Why Should You Care? Criminals are using Bitcoin and other cryptocurrencies for handling payments for selling stolen data, hacking services such as DDoS, and for ransomware payments. If you want to follow the money and better understand threat actors, you’ll need to understand Bitcoin and how to analyze transactions.bitcoin It’s important to keep up with […]

READ MORE