SentinelOne Intelligence Reports

Posted on

Introducing: SentinelOne Enterprise Risk Index

SentinelOne’s new Enterprise Risk Index (ERI) provides new evidence of the proportion of attacks that simply cannot be stopped by traditional, static, file inspection security solutions. It’s further proof that attack methods have rendered AV redundant. The ERI is intended as a resource on the commonly encountered threat vectors seen in production environments, as well […]

READ MORE
Posted on

SentinelOne Detects Shadow Broker Binaries with DFI

Waves of panic were sent through the cybersecurity community as suspected NSA spying tools were released by the Shadow Broker group. What appeared to be potentially one of the most damaging releases of nation-state tool, zero-day exploits was quickly neutralized. Microsoft came forward to announce that although the files contained about 20 different Windows-based exploits, […]

READ MORE
Posted on

Anatomy of CryptoWall 3.0 Virus – a look inside ransomware code & tactics

Background CryptoWall is a new and highly destructive variant of ransomware. Ransomware is malicious software (malware) that infects your computer and holds hostage something of value to you in exchange for money. Older ransomware used to block access to computers. Newer ransomware, such as CryptoWall, takes your data hostage. With CryptoWall, thieves use asymmetric encryption, […]

READ MORE
Posted on

OSX.IronCore.A or what we know about OSX.FlashImitator.A

On December 12th, Apple updated XProtect, OS X’s built-in malware detection tool, to include a signature for OSX.FlashImitator.A. We analyzed the matched file and found even more samples. For some time now, OS X has been the target of Download Valley companies such as Genieo Innovation and Conduit, until Apple published an adware removal guide. This […]

READ MORE
Posted on

Control Panel in New Zeus Variant Reveals Sophistication of Crime Rings

SentinelOne recently discovered a new variant of the Zeus online banking malware that is targeting Canada’s largest banks including: Bank of Montreal (BMO), Royal Bank of Canada (RBC) and National bank of Canada. The most interesting findings we made were in the control panel used by the attackers. More on that a little later. This […]

READ MORE
Posted on

2015 Predictions Report: Hostage-Ware, OS X, Power Grids and More

Based on our predictive execution inspection technology, which monitors every process on machines it protects, we have unique visibility into advanced attacks. For example, earlier this year our researchers discovered and reported on government grade attack code being used to make ransomware invisible. As a result, we are regularly called upon by law enforcement and […]

READ MORE
Posted on

The case of the Gyges, the invisible Malware

Government-Grade now in the Hands of Cybercriminals In March 2014, the Sentinel Labs Research Lab detected a sophisticated piece of malware dubbed Gyges that is virtually invisible and capable of operating undetected for long periods of time. We first detected Gyges with our heuristic sensors and then our reverse engineering task force performed an in-depth […]

READ MORE