Threat Intelligence Thought Leadership

The threat intelligence leadership team at Cyphort has deep security industry experience. They are sought-after speakers, industry visionaries, and patent holders. Their combined wisdom provides security practitioners and customers with business strategy to stay ahead of and to thwart cyber-criminal exploits. Meet the team-

Dr. Mounir Hahad

Sr. Director Cyphort Labs

Mounir is Senior Director and the head of Cyphort Labs. He is responsible for Cyphort’s Threat Research, Threat Intelligence and for driving malware detection enhancements. […]

Nick Bilogorskiy

Sr. Director of Threat Operations

Nick Bilogorskiy is a founding team member at Cyphort, and is responsible for threat operations. He played a large role in designing Cyphort’s malware detection logic and […]

Threat Insights

Adwind Rat

Adwind is a backdoor written in JAVA and arrives thru spam email.  It’s a cross-platform Remote Access Tool (RAT) that can run on Windows, Mac OS, Linux and Android platforms. This malware is found to be sold in the dark web and was previously used by hackers to target banks. It has different names such as…

July 27th, 2017 by Joe Dela Cruz

Ransom BTCWare

BTCWare is a ransomware that first appeared around March 2017. We describe here the latest variant, called BTC.Aleta due to the extension used on the encrypted files. As one gets infected with this ransomware, they get greeted by this ransom note: Fig. 1. BTCWare ransom note Installation This ransomware first checks its presence on the…

July 25th, 2017 by Paul Kimayong

Jaff Ransomware

Jaff ransomware is a file encrypting malware that arrives via download by special crafted macro documents from spam emails. It encrypts users data with a “.jaff” file extension and then requests the victim pay a ransom. 1.) Files The following files are usually seen on the system: ReadMe.bmp ReadMe.html ReadMe.txt Encrypted files with extension “.jaff” The desktop wallpaper…

June 21st, 2017 by Joe Dela Cruz

Malware’s Most Wanted

Topic: The Rise and Fall of Angler

We have talked about the recent ransomware resurgence and now Cyphort Labs wants to spend some time on one of the most effective methods of delivering ransomware and that is exploit kits. In this edition we’ll, cover:

  • The evolution of exploit kits such as Angler, Nuclear, Rig and Neutrino
  • Show real examples of drive-by exploits in popular websites discovered in our crawler
  • Examine the relationship between exploits, kits and payload
  • Watch on-demand:
Director of Threat Operations
Nick Bilogorskiy
Date and time
On Demand

MMW Archive

Understanding Malware Lateral Spread Used in High Value Attacks

Speaker: Nick Bilogorskiy
Date and Time: On-Demand

APTs are known to use advanced Techniques, Tactics, and Procedures (TTP), including advanced malware design with protection layers, sandboxing evasion, and lateral movement inside penetrated networks to seek out high value targets. This webinar covers lateral movement techniques and methods used by past advanced threats, and how lateral movement of APT should help security defenders to better select and implement protection solutions.

Ransomware Resurgence: Locky and Other “New Cryptolockers”

Speaker: Nick Bilogorskiy
Date and Time: On-Demand

Ransomware has come a long way from non-encrypting lockscreen FBI scare warnings like Reveton. In 2016 alone, there have been new ransomware families popping up and we expect that to only pick up steam over the summer. In this edition of MMW, Nick Bilogorskiy, Nick will discuss, Locky, the new “it” ransomware and how it works and other new ransomware families and why it’s becoming the preferred monetization method for attackers. Attendees may opt in to receive a special edition t-shirt.

Malware Self-protection Matrix: From Anti-reversing to Anti-sandboxing

Date and Time: On-Demand

In this Malware’s Most Wanted Cyphort Lab’s Marion Marschalek sheds light on malware self-protection. The audience gets an overview of how malware evasion evolved over the years and how malware defense evolved with it, or vice versa as it occasionally happens in the digital arms race. The various observed anti-analysis tricks are put in relation to the respective counter measures in order to showcase challenges of modern day security products.

Machine Learning: The Gold Standard for Threat Detection

Date and Time: On-Demand

Machine learning is a powerful tool with many well-suited applications for malware detection, classification, and risk quantification. Despite its reputation as a “black box” component to an enterprise security solution, designing a robust machine learning model for malware detection is an involved process: its success hinges on understanding the problem you’re trying to solve, the underlying data you utilize, and most importantly, its limitations. In this Malware Most Wanted session, we analyze working models discuss the strengths, pitfalls, and high-level trade-offs of using machine learning for successful malware detection.

See the Anti-SIEM in Action.

Schedule a live demo at your convenience, and we’ll present the detection, analytics, and mitigation capabilities of the platform.