Threat Research

Securonix Threat Labs Initial Coverage Advisory: Detection of PrintNightmare Windows Print Spooler Exploitation Activity (CVE-2021-1675, CVE-2021-34527)

Introduction Securonix Threat Labs R&D/Securonix Threat Research team has been actively monitoring and investigating the details of the critical PrintNightmare attacks (see Figure 1) [1, 3] targeting zero-day Microsoft Windows Print Spooler Service RCE Vulnerabilities (CVE-2021-1675, CVE-2021-34527). Below are some...
Read More

Threats from the Wild - Episode 3: Multi-Factor Authentication (MFA) Bypass 101: Pass-the-Cookie/Pass-the-Identity (PTC/PTI) Attack Detection Using Logs

The significant increase in remote work/work-from-home (WFH) over the past year as well as the recent high-profile attacks bypassing MFA that involved Solarwinds and cloud providers have heightened the need for the blue teams to better understand and detect attempts...
Read More

Securonix Threat Labs Initial Coverage Advisory: Darkside Ransomware Targeting Critical Infrastructure Providers

Introduction Securonix Threat Labs R&D/Securonix Threat Research team has been actively monitoring and investigating the details of the critical targeted Darkside ransomware attacks (tracked by Securonix Threat Research as RE$HOOD) with some of the recent victims including Colonial Pipeline Networks,...
Read More

Threats from the Wild - Episode 2: HAFNIUM/Exchange Aftermath: Blue Team Perspective

In this session, Oleg Kolesnikov, VP of Threat Research at Securonix Threat Labs, will share: The latest technical insights into the HAFNIUM/Exchange attacks activity in the wild observed by the Securonix Threat Labs. A demonstration of the HAFNIUM/Exchange ProxyLogon/post-exploitation attack...
Read More

On HAFNIUM/CHOPPERWAVE Exchange Server Attacks Detection Using Security Analytics

The Securonix Threat Research (STR) team is actively monitoring, investigating, and proactively hunting for the critical ongoing HAFNIUM (tracked by STR as CHOPPERWAVE) attacks and the related malicious activity. We are also tracking cryptomining implants and ransomware operator placement attempts...
Read More

Threats from the Wild - Episode 1: Detecting Future Variants of Sunburst

The SolarWinds/SUPERNOVA attack targeted the National Financial Center (NFC), an agency inside the U.S. Department of Agriculture that reportedly handles payroll for several government organizations, including the State Department, FBI, Treasury Department, and the DHS. Today, we continue to see...
Read More

Detecting SolarWinds/SUNBURST/ECLIPSER Supply Chain Attacks

The Securonix Threat Research (STR) team has been actively investigating the critical ongoing SolarWinds Orion/SUNBURST supply chain attacks (monitored by STR as ECLIPSER) with some of the recent victims being one of the leading security vendors as well as a...
Read More

Detecting WastedLocker Ransomware Using Security Analytics

The Securonix Threat Research Team (STR) is actively investigating the details of the critical targeted Wastedlocker ransomware attacks that reportedly already exploited more than 31 companies, with 8 of the victims being Fortune 500 companies, to help our customers detect,...
Read More

Securing Your Remote Workforce - Detecting Teleconferencing Tools Attacks in the Work-From- Home (WFH) World - Part 2

The Securonix Threat Research team has recently been observing a number of new attacks/ security issues reported involving different remote workforce teleconferencing applications (TA), including Zoom, Cisco Webex, and Microsoft Teams. Some examples of the attacks/exploits reported include Zoom UNC...
Read More

Securing Your Remote Workforce - Detecting the Latest Cyberattacks in the Work-From-Home (WFH) World: Part 1

In recent weeks, as many businesses have been rushing to institute a shift to remote work due to the COVID-19/coronavirus situation, we have been observing malicious threat actors attempting to exploit an increasing number of the associated cyberattack vectors. Download...
Read More

Detecting High-Impact Targeted Cloud/MSP $14M+ Ryuk and REvil Ransomware Attacks

The Securonix Threat Research Team has been actively investigating the details of recent, critical targeted ransomware attacks against healthcare and data center cloud and managed service providers (MSP) that have been reported over the past couple of weeks. These attacks...
Read More

Detecting LockerGoga Targeted IT/OT Cyber Sabotage/Ransomware Attacks

The Securonix Threat Research Team has been closely monitoring the LockerGoga targeted cyber sabotage/ransomware (TC/R) attacks impacting Norsk Hydro (one of the largest aluminum companies worldwide), Hexion/Momentive (a chemical manufacturer), and other companies’ IT and operational technology (OT) infrastructure, causing...
Read More