Securonix Threat Research

Securonix Threat Research: British Airways Breach: Magecart Formgrabbing Supply Chain Attack Detection

The data breach suffered by British Airways earlier this year affected around 380,000 customers and resulted in the theft of customer data including personal and financial details. The attack was highly targeted and utilized customized JavaScript/digital card skimmers loaded from...
Read More

Securonix Threat Research: KRONOS/Osiris Banking Trojan Attack

The KRONOS malware was first discovered in June 2014 as a Banker Trojan available for purchase in a Russian underground forum for $7,000. After staying dormant for few years, a new variant of KRONOS, known as Osiris, was discovered in...
Read More

Securonix Threat Research: Cosmos Bank SWIFT/ATM US$13.5 Million Cyber Attack Detection Using Security Analytics

The Securonix Threat Research team recently learned of a new high-profile cyber attack targeting SWIFT/ATM infrastructure of Cosmos Bank (COSDINBB), a 112-year old cooperative bank in India and the second largest in the country, resulting in over US$13.5 million stolen.
Read More

Securonix Threat Research: GandCrab Ransomware Attack

The GandCrab ransomware attacks are some of the most prevalent ransomware threats of 2018. In recent months, the GandCrab attackers were able to infect more than 50,000 victims and generate more than $600,000 in ransom payments from victims. Securonix Threat...
Read More

Securonix Threat Research: Cryptojacking Attacks

Cryptojacking is the unauthorized use of someone else’s computer to secretly mine cryptocurrency (also known as virtual or digital currency). According to a recent report from Fortinet, Cryptojacking attacks impacted over 28 percent of companies this year, a spike representing...
Read More

Securonix Threat Research: SamSam Ransomware Detection Using Security Analytics

SamSam is a prevalent ransomware that has been observed across multiple industries including healthcare, government, and critical infrastructure/ industrial control systems (ICS) in 2016, 2017, and 2018. In March, the ransomware targeted five of the Atlanta’s thirteen local government departments...
Read More

Securonix Threat Research: Olympic Destroyer aka NotPetya v2 “False Flag” Cyber Sabotage Attack Detection Using Security Analytics

Last month, we learned of a new cyber attack against the 2018 Winter Olympic Games in South Korea. Securonix Threat Research Team has been actively investigating and monitoring this attack since the attack was reported to help our customers understand...
Read More

Securonix Threat Research: Spectre and Meltdown Vulnerabilities

Securonix Threat Research Team (STR) has been actively investigating the details of the Spectre and Meltdown Side-Channel Information Disclosure Vulnerabilities since last week to help our customers mitigate/respond to the vulnerabilities.
Read More

Securonix Threat Research: Uber Hack: Software Code Repository/VCS Leaked Credential Usage Detection

Just about a week ago we learned of a new cyber attack, this time involving Uber–the leading ride-sharing app and company. Uber disclosed that it paid hackers $100,000 so that they would delete sensitive data stolen from Uber data stores....
Read More

Securonix Threat Research: Detecting Bad Rabbit Cyber Attack Using Security Analytics

On October 24, 2017, we learned of a new cyber attack involving the Bad Rabbit ransomware malicious implant (MI)/threat instance. Securonix Threat Research Team has been actively investigating and closely monitoring this attack since the attack was launched to help...
Read More

Securonix Threat Research: Equifax Cyber Security Data Breach Exposes 145.5 Million Personal Records

On September 7, 2017, we learned of a massive cyber attack/data breach targeting Equifax. Securonix Threat Research Team has been actively investigating the details of the attack to help our customers detect/mitigate/respond to such attacks. Here is a summary of...
Read More

Securonix Threat Research: Carbanak/FIN7/Anunak Reappears, Causes Losses

In August 2017, we learned of new attacks by a persistent malicious cyber threat actor known by the name of Carbanak aka FIN7 [1]. The most recent attack variants have been targeting mainly chain restaurants, hospitality, and casino industry in...
Read More