On March 18th, 2021, the DNSWatch Tailored Analysis Team received an email from an internal WatchGuard employee who deemed the email as suspicious. The initial email included an attachment with the title Attachment_57904. A DNSWatch Analyst performed an initial assessment of the file in search of any malicious indicators or behaviors only to discover that the file was a heavily … [Read more...]
PowerShell, the Double-Edged Sword
Eset researchers recently revealed some rather sophisticated fileless malware samples that cyber criminals use. Fileless malware is malicious software that only runs directly in computer memory, making it more difficult for traditional malware products to detect. The WatchGuard Threat Lab predicted a general rise of fileless malware during 2019, but more specifically forecasted … [Read more...]
Source Code Analysis: Exobot
WatchGuard recently released its Internet Security Report (ISR) for Q4 2018. In addition to the many interesting details of malware attacks, IPS hits, and top security incidents, there is also a Threat Research section that covers the Exobot malware campaign. You can listen to The 443 Podcast’s overview of the report if that’s your groove. This post is not a regurgitation of … [Read more...]
Evasive Malware & No More Patch Day – WSWiR Episode 151
In one short week there's been two new variants of evasive malware, a zero day flaw in a popular blogging framework, some proof-of-concept GPU malware, and a major change to the biggest OS vendor's patching cycle. How is one poor IT guy to keep up with this every changing Information Security (InfoSec) news? Don't worry. We got you covered in our weekly InfoSec news round … [Read more...]
WatchGuard Sees Evasive Malware – Daily Security Byte EP.79
A few days ago, I told you about Rombertik, an evasive threat that can sneak past signature antivirus, and some sandboxes. This week we also learned about a new variant of Dyre, that uses similar evasive techniques against sandboxes as well. In today's video, learn why WatchGuard's sandbox is not fooled by these new evasions. (Episode Runtime: 2:42) Direct YouTube … [Read more...]