Threat Brief – Purple Fox Malware

By: Tyler Horner 2021-March-29 Executive Summary Purple Fox is an active malware campaign targeting Windows machines. Up until recently, Purple Fox’s operators infected machines by using exploit kits and phishing emails. Guardicore Labs have identified a new infection vector of this malware where internet-facing Windows machines are being breached through SMB password brute force. Guardicore Labs have also identified Purple Fox’s vast network of compromised servers hosting its dropper and […]

Understanding the Threat: Malvertising

Malvertising, is that even a word? This isn’t some cutesy Celebrity couple’s name, instead it is when Malware is delivered through the use of online advertising, hence the name “Malvertising”. This is a fan favorite among attackers because it can spread malware through legitimate websites without having to compromise the actual site.   How do they pull this off? We have all seen the ads over to one side while […]

Managed Security Monitoring for the SMB

The Need for Managed Security Monitoring in the SMB Space We received a call to work a malware incident at a small healthcare firm in the Pacific Northwest.  We contacted their IT Admin, got a remote session going and started collecting initial information to do some quick triage and find out what we were dealing with. Our Security Engineer quickly identified the malware as Synack Ransomware, and it had compromised […]

RANSOMWARE AS A SERVICE

SATAN RAAS Page

Ransomware as a Service (RAAS) Overview Just like you can go out and run your website on a Infrastructure as a Service platform or use a popular CRM system (rhymes with Gale’s Horse) that is referred to as Software as a Service, threat actors can get malware from platforms offering Ransomware as a Service, complete with customization, obfuscation, packing, a billing service so that the hacker and the RAAS folks […]

Understanding the Threat: Powershell Attacks

Wait a Minute, what is a “Powershell Attack” anyway? Attackers are always looking for ways to bypass security and Powershell has become a fan favorite among them. Powershell is present in every system that has Windows 7 or Windows Server 2008 and higher. It is primarily used for system administration and most companies don’t monitor Powershell activity. That along with the fact that Powershell scripts can deliver code without touching […]

Ransomware – Prevention & Recovery

Ransomware Ransomware attacks are on the rise.  If you, or someone you know has been hit then you know the sinking feeling that comes with having your personal or business data held hostage, and the feeling of helplessness that comes with the realization that you are at the mercy of criminals who are telling you to pay up or lose everything.  Take heart!  In this post, I will explain how […]