1. Shining a Light on Xenon: Unravelling the Crypter

    We've recently observed a new crypter called Xenon used to deliver Locky, a strain of ransomware, and Ruckguv, a type of malware that can download and install other types of malware. Xenon employs a novel trick to bypass debuggers, which we’ll describe here along with the techniques it uses. We … READ MORE

  2. Cyber-Brexit: The Chance for a Cybersecurity Renaissance

    Well Britain, you’ve done it. The referendum is over and it's time to start thinking ahead about how the UK will reconcile its new laws and regulations. I believe that the UK could be at the beginning of a cybersecurity Renaissance, and I’ll explain why. At this point, it is uncertain how lo … READ MORE

  3. Findings from Analysis of DNC Intrusion Malware

    The Security Consulting team here at Fidelis specializes in investigations of critical security incidents by advanced threat actors. Last week, after Guccifer 2.0 claimed responsibility for the intrusion into the Democratic National Committee’s (DNC) servers, we were provided with the malware … READ MORE

  4. Understanding the Web Shell Game

    What can bad guys use to launch a ransomware attack, facilitate an email spamming platform, or ensure persistent access to an enterprise? Compiled malware and compromised credentials could work. But web shells provide an even more stealthy way to establish a beachhead and quietly hide on the net … READ MORE

  5. Building a Business Case for Security that the CFO Can Understand

    One of the biggest challenges when you go shopping for new security tools is answering the inevitable question from finance: “What’s the value?” Determining the ROI of a new security product isn’t always an exact science. There are no hard and fast rules to follow – which is why generic … READ MORE

  6. New Ursnif Variant Targeting Italy and U.S.

    Fidelis Cybersecurity has been investigating a new variant of Ursnif, a family of trojans that captures and reports information about user activity back to the attacker. We recently observed the variant distributed in phishing runs designed to appear as legitimate banking-related emails. On infe … READ MORE

  7. Attacker vs. Victim: Investigating an Incident from Both Perspectives

    At InfoSecurity Europe in June, I will be showing a demonstration of what we call: “Attacker vs. Victim”, which uses real zero days, malware and tools to compromise a fictitious company and steal data. The purpose of this demo is to show executives, media and security practitioners what an ac … READ MORE

  8. Vawtrak Trojan: Bank on it Evolving

    On May 12, 2016, Fidelis Cybersecurity witnessed an update to Vawtrak malware, a banking trojan, spread via an email campaign using subpoena- and lawsuit-related themes. The configurations observed in this campaign point to an attempt to harvest user credentials when visiting accounts on major f … READ MORE

  9. Welcome to the Jungle: Tips for Staying Secure When You’re on the Road

    The summer travel season is right in front of us. While the jungle may not be your intended destination, that’s exactly where you’re likely to find yourself. When you walk out the door with your smartphone and laptop, you become a high-value target. Your individual privacy and your employer … READ MORE