1. Vawtrak DGA Round 2

    Vawtrak, a.k.a. Neverquest, has been a prominent trojan in the banking world and numerous researchers have reported their findings about this malware. In August 2016, we blogged about the addition of a DGA to the banking trojan known as Vawtrak. The actors behind Vawtrak reacted to this attention … READ MORE

  2. Down the H-W0rm Hole with Houdini's RAT

    Commodity Remote Access Trojans (RATs) -- which are designed, productized and sold to the casual and experienced hacker alike -- put powerful remote access capabilities into the hands of criminals. RATs, such as H-W0rm, njRAT, KilerRAT, DarkComet, Netwire, XtremeRAT, JSocket/AlienSpy/Adwind and o … READ MORE

  3. Ten Impossible Things You Can Do with Metadata, Part 2

    Metadata gathered from your network can be a powerful ally in the battle against cyberattacks. In fact, you can do seemingly impossible things with the right metadata. In Part 1, we explored how metadata can help you spot phishing emails, find man-in-the-middle attacks, locate weak encryption and … READ MORE

  4. Podcast: How Experts Traced the DNC Hack to Russian Spies

    Bloomberg reporter Jordan Robertson recently sat down with Fidelis Cybersecurity Senior VP Mike Buratowski to discuss the malware and other data that attackers used to pull off the breach of the Democratic National Committee’s (DNC) servers. By examining the clues the attackers left behind, Mi … READ MORE

  5. Would You Re-Hire Your IPS Today?

    Network Intrusion Prevention Systems have been a mainstay of the network security stack for well over a decade. When they first entered the mainstream in the early 2000s, the iPhone hadn't been invented. We were still in the age of the PalmPilot (anyone remember using that stylus?). But, at the t … READ MORE

  6. The Anatomy of Good Deception

    Deception and crime go hand in hand. But knowing when you’re being deceived means you need to think like the bad guys and know what to look for. There are three elements of deception. To see these elements in action, we need look no further than a few notable cases -- including the alleged Rus … READ MORE

  7. Ten Impossible Things You Can Do with Metadata, Part 1

    Quick! What do you do when you think you’ve been compromised? It’s not a trick question (or the beginning of a bad joke). To investigate, you’d probably look for historical information that you could easily put your hands on. Usually that means pulling logs and NetFlow data to try and under … READ MORE

  8. TrickBot: We Missed you, Dyre

    In November 2015, the Dyre banking trojan seemingly disappeared overnight surprising security researchers worldwide. Months later it was announced that Russian authorities had arrested most of the gang responsible for its operations. Prior to that, it was a relatively rare act for Russian author … READ MORE

  9. Vawtrak C2 – Pin it

    For several years now, the Vawtrak trojan has been targeting banking and financial institutions, most recently in Canada as reported last week. The Fidelis Threat Research team recently analyzed a new variant to Vawtrak using HTTPS for C2 communications. Given what we've seen previously with Vawt … READ MORE