Live Cyber Attack Lab 🎯 Watch our IR team detect & respond to a rogue insider trying to steal data! Choose a Session

X

Threat Research

Articles

SolarWinds SUNBURST Backdoor: Inside the Stealthy APT Campaign

Imagine if everyone with an Amazon Echo in their home had to assume it’s been unlocking their doors and letting a thief inside for the past 6 months. How would you...

Read More

November 2020 Malware Trends Report

This Malware Trends Report – November 2020 is a monthly round-up from the Varonis Forensics Team documenting activity observed while responding to incidents, performing forensics, and reverse engineering malware samples....

Read More

Threat Update #12 – Does Zerologon Change the Game?

Cybercriminals are using the Zerologon exploit to fast track lateral movement and privilege escalation. If left unpatched, the exploit lets attackers use the password of the primary domain controller to...

Read More

October 2020 Malware Trends Report

This report is a monthly round-up from the Varonis Forensics Team documenting activity observed while responding to incidents, performing forensics, and reverse engineering malware samples. This report is intended to...

Read More

Threat Update #10

An alert notifies you that something suspicious is going on. Minutes matter, so you call the Varonis Incident Response team to help. Security investigators must act fast, but where do...

Read More

Exploiting BGInfo to Infiltrate a Corporate Network

Executive Summary There is a remote code execution attack vector within BGInfo. A clever attacker can embed a path to a malicious script within a BGInfo config file (.bgi). If...

Read More

Azure Skeleton Key: Exploiting Pass-Through Auth to Steal Credentials

EDIT: Security researcher Adam Chester had previously written about Azure AD Connect for Red Teamers, talking about hooking the authentication function. Check out his awesome write-up here. Should an attacker...

Read More

A Queen’s Ransom: Varonis Uncovers Fast-Spreading “SaveTheQueen” Ransomware

A new strain of ransomware encrypts files and appends them with the extension, “.SaveTheQueen,” and propagates using the SYSVOL share on Active Directory Domain Controllers. Our customers encountered this malware...

Read More

Varonis Uncovers Another New Strain of the Qbot Banking Malware

We have discovered and reverse engineered another new strain of Qbot, a sophisticated, well-known type of malware that collects sensitive data, such as browser cookies, digital certificate information, keystrokes, credentials,...

Read More

Varonis Uncovers New Malware Strains and a Mysterious Web Shell During a Monero Cryptojacking Investigation

The Varonis Security Research team recently investigated an ongoing cryptomining infection that had spread to nearly every device at a mid-size company. Analysis of the collected malware samples revealed a...

Read More
 

Does your cybersecurity start at the heart?

Get a highly customized data risk assessment run by engineers who are obsessed with data security.