Blog

Threat Research

Good for Evil: DeepBlueMagic Ransomware Group Abuses Legit Encryption Tools

Jason Hill

Jason Hill

A group known as "DeepBlueMagic" is suspected of launching a ransomware attack against Hillel Yaffe Medical Center in Israel, violating a loose "code of conduct" that many ransomware groups operate...

Lessons from the Twitch Data Leak

Dvir Sason

Dvir Sason

What happened? Increasingly covered by the mainstream press throughout Wednesday, October 6, 2021, the impact of the recent Twitch leak will undoubtedly grow as bad actors take advantage of the...

Return of the Darkside: Analysis of a Large-Scale Data Theft Campaign

Snir Ben Shimol

Snir Ben Shimol

Our team has recently led several high-profile investigations of attacks attributed to an up-and-coming cybercrime group, Darkside ransomware

How to Unpack Malware with x64dbg

Neil Fox

Neil Fox

This article is an x64dbg tutorial in which reverse engineering malware methodology will be explained and demonstrated.

February 2021 Malware Trends Report

Ben Zion Lavi

Ben Zion Lavi

This Februrary 2021 malware trends report is intended to help you better understand the evolving threat landscape and adapt your defenses accordingly.  

SolarWinds SUNBURST Backdoor: Inside the Stealthy APT Campaign

Snir Ben Shimol

Snir Ben Shimol

Learn how detect and defend against the SolarWinds Sunburst malware that has compromised versions of SolarWinds’ Orion solution

November 2020 Malware Trends Report

Ben Zion Lavi

Ben Zion Lavi

This Malware Trends Report November 2020 is intended to help you better understand the evolving threat landscape and adapt your defenses accordingly.

Exploiting BGInfo to Infiltrate a Corporate Network

Dolev Taler

Dolev Taler

This post details how a clever attacker can embed a path to a malicious script within a BGInfo config file (.bgi), bypass email security, and execute code remotely.

A Queen’s Ransom: Varonis Uncovers Fast-Spreading “SaveTheQueen” Ransomware

Ben Zion Lavi

Ben Zion Lavi

A new strain of ransomware encrypts files and appends them with the extension, “.SaveTheQueen,” and propagates using the SYSVOL share on Active Directory Domain Controllers. Our customers encountered this malware...

Varonis Exposes Global Cyber Campaign: C2 Server Actively Compromising Thousands of Victims

Dolev Taler

Dolev Taler

The Varonis Security Research team discovered a global cyber attack campaign leveraging a new strain of the Qbot banking malware. The campaign is actively targeting U.S. corporations but has hit networks...

Azure Skeleton Key: Exploiting Pass-Through Auth to Steal Credentials

Eric Saraga

Eric Saraga

EDIT: Security researcher Adam Chester had previously written about Azure AD Connect for Red Teamers, talking about hooking the authentication function. Check out his awesome write-up here. Should an attacker...

COVID-19 Threat Update #1

Kilian Englert

Kilian Englert

Varonis sees the highest number of VPN and O365 events ever recorded across customer base. Click to watch our security experts discuss what they’re seeing on the front lines, and what...

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.