Category: Endpoint Security
Leonardo S.p.A. Data Breach Analysis
Published 9 days ago
ReaQta Threat Intelligence Team identified the malware used in an exfiltration operation against the defence contractor Leonardo S.p.A. The analysis of the malware, which we dubbed Fujinama, highlights its capabilities for data theft and exfiltration while maintaining a reasonably low-profile.
What is Managed Detection and Response (MDR)?
Published 2 months ago
Opting for MDR services goes a long way in protecting an organization, especially on a round-the-clock basis. Staying protected against cyber attacks, even in the dead of night, helps to detect and manage possible attackers very early in the process, reducing mitigation costs, containing any interruption to business continuity and preventing data from being exfiltrated. […]
Dridex: the secret in a PostMessage()
Published 7 months ago
Dridex is a well-known banking malware that evolves constantly. This time we analyze a new variant that uses an effective technique to bypass security solutions.
ReaQta Launches ReaQta-EON and Hive-Guard
Published 7 months ago
Introducing two new additions to the ReaQta suite of solutions, ReaQta-EON and Hive Guard.
Meet HIVE GUARD: The Anti-Malware Module
Published 7 months ago
ReaQta’s Anti-malware module Hive Guard adds pre-execution dynamic emulation, behavioral heuristics and signature-based prevention combined with a new A.I. based analysis module.
Oil and Gas Supply-chain Phishing Campaign
Published 8 months ago
ReaQta has been tracking an extensive and long running spear-phishing campaign, targeting the supply-chain in the Oil & Gas industry, most likely for espionage purposes. The campaign started in 2018 and it’s still running today, with a new wave began on the first week of May. It is carefully prepared and executed, with attackers taking […]
MITRE ATT&CK Evaluation Confirms ReaQta-Hive Advanced Detection Capabilities
Published 8 months ago
The attack unfolded over 2 days in which the attackers gradually moved deeper into the network after obtaining initial access. The vast majority of operations were carried out using powershell, as opposed to custom tools and malware, in order to maintain a low detection profile. The evaluation goal is to show how tested solutions respond to the attack and what kind of visibility is provided along the entire kill-chain.
Staying Safe while Everyone is Remote
Published 9 months ago
You’re probably reading this from your laptop, likely from home, while connected over WiFi to your corporate VPN and waiting for a remote meeting that’s about to start in 30 minutes. Welcome to the new normal. More than a billion people today are, like you and me, working from home – and chances are that […]
Attackers are Starting to Exploit Vulnerable Drivers – Are Defenders Ready?
Published 10 months ago
Criminal actors are now using a bug in a legitimate driver to launch RobbinHood, a new type of ransomware that can escape detection as it operates at kernel level. Understanding how RobbinHood works is key to understanding how to stop novel kind of attacks relying on trusted components.
Hunting Fileless Malware: Invisible but not Undetected
Published 1 year ago
Fileless malware attacks are a growing concern in cyber-security with an interesting history that dates back to 2001. After remaining almost silent for several years, this type of threat began to gain fresh traction in 2014 with new concepts introduced at a fast pace. Today such attacks are so common that new strategies had to […]
ReaQta Behavioral Engine and Virustotal
Published 2 years ago
Over the past 3 months ReaQta has been working closely with VirusTotal to integrate ReaQta-Hive‘s behavioral engine, today we are excited to announce that the integration is complete and available to the public. VirusTotal is a free service that analyzes files and URLs to detect malicious content, the platform is well-known among security researchers as it […]
Gootkit Campaign Targeting Italian Government Institutions
Published 2 years ago
ReaQta has found evidence of an active Gootkit trojan campaign with focus on Italian government institutions. We began tracking the campaign since the end of November 2018 and so far it showed a very low detection rate.
Proactive Threat Hunting with A.I.
Published 2 years ago
Proactive Threat Hunting helps in the early detection of new threats and in the discovery of weak spots that can be leveraged by an attacker to gain or maintain access to an infrastructure. Traditional IOCs, combined with ATT&CK Mitre TTPs and Artificial Intelligence for discovery of new behaviors raises the bar for the attackers, helping responders to identify […]
From False Positive to True Positive: the story of Mavinject.exe, the Microsoft Injector
Published 3 years ago
Mavinject is a legitimate Windows component that can be used, and abused, to perform arbitrary code injections inside any running process. As this is a common component on Windows, it can be leveraged to perform living-off-the-land attacks.
Must know before buying an endpoint security system
Published 5 years ago
Cyber security is a hot topic. Quite frankly it always was an interesting subject, though today threats have been advancing at an alarming rate, companies are increasingly more concerned about their data, especially after the amount of data breaches reported this year and actively pursuing strategies to build better guards for their intellectual property.