Contact Us

1 (800) 723-1166 |

News & Views

On September 27, 2016 Forcepoint Security Labs noticed that the Russian boxing site allboxing[.]ru was compromised. The site is injected with code that attempts to silently redirect users to a third party website containing an exploit and a Russian banking trojan. The injected code employs several evasion tactics, and ensures that the redirect only occurs when there is significant user interaction on the website.

Hiding in Plain Sight

The site allboxing[.]ru is a very popular... Read More

An immediate advantage of cloud computing is that cloud-based data and applications are not limited by physical perimeters. Because cloud storage can expand and contract as organizations’ business needs demand, it’s an increasingly popular and cost-effective alternative to on-site data storage. However, while the cloud itself has no concrete confines, it is not exempt from the legal consequences of geographical borders and boundaries.

Data residency and data sovereignty laws require... Read More

Olga B. - Sr. Manager, Forcepoint Security Labs, San Diego, CA

Tell us what you do in 40 words or less.

I am a Sr. Manager at Forcepoint Security Labs, specializing in security consulting. Our team works with customers and prospects on strategic initiatives that typically involve strengthening security posture through understanding the security landscape, exposing policy weaknesses, and defining strategy.

Why did you choose Security Consulting?

The... Read More

Throughout September 2016 we have observed an actor sending malware to Canadian nationals by e-mail. Upon investigation we have determined the malware payload to be DELoader, which downloads a Zeus variant banking trojan upon execution.

E-mail Lures

The e-mails typically pretend to be from the Canada Revenue Agency (CRA) claiming that the individual has a tax payment outstanding.

The e-mails contain an MSG attachment with an embedded OLE object. This is not a... Read More

Securing Patient Information in the Accelerated Move to Electronic Health Records (EHR)

Data protection is never more important than when it comes to a person’s health information. With the enacting of the Affordable Care Act, healthcare providers in the public and private sectors saw increased incentives to switch to Electronic Health Records (EHR); however, much of the industry lacks the cybersecurity infrastructure and knowledge to properly support this transition, according to a... Read More

On September 1, 2016 a new trojan downloader became available to purchase on various Russian underground forums. Named "Quant Loader" by its creator, the downloader has already been used to distribute the Locky Zepto crypto-ransomware, and Pony (aka Fareit) malware families.

Locky Zepto & Pony E-mail Campaign

On September 12, 2016 Forcepoint Security Labs™ noticed an e-mail campaign which was typical of one we mainly see distributing the Locky or Dridex botnet 220 malware... Read More

Top Five Security Capabilities I Wanted 10 Years Ago [Part Three]

By Doug Copley, Forcepoint Deputy CISO

I continue today with the next in my blog series of the Top Five security on my wish list in 2006. To recap, here’s the items I’ve discussed so far:

Web security that was more than URL filtering, and worked off-network The ability to detect and block threats BEFORE they were delivered to users

As I share my perspectives on #3, efficiency is the main theme.... Read More

Top Five Security Capabilities I Wanted 10 Years Ago [Part Two]

By Doug Copley, Forcepoint Deputy CISO

Yesterday, I began a Top Five blog series on security technologies I really wanted in 2006 that are now available. Part one began at the bottom with #5 - web security. As we step up to #4 in my Top Five list, you’ll discover my aspiration in 2006 to be proactive, not reactive.

#4 – I wanted technology that would identify threats and block them BEFORE they were... Read More

Dridex has drastically reduced in volume throughout 2016. Actors are now appearing to prefer crypto-ransomware such as Locky over the infamous banking trojan. However, Dridex is still being actively developed.  Here is Forcepoint Security Labs we have seen a number of changes and improvements over the last few months.

Command-and-Control (C&C) Blacklisting

The initial Dridex executable is known as the Dridex Loader.  It is responsible for checking in to its C&C servers, ... Read More

Top Five Security Capabilities I Wanted 10 Years Ago [Part One]

By Doug Copley, Forcepoint Deputy CISO

Anyone whose job requires them to focus on information security is well aware of how fast the industry changes. Just look at the 1,000 or so vendors/researchers/consortiums who were present at RSA and Black Hat in 2016, and you can understand how difficult it can be to stay current on security technologies and practices. In a series of five blogs, I’d like to pause a minute... Read More