menu

Contact Us

1 (800) 723-1166 |

All Blogs

Forcepoint Security Labs™ recently investigated a trojanized RTF document which we tied to the Carbank criminal gang. The document contains an encoded Visual Basic Script (VBScript) typical of previous Carbanak malware. Recent samples of the malware have now included the ability to use Google services for command-and-control (C&C) communication. We have notified Google of the abuse and are working with them to share additional information.

Carbanak (also known as Anunak) are a... Read More

Introduction

by Nicholas Griffin and Roland Dela Paz

In October 2016 Forcepoint Security Labs™ discovered new versions of the MM Core backdoor being used in targeted attacks. Also known as “BaneChant”, MM Core is a file-less APT which is executed in memory by a downloader component. It was first reported in 2013 under the version number “2.0-LNK” where it used the tag “BaneChant” in its command-and-control (C2) network request. A second version “2.1-LNK” with the network tag “... Read More

By Dan Velez, Director, Insider Threat Operations

This is the season for New Year’s resolutions. Of course, we all realize that some of these “promises” are easier to keep than others. But if experience has taught us anything, it’s that we meet with more success here when our goals are tangibly beneficial and realistically achievable: We know what positive outcomes we’ll derive. And getting there won’t overwhelm us to the point where we quit.

We should take the same approach... Read More

The holidays are the perfect time to reflect on this year’s experiences, successes and resolutions for the impending New Year. While self-analysis can sometimes be a grey area, how employees treat data is much more black and white. If there’s anything 2016 has taught us, it’s that treatment of important data is just as important as the security tools organizations have in place. This is backed up by data of course, most recently with a Forrester Research study that saw a staggering... Read More

Forcepoint Named Best Network Security/Enterprise Firewall Winner in 8th Annual Government Security News Homeland Security Awards

Everyday federal agencies must counter and prevent a range of cyber threats designed to disrupt the most sensitive systems, data and applications on which they and our country’s critical missions depend. Forcepoint’s Stonesoft® Next Generation Firewall (NGFW) was designed to deliver the networking, scalability and security needed for our federal agencies... Read More

Like us, cybercriminals enjoy the festive season and that can sometimes reflect in their malicious activities. In 2011 we saw a Zeus banking trojan Panel - a user interface for herding Zeus-infected machines - with a Christmas-themed background. This time Forcepoint Security Labs™ has noticed that the CryptXXX gang have started to offer Christmas discounts to victims who intend to pay ransom.

Also known as UltraCrypter, CryptXXX is one of the active ransomware families currently in... Read More

First spotted in February 2016, the Locky crypto-ransomware has become a dangerous threat to both large organisations and residential users alike. In this blog we give a brief overview of what Locky is and cover the significant aspects of its infamous history.

What is Locky?

Locky is a crypto-ransomware which aims to infect machines, encrypt sensitive information, and hold the data to ransom by requesting a payment to get the files decrypted.

Locky actors aim to... Read More

On the first day of Christmas, our sales guy gave to me: A network-crushing phishing scam exploit.

On the second day of Christmas, the finance department gave to me: Two ransomware shutdowns, and another phishing scam exploit.

On the third day of Christmas, the CEO gave to me: Three botnets spamming, two more ransomware shutdowns and yet another phishing scam exploit …

OK, you get the picture by now: If it’s the holidays, your cybersecurity team members may be asking... Read More

What is Sledgehammer?

Operation Sledgehammer translated into Turkish is Balyoz Harekâtı, which was the name of a 2003 attempted military coup d'etat in Turkey. It’s also the name of a recent Distributed Denial of Service (DDoS) attack that targeted organizations with political affiliations that the attacker deems out of  line with Turkey’s current government. These organizations include the German Christian Democratic Party (CDU), The People’s Democratic Party of Turkey, the Armenian... Read More

The Horse Pill rootkit was presented at Black Hat 2016 by Michael Leibowitz, a security engineer and member of the Red Team at Intel. Horse Pill is a proof-of-concept Linux rootkit that demonstrates two interesting techniques: 1. infecting systems via the initial ramdisk, and 2. deceiving system owners using container primitives. In this article we explore those techniques and how our product, Forcepoint Threat Protection for Linux, fares against them.

Initrd Infection

The initial... Read More