Bait, Wait, Beat Ransomware

Attackers will always find a way to penetrate your perimeter defenses. If you are ‘lucky’ they will only steal the organization’s compute resources. In other cases, they will cause real damage, fast. Ransomware is becoming a big issue for too many organizations.

We’ve lately been approached by many of our users, asking how they can leverage the Centra security platform to fight ransomware. In this post we will talk about how our deception technology helps contain ransomware and minimize the inflicted damage.

Ransomware is dynamic in nature and changes frequently, making traditional security tools ineffective. Signature based solutions simply can’t keep track while more sophisticated heuristics based solutions can often be detected by the malware and evaded.

Read more

PhotoMiner Worm Spreads via Vulnerable FTP Servers, Mines for Crypto-Currency

PhotoMiner is a worm that propagates with the help of vulnerable FTP servers, infects public Web pages, spreads to Windows computers and sets up a mining process for the Monero crypto-currency. Security firm GuardiCore discovered the worm this past January, when it also published a quick summary of its abilities. In the meantime, the company found that the worm was created in early December 2015 and received several updates after its January write-up.
.

The PhotoMiner Campaign

Over the past few months, we’ve been following a new type of worm we named PhotoMiner. PhotoMiner features a unique infection mechanism, reaching endpoints by infecting websites hosted on FTP servers while making money by mining Monero. The choice of a lesser known currency with a good exchange rate allows the attackers to rapidly gain money while the sophisticated use of safeguards makes it resilient to most disruption attempts, potentially leaving victims infected for years.
We’ve documented thousands of attacks originating from hundreds of IPs, running similar attack flows while using different binaries. In this report we will share our research on the PhotoMiner’s timelines, infection strategies, C&C servers and provide tools to help detect the malware. Read more

GuardiCore Expands Executive Team with Additions of New Chief Financial Officer and Vice President North American Sales

New Chief Financial Officer Yaron Bartov and Vice President of Sales Nathan Perdue Bring Deep Industry Experience to Rapidly Growing Data Center Security Innovator

San Francisco, CA and Tel Aviv, Israel – GuardiCore, a leader in internal data center security and breach detection, today announced the appointment of Yaron Bartov as chief financial officer and Nathan Perdue as vice president of sales, North America. The additions augment the company’s already-impressive management team, providing additional expertise and leadership capable of supporting the company’s growth being fueled by the need for enhanced data center security.

Read more