Guardicore Labs

Guardicore Labs is a global research team, consisting of hackers, cybersecurity researchers and industry experts. We publish our cyber security research and provide analysis, insights and response methodologies to the latest cyber threats as well as lead and participate in academic research. We are also the core maintainers of the Infection Monkey, a popular open-source network resiliency test tool

Guardicore - The Bondnet Army: Questions & Answers

The Bondnet Army

Guardicore Labs has recently picked up Bondnet, a botnet of thousands of compromised servers of varying power. Managed and controlled remotely, the Bondnet is currently used to mine different cryptocurrencies and is ready to be weaponized immediately for other purposes such as mounting DDoS attacks as shown by the Mirai Botnet. Among the botnet’s victims are high profile global companies, universities, city councils and other public institutions.

Read More »
Guardicore - 0.2 BTC Strikes Back, Now Attacking MySQL Databases

0.2 BTC Strikes Back, Now Attacking MySQL Databases

Last week we first tweeted that the Guardicore Global Sensor Network (GGSN) has detected a wide ransomware attack targeting MySQL databases. The attacks look like an evolution of the MongoDB ransomware attacks first reported earlier this year by Victor Gevers. In this post we will describe in detail the attack flow and provide some recommendations on how to protect your databases from similar attacks along with attack IoCs.

Read More »
Guardicore - The Oracle of Delphi Will Steal Your Credentials

The Oracle of Delphi Will Steal Your Credentials

It was one of those warm summer nights, no clouds, just a bright full moon lighting the way. Someone had unknowingly stumbled upon our honeypot, completely unaware of the fact that her every move was recorded and fully analyzed. Thanks to our deception technology, we could easily reroute the attacker, making her believe she reached her real target.

Read More »
Guardicore - Infection Monkey Is on the Loose!

Infection Monkey Is on the Loose!

Today we are releasing the Infection Monkey, our inhouse tool for testing a data center’s resiliency to perimeter breaches and internal server infection. The Infection Monkey is a new open source security testing tool that we’ve developed at Guardicore to test the resiliency of modern data centers to attack. Being good sports, we are sharing it with the security community. Just pick a random machine, release the Infection Monkey and see where it ends up. Use our Monkey to test whether your security systems can detect, stop and contain real threats. The monkey is benign and does not pose any risk to your network.

Read More »
Guardicore - The PhotoMiner Campaign

The PhotoMiner Campaign

Over the past few months, we’ve been following a new type of worm we named PhotoMiner. PhotoMiner features a unique infection mechanism, reaching endpoints by infecting websites hosted on FTP servers while making money by mining Monero. The choice of a lesser known currency with a good exchange rate allows the attackers to rapidly gain money while the sophisticated use of safeguards makes it resilient to most disruption attempts, potentially leaving victims infected for years.

Read More »

Coming to Black Hat? Make sure you come say hi 👋