Trellix Advanced Research Center: Digest #9

Unmasking ViperSoftX: In-Depth Defense Strategies Against AutoIt-Powered Threats by James Murphy

There’s a common misconception that threat actors must always write complicated and custom code in every piece of their malware, skillfully evading defenses, infiltrating networks, and exfiltrating data. While this absolutely does occur, the reality is that even advanced and sophisticated threat actors often struggle with the same issues as regular workplaces - resourcing issues, time constraints, and occasionally even skill shortages - and are always looking for efficient ways to evolve their operations. When an opportunity presents itself to make a threat actor’s life easier, why not take it?

READ MORE

The Bug Report - August Edition by Jonathan Omakun

August isn’t just about heat waves and summer getaways for the Northern Hemisphere; it’s also when things get serious for students and cybersecurity pros. As organizations prep for the end of the fiscal year, upgrade systems, and ramp up for the fall, attackers are doing their homework. They’re ready to exploit any vulnerabilities left unpatched during the summer lull. So, while you’re buying new notebooks, make sure you’re also patching those systems. It’s time to sharpen your pencils and your defenses, because class is in session.

READ MORE

No Symbols? No problem! by Max Kersten

Malware analysts know it all too well: the ominous feeling that washes over you when opening an unknown file in your favorite analysis tool and being greeted with hundreds or thousands of unknown functions, none of which are matched by your existing function signatures nor any of your helper scripts. This makes analysis a painfully slow and tedious process. It also often means the required analysis time exceeds the available time, and another file is chosen to be reversed instead. This undesired scenario creates a blind spot from a blue team’s perspective and rings especially true when dealing with malware.

READ MORE

Resilient Security Requires Mature Cyber Threat Intelligence Capabilities by Trellix Advanced Research Center

Threat intelligence and the ability to add context to each technology environment to global threats has never been more important to the role of the CISO, or to the board they report to.

We recently had the opportunity to support an important industry effort to advance threat intelligence, led by our partners at Intel 471. Trellix, along with 25+ cyber leaders, launched a new maturity model for cyber threat intelligence (CTI). The initial version of the Cyber Threat Intelligence Capability Maturity Model (CTI-CMM) is a first-of-its kind and universally applicable resource to support organizations in getting maximum benefits from their CTI strategy.

READ MORE

Register for our upcoming Virtual Summit!

Join our GenAI Powered Responsible Security Virtual Summit to discover how to foster trust, stability, and resiliency, with intelligence.

You’ll learn how to:

• Implement a resilient-by-design architecture to enhance stability and avoid outages
• Scale your SOC with high efficacy, low noise detection and automated response
• Investigate 100% of your alerts with purpose-built GenAI to relieve alert fatigue and prioritize threats