Today’s cyber attackers utilize an increasingly sophisticated set of evasion tactics. Disjointed techniques and a fragmented security approach leave enterprises prone to risk. The volume of attacks is rising, applying strain on a limited population of security specialists. It is essential that defenders and security specialists understand the trends and distributions in the attack landscape. This paper takes a survey of the Palo Alto Networks Threat Data generated across the customer base.
Security Lifecycle Review (SLR) is a cloud-based application that analyzes the network traffic and reports on the business and security risks facing an organization to provide visibility into the network. SLR leverages the Palo Alto Networks Next Generation Firewall logs Cortex Data Lake data to identify the applications and threats exposing vulnerabilities in an organization’s security’s posture.
The WikiLeaks saga has captured attention world-wide, with the majority of analysis focused on the actual leaked content. Yet while WikiLeaks is certainly the most high-profile breach in recent memory, the techniques used to exfiltrate and hide information are directly applicable to enterprises today. In this session we will summarize the key lessons of WikiLeaks and how security managers can protect their networks today.
Introduction As we head towards the end of the year it’s common to reflect on the year almost behind us and to predict what the new year approaching will bring in terms of security challenges. This blog is part of a series that describe malware trends seen in the EMEA (Europe Middle East and Africa)
Apple’s official iOS App Store is well known for its strict code review of any app submitted by a developer. This mandatory policy has become one of the most important mechanisms in the iOS security ecosystem to ensure the privacy and security of iOS users. But we recently identified an app that demonstrated new ways
Unit 42's Threat Landscape Review examines data from WildFire™, a key component of the Palo Alto Networks threat intelligence cloud, to identify how organizations in different industries are targeted and affected by malware.
You know those mischievous bunnies in the movie “Peter Rabbit”? How about the heroic minifigs in “The LEGO Movie” or the fighting owls in “Legend of the Guardians: The Owls of Ga’Hoole”? Maybe the prancing penguins in “Happy Feet” had you dancing. Or perhaps “Alien: Covenant,” “Guardians of the Galaxy Vol. 2” or “The Great Wall” had you on the edge of your seat. If you’ve been amazed by the breathtaking visuals, compelling characters or memorable performances in any of these films, you can thank the creative wizardry of Animal Logic.
In March of this year, Unit 42 investigated the SamSa actors that were attacking the healthcare industry with targeted ransomware. With this group being active for roughly one year, we decided to revisit this threat to determine what, if any, changes had been made to their toolset. In doing so, we discovered that it’s been
In Part 5 of our IDAPython blog series, we used IDAPython to extract embedded executables from malicious samples. For this sixth installment, I’d like to discuss using IDA in a very automated way. Specifically, let’s address how we’re going to load files into IDA without spawning a GUI, automatically run an IDAPython script, and extract
We continue our series on using IDAPython to make things easier for reverse-engineers by tackling a problem malware analysts deal with on an almost daily basis: extracting embedded executables. Malware will often store embedded executables in a number of ways. Some examples include attaching these files in the file’s overlay, including them as a PE
Earlier installments of this series (Part 1, Part 2 and Part 3) have examined how to use IDAPython to make life easier. Now let’s look at how reverse engineers can use the colors and the powerful scripting features of IDAPython.
In the first two posts of this series (Part 1 and Part 2), we discussed using IDAPython to make your life as a reverse engineer easier. Now let’s look at conditional breakpoints. While debugging in IDA Pro, there are often situations where an analyst wishes to break on a specific address, but only when a
Continuing our theme of using IDAPython to make your life as a reverse engineer easier, I’m going to tackle a very common issue: shellcode and malware that uses a hashing algorithm to obfuscate loaded functions and libraries. This technique is widely used and analysts come across it often. Using IDAPython, we will take this challenging
As a malware reverse engineer, I often find myself using IDA Pro in my day-to-day activities. It should come as no surprise, seeing as IDA Pro is the industry standard (although alternatives such as radare2 and Hopper are gaining traction). One of the more powerful features of IDA that I implore all reverse engineers to
In this edition of the threat review, we will follow the money with a dive into the world of banking malware and its growth into one of the most popular and lucrative avenues for professional hackers. We will take a closer look at Zeus, how it has evolved over time, and spawned a new generation of financial botnets that promise to cause even more damage. As always, we will cover the skills and intelligence you will need in order to protect your networks from these rapidly evolving threats.
Customers and prospects often ask if they should adopt the tools developed and provided by the cloud platforms themselves or invest in 3rd party solutions. Before jumping to technology decisions, it is wise to review both requirements and existing tools.
SANTA CLARA, Calif. – September 6, 2018 – Palo Alto Networks® (NYSE: PANW), the global cybersecurity leader, today announced that KPIT has transformed its approach to cybersecurity by deploying Palo Alto Networks Security Operating Platform, including its firewalls and network security management.