Threat Intelligence

Actionable Cyberthreat Information and Analysis to Improve Response

The Lastline Behavioral Intelligence Program

Lastline® threat intel researchers investigate cyberattacks and publish unique, actionable information about advanced malware and threats in the form of targeted alerts and detailed reports.

Too many security tools ignore or misidentify the malicious behaviors that are essential to understanding the scope and intent of an attack. In contrast, the Lastline Behavioral Intelligence Program focuses on detailing the behaviors that advanced attacks exhibit. Armed with this global cyberthreats intelligence, your security team can secure your email, web, cloud, and network against advanced malware-based attacks faster, and with fewer resources.

Threat Reports

Lastline Threat Reports are broad in nature, providing a wider view of a particular aspect of the threat landscape.

Effective Response to Asymmetrical Warfare
April 2019
The way in which the Internet is being used as a weapon is asymmetric, between Western democracies and revisionist powers. In this sequel to Asynchronous Warfare, we reiterate the key foundation we presented earlier, and provide detailed recommendations for how to combat the persistent threat presented by asymmetrical warfare.

Malicious Landscape Benchmarks to Take Forward Through 2019
April 2019
This  latest release of our global threat intel report explains the levels, patterns and types of malicious activity impacting the cyber resilience in corporate networks. Security professionals can use this data to benchmark their organizations’ threat encounter rates given the ever-evolving malicious landscape – the Malscape – to identify gaps in their security strategy.

Asynchronous Warfare: The Strategies and Tactics That Give Attackers the Advantage in the Cyberwar That is Already Being Waged
January 2019
Why are defenders always underprepared? If someone did actually declare cyberwar, what would you do differently? In this paper we explore both questions, to raise awareness, and to speed the adoption of advanced technology that can fight the cyberwar that’s already being waged.

Threat Alerts

Lastline Threat Alerts provide detailed descriptions of specific attacks, malware, and exploits, incorporating our unparalleled insight into the malicious behaviors engineered into any particular strain of malware.

LockerGoga: When Ransomware Strikes Back
April 2019
Ransomware attacks have made the headlines multiple times in the course of recent years. LockerGoga is yet another example. This threat alert introduces LockerGoga, details its main features, and presents a timeline of the attacks made public so far.

Threat Actor “Cold River”: Network Traffic Analysis and a Deep Dive on Agent Drable
January 2019
We explore “Cold River,” a sophisticated threat that utilizes DNS subdomain hijacking, certificate spoofing, and covert tunneled command and control traffic in combination with complex and convincing lure documents and custom implants.

Malscape Snapshot: Telecom Services
August 2018
The latest 100 malware samples targeting Telecom Services show that criminals recently have launched an RTF exploit document campaign, detailed in this Alert. The Snapshot also contrasts threats targeting Telecom over the past 30 days against global data reported in the Malscape Monitor Report.

Malscape Snapshot: Malicious Activity in the Office 365 Cloud
July 2018
Our analysis of two recent attacks to illustrate the challenges of effectively protecting employees from attack once your company makes the move to Office 365.

Malscape Snapshot: Finance
June 2018
The latest 100 malware samples targeting finance show that criminals are upping their game with sophisticated keylogger malware. The snapshot also contrasts threats targeting finance to global data reported in the Malscape Monitor Report.

K12 Featured

Malware Landscape: K-12
May 2018
We analyzed the latest 100 malware samples that target the K-12 school environment. You might be surprised how many are a single piece of malware, NanoCore.

Cryptojacking, CryptoMining and the Rise of Monero
January 2018
Lastline is witnessing a tremendous increase in malware samples that have a cryptocurrency mining purpose. This Alert charts the ascension of Monero as the emerging cryptocurrency of choice.

Novel Excel Spreadsheet Attack Launches Password Stealing Malware Loki Bot
December 2017
Lastline uncovered a new attack vector initially launched through Microsoft Excel spreadsheets, and expanded into other Office applications. This Alert describes how the attack works, why it’s often dismissed as a false positive, and what typically happens during the initial days of the attack.

Malware Analysis–Mouse Hovering Can Cause Infection
September 2017
Cybercriminals recently developed a technique where, in some cases, malware can infect a device when the victim simply hovers their mouse over a malicious link. This Alert describes how it works, and steps security teams can take to prevent it.

A Deep Dive into the NotPetya Ransomware Attack
June 2017
This is a new variant of the Petya ransomware family that targets Windows systems. It also has been referred to PetrWrap, GoldenEye, Petya.A, Petya.C, and PetyaCry. This Alert describes the scope of the attack, its behaviors, and how it spreads.

Malware Solutions, Threat Analytics, Automated Malware Analysis

Advanced Malware

Advanced malware continues to play a significant role in many attacks targeting organizations today. Malware authors continue to new techniques that bypass both traditional and “next-generation” security tools, leaving your systems and data at risk. Evasive malware can easily escape detection by “advanced” security technologies by altering its behavior or adopting one or more evasion tactics.

  • Evading sandbox-based technologies: Advanced malware is engineered specifically to detect when it is running in almost every sandbox on the market. The malware avoids taking any malicious actions to evade detection while in the sandbox, allowing it to enter your network and initiate its malicious behavior. The reason why advanced malware can bypass most sandboxes is that they typically utilize virtual machine (VM) environments like VMware, Xen, KVM, Parallels/Odin and VDI. VM technologies insert artifacts, which allow advanced malware to discover that it is running in a virtual environment. These artifacts include additional operating system files and processes, supplementary CPU features, and other components necessary for the virtualization to work.
  • Evading signature-based detection: Malware authors easily alter the signature of their code to avoid detection. Because security tools examine the internal components of an object to generate a signature, modifying even a single bit in any of the malware’s components changes the object’s signature. Some of the malware tools on the dark web enable payload-changing capabilities with a simple check box to foil signature-based systems.

Lastline detects the advanced malware that other technologies miss. Our Deep Content Inspection™ environment catalogs every malicious action engineered into the code, providing you with complete visibility and eliminating the need to conduct additional analysis of the malware.

About the Lastline
Behavioral Intelligence Program

The Lastline Behavioral Intelligence™ Program is a behavior-based approach to global threat intelligence that improves security effectiveness, speed to remediation, and completeness of remediation. Lastline security experts investigate cyberattacks and make unique actionable information about malware and threats publicly available to improve security teams’ ability to detect and block attacks.

Existing systems are ineffective:

  • Enterprise incident response processes are broken – Due to the homogenous description of detected malware, correctly remediating infected devices is poor and increases the risk to orgs.
  • External threat intelligence feeds are fundamentally flawed – They lack the granularity to be truly helpful, and are overly focused on external data not internal activity.
  • Intrusion defenses are ineffective – They lack the ability to connect north/south alerts to east/west traffic, precluding the ability to understand the full scope of an attack.

Our unique approach, built on our core strength and differentiator – our insight into malicious behaviors and connecting them to intrusions and breaches – will provide otherwise unavailable analysis and information to inform security teams’ efforts to secure email, web, cloud, and networks.

Superior Protection, Easy to Use

With unmatched accuracy, protection at all malware entry points, and full visibility into malicious activity,
Lastline is a compelling solution to defeat network breaches.