Alphabet’s New Chronicle Promises to Speed Threat Data Analysis

2018.02.01 02

Alphabet, the parent company of Google, has launched Chronicle, a new cybersecurity venture, following two years of development at the Alphabet X research lab.

The idea behind Chronicle stems from the fact that many companies receive tens of thousands of security alerts per day, more than most teams can handle, Gillett said last week in an online post introducing the new firm. Typically, security teams can filter those alerts to a few thousand, and at best, review several hundred at a time.

Chronicle will be able to speed up the detection process by as much as 10 times, using the same infrastructure that is employed in other Alphabet programs, thus allowing those threats to be analyzed in minutes.

The real goal is to create an “immune system” for the digital world, allowing companies to predict future attacks rather than react after the damage has been done, wrote Alphabet X CEO Astro Teller, captain of moonshots, in an online post.

Alphabet’s New Chronicle Promises to Speed Threat Data Analysis

Super-Sophisticated Spyware Spotted After 5-Year Run

2016.08.18 03

Symantec and Kaspersky Lab last week separately announced the discovery of a highly sophisticated advanced persistent threat that had eluded security researchers for at least five years.

A previously unknown group called “Strider” has been using Remsec, an advanced tool that seems to be designed primarily for spying. Its code contains a reference to Sauron, the main villain in The Lord of the Rings, according to Symantec.

The APT spyware is called “ProjectSauron” or “Strider” in Kaspersky’s report.

The malware has been active since at least October 2011, Symantec said. It obtained a sample after its behavioral engine detected it on a customer’s systems.

Kaspersky found out about ProjectSauron when its software caught an executable library registered as a Windows password filter loaded in the memory of a Windows domain controller. The library had access to sensitive data in cleartext.

“Learning that some sophisticated malware has been running in your infrastructure for half a decade without detection is certainly painful,” said Sándor Bálint, security lead for applied data science at Balabit.

“Installing antivirus software and running a personal firewall provide only a bare minimum of protection,” he told TechNewsWorld.

Antimalware systems “stop 99.999 percent of known attacks,” claimed Balabit CEO Zoltán Györkő.

However, the Strider APT mimicked a password filter module, which “is yet another clear sign that passwords are dead and behavior is the new authentication,” he told TechNewsWorld. “The only way to catch these attacks is to spot changes in the behavior of users at the end points.”

Super-Sophisticated Spyware Spotted After 5-Year Run

New Attack Technique Hides Spread of RATs in Asia

2016.04.27 01SentinelOne last week announced that it has detected a technique being used in Asia to infect systems with remote access Trojans that ensures that the payload remains in memory throughout its execution and doesn’t touch the victim’s computer disk in an unencrypted state.

Attackers remain hidden from antivirus technologies and next-generation technologies that focus only on file-based threats, according to SentinelOne.

The samples analyzed also can detect the presence of a virtual machine, preventing them from being analyzed in a network sandbox.

Remote access Trojans, or RATs, aren’t new but the technique is, said Joseph Landry, senior security researcher at SentinelOne.

“We expect to see an increase in fileless-based attacks that execute in memory to avoid detection,” he told TechNewsWorld.

New Attack Technique Hides Spread of RATs in Asia