An Integrated Workflow: Investigating and Remediating a Mass-Malware Infection

I recently had the opportunity to help a customer use Tanium to investigate and respond to an outbreak of the “Ponik” malware. Ponik is a downloader that can retrieve and install additional malware, as well as steal credentials, from an infected system. Though Ponik is an example of commodity mass-malware, it presented a good opportunity...

What’s Old is New: Detecting Office Macro Malware with Tanium

Years of InfoSec experience will tell you that security threats are cyclical. What is old will become new and what is new will eventually become old. We’ve seen proof of this from the re-emergence of devastating distributed denial of service attacks, massive malvertising campaigns, and more recently, macro-based malware attacks. For example, several of the...

A Turning Point for U.S. Retailers

A recent study from the Ponemon Institute revealed retailers take more than six months on average — 197 days to be exact — to detect an advanced persistent threat (APT) in their network. The study’s most common method identifying an APT after notification? “A gut feeling.” Usually, retailers do not detect intrusions proactively on their own; instead, an external...