Cybereason’s Nocturnus Research Team Discovers Spike in Betabot Malware Infections

Share Article

Betabot malware isn't new but it has returned aggressively inside the networks of many large organizations across the globe.

'In one word Betabot is 'nasty' and companies should be keeping their eyes open for infections."Assaf Dahan, senior director, threat hunting, Cybereason

Cybereason, creators of the leading cybersecurity AI Hunting Platform, today announced its security research team Nocturnus discovered a spike in Betabot malware infections originating from phishing emails. A new Nocturnus blog delves into Betabot’s self-defense mechanisms and reveals the infection chains based on Cybereason telemetry data gathered from multiple customer endpoints.

Betabot is a sophisticated infostealer malware that’s evolved significantly since it first appeared in late 2012. The malware began as a banking Trojan and is now packed with features that allow its operators to practically take over a victim’s machine and steal sensitive information.

"Betabot infections seen in our telemetry originated from phishing campaigns that used social engineering to persuade users to download and open what appears to be Word documents attached to an email,” said Assaf Dahan, senior director, threat hunting, Cybereason. “Betabot also seeks to find and eliminate any other malware on the system with heuristic approaches that would put many security products to shame.”

Best practices to minimize the risk of Betabot infections:

1. Avoid clicking links and downloading or opening attachments from unknown senders.
2. Look for misspellings, typos and other suspicious content in emails and attachments and report any abnormalities to IT or information security.
3. Keep your software up-to-date and install Microsoft security patches, especially
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882
4. Consider disabling the Equation Editor feature in Microsoft Office by editing the following registry entries:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common\COM Compatibility\{0002CE02-0000-0000-C000-000000000046}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\COM Compatibility\{0002CE02-0000-0000-C000-000000000046}]
"Compatibility Flags"=dword:00000400

About Cybereason’s Nocturnus Researchers
Nocturnus is a group of cybersecurity experts with broad experience in cyber offense and defense with a focus on cutting edge, advanced research. The team has spent years studying the adversary and defending against some of the most advanced cyber attacks. The team’s findings of new attack tools, techniques, and methodologies are used to better protect our customers and educate the broader information security community.

Cybereason is one of the fastest growing technology companies in the world. Founded in 2012 by Lior Div, Yossi Naar and Yonatan Striem-Amit, Cybereason has exploded from a three-person team to more than 450 employees globally.

About Cybereason
Cybereason, creators of the leading cybersecurity data analytics platform, gives the advantage back to the defender through a completely new approach to cybersecurity. Cybereason offers endpoint detection and response (EDR), next-generation antivirus (NGAV), and active monitoring services, all powered by its proprietary data analytics platform. The Cybereason suite of products provides unmatched visibility, increases analyst efficiency and effectiveness, and reduces security risk. Cybereason is privately held, having raised $189 million from top-tier VCs, and is headquartered in Boston, with offices in London, Tel Aviv and Tokyo.

Learn more: https://www.cybereason.com/
Follow us: Blog | Twitter | Facebook

Media Contact
Bill Keeler
Director, Public Relations
Cybereason
bill.keeler(at)cybereason.com
(929) 259-3261

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Bill Keeler
Cybereason
+1 929 259-3261
Email >
Visit website