Adversarial Security

Featured

Guarding the Bridge: New Attack Vectors in Azure AD Connect

By researching Azure AD Connect components, Sygnia was able to discover several attack vectors for extracting Connector credentials and domain users’ NT hashes, while...

Read More

All Resources

12 Questions You Should Ask When Choosing An MXDR

Discover the 12 essential questions to ask when selecting a managed XDR solution (MXDR). Make an informed choice for robust threat detection and response. Read More

Adversarial Security

Guarding the Bridge: New Attack Vectors in Azure AD Connect

By researching Azure AD Connect components, Sygnia was able to discover several attack vectors for extracting Connector credentials and domain users’ NT hashes, while avoiding common security solutions. Read More

Incident Response

Threat Hunting Blog Post

Breaking Down the Casbaneiro Infection Chain – Part II

Casbaneiro banking trojan surfaced in mass campaigns targeting financial sectors in Latin America since 2018. Sygnia continues to track Casbaneiro activity as it poses a substantial threat to multi-regional financial organizations. Read More

Incident Response

Case Study: Global MITM Campaign with Threat Intelligence Toolkit

Through CTI enrichment techniques, Sygnia found that the BEC attack was part of a larger global campaign, potentially affecting many organizations. Read More

Accelerating Cyber Investigations with Velocity XDR's Integrated Behavioral Analytics

Sygnia's Velocity XDR uses UEBA not only to form a baseline for detecting anomalies, but also make the internal data easily accessible to platform users. Read More

Incident Response Threat Hunting

Threat Actor Spotlight: RagnarLocker Ransomware

Explore the threat of RagnarLocker ransomware. Uncover its tactics and implications in this Sygnia blog spotlight on cyber threats. Read More

Sygnia Named in the 2023 Gartner® Market Guide for Digital Forensics and Incident Response Retainer Services for the Second Consecutive Time

Sygnia today announced that it was named in the 2023 Gartner ® Market Guide for Digital Forensics and Incident Response Retainer Services. Read More

DPAPI Adversarial Security Red Team

The Downfall Of Dpapi Top Secret Weapon

Attackers exploit Windows DPAPI to steal data. Defenders can replace DPAPI backup key for full remediation. Read More

LAC Partners with Sygnia to Enhance their Cyber Emergency Center’s Incident Response Capabilities

Sygnia today announced a strategic partnership with LAC Co., Ltd to enhance the incident response capabilities of LAC’s Cyber Emergency Center. Read More

Incident Response

Threat Hunting Blog Post

Incident Response in Google Cloud: Forensic Artifacts

Discover effective incident response in Google Cloud. Learn how to analyze forensic artifacts for swift resolution. Expert insights on Sygnia blog. Read More

Sygnia Expands Incident Response & Proactive Security Services to Include MXDR (Managed Extended Detection and Response) Service

Sygnia announced that it expanded its incident response & proactive security services to include an MXDR (managed extended detection and response) service. Read More

The Future of OT Security

Focusing primarily on the process manufacturing industry, this article unpacks the evolution and future of OT Security. Read More

Sygnia Accelerates Growth with Expanded Presence in LATAM and Aus

Sygnia announced today that it has expanded its incident response and cyber security service offerings into Latin America and Australia. Read More

Incident Response Threat Hunting Blog Post

Incident Response in Google Cloud: Foundations

Incident response and threat hunting in Google Cloud Platform and Workspace Read More

Featured Incident Response Threat Research

Revealing Emperor Dragonfly: Night Sky and Cheerscrypt - A Single Ransomware Group

The outcome of investigation by Sygnia's incident response teams - Cheerscrypt & Night Sky are rebrands of one ransomware group, named ‘Emperor Dragonfly’. Read More

Featured Incident Response Threat Hunting

Vice Society Ransomware Group: Threats to Health & Education Sector

Professionals across all industries, agree that the Vice Society ransomware group is a major cyber threat, especially in health & education sector Read More

Featured Incident Response Threat Hunting

Vice Society TTPs: Insights from a Real-World Ransomware Investigation

Get technical insights based on forensic investigations of Vice Society (ransomware group carrying out double extortion attacks) conducted by our IR team. Read More

Sygnia's New VP to Expand Investment in OT Security

Sygnia announced today that Rafael Maman is joining the team as its new Vice President of Operational Technology . Read More

Featured Adversary Security Blog Post red team infrastructure

Offensive CI/CD – A Cat on a Vessel

Leveraging CI CD pipelines to automate implementation of evasion techniques in offensive tools - enacting adversary simulation tasks without detection. Read More

Featured Threat Report Threat Research

Luna Moth: The Threat Actors Behind Recent False Subscription Scams

Sygnia’s team identified 'Luna Moth' ransom group. The threat actors resemble false subscription scammers, focusing on corporate data theft. Read More

Incident Response

Sygnia Shortlisted in Two Categories of the 2022 SC Awards Europe

Sygnia joins industry leaders in “Best Incident Response Solution” and “Best Security Company” categories. Read More

Featured Incident Response Threat Hunting

The Misconceptions of 2021's Black Swan Cyber Events

Here are 3 common misconceptions about Black swan events that are considered incidents with high impact and low frequency that are impossible to predict. Read More

Featured Incident Response Threat Hunting

Hybrid Phishing Attack Vector – Complementing Phishing Campaigns

Cyber-crime groups are targeting Java-based infrastructures susceptible to the Log4Shell vulnerability and are delivering Qakbot phishing emails Read More

GARTNER MARKET GUIDE

Download a complimentary copy of the Digital Forensics and Incident Response Services (DFIR) Market Guide by Gartner. Read More

FORRESTER NOW TECH: CYBERSECURITY INCIDENT RESPONSE SERVICES - Q4 2021

Now Tech by Forrester - Download a complimentary copy to get an overview of 36 Cybersecurity Incident Response Service Providers for Q4 of 2021 Read More

Featured Incident Response Threat Hunting

Sygnia Advisory: Key Takeaways Leak of Conti crime group information

Shared thoughts and insights following our analysis of the leaked Conti (cyber crime group) information and the groups modus operandi. Read More

Featured Incident Response Threat Hunting

Breaking Down the Casbaneiro Infection Chain

The Casbaneiro banking trojan targets financial organizations to steal user data for financial gain. Get a detailed “attacker fingerprint”. Read More

Featured Incident Response Threat Hunting

Sygnia Advisory: Potential Okta Breach

In light of evidence of a successful Okta breach, we recommend taking several steps to mitigate potential risk for organizations leveraging Okta solutions. Read More

Featured Incident Response Threat Hunting

Advisory: Russia–Ukraine Conflict Escalation

An advisory to keep leadership updated & support global organizations enhance cyber resilience as we monitor the conflict between Russia & Ukraine. Read More

Incident Response

Amir Becker Joins Sygnia to Lead Global Incident Response Division

Sygnia announced today that Amir Becker is joining the team as its new Vice President of Incident Response. Read More

Incident Response Threat Research Blog Post

7 Cyber Attacks That Kept the Industry Talking in 2021

A journey back through 2021 - What we’ve learned from 5 major cyber attacks that took place in 2021 as well as 2 new threat actors identified by Sygnia. Read More

Incident Response

Sygnia's Webinar on Actionable Incident Response Strategies for 2022

Sygnia's cybersecurity experts to deliver actionable Incident Response (IR) strategies organizations worldwide can leverage. Read More

Featured Threat Report Threat Research Videos

Elephant Beetle: Uncovering an Organized Financial-Theft Operation

Sygnia’s IR team has identified the Elephant Beetle threat group, an organized, significant financial-theft operation threatening global enterprises. Read More

Adversary Security Blog Post

It's a Threat Actor's Paradise: Getting Ahead of Attackers in 2022

Achieving cyber resilience in the hostile attack terrain comes down to an organization’s ability to flip the asymmetry between them and the threat actors. Read More

Featured Incident Response Threat Hunting

End-to-End LOG4SHELL Hunting Strategy

Defenders, hunt for Log4Shell exploitation attempts, distinguish between failed and successful attempts and identify post-exploitation activities. Read More

Incident Response Threat Hunting

Sygnia Advisory: Log4Shell Remote Code Execution

Critical remote code execution vulnerability in a software logging package called “Log4Shell” (CVE-2021-44228) is impacting millions of devices globally Read More

Incident Response

SYGNIA RECOGNIZED AS MARKET GUIDE AND INCIDENT RESPONSE SERVICES

Sygnia has been recognized as a Representative Vendor in 2021 Gartner Market Guide for Digital Forensics and Incident Response Services. Read More

SYGNIA EXPANDS INTO EUROPE TO MEET INCREASING CLIENT DEMAND

Following impressive growth, Sygnia opens its first European office in London. Read More

Incident Response Threat Hunting

Recent Waves of Phishing Attacks Overpowering 2-factor Authentication

Phishing attacks are still a leading attack vector for threat actors globally, & are evolving in prevalence & sophistication given work-from-home models Read More

Threat Research

Praying Mantis An Advanced Memory Resident Attack

Sygnia researchers identified an advanced threat actor targeting high profile US organizations, using nation-state attack methods, and operating in-memory. Read More

Adversary Security

Cloud Scout: a New Open Source Tool for Cloud Security

Cloud Scout, an open-source tool for cloud security - Map cloud (& hybrid) environments, identify attack paths & vulnerabilities, and enhance resilience. Read More

Incident Response Threat Research Threat Hunting Ransomware

Lazarus Group’s Mata Framework Leveraged To Deploy TFlower Ransomware

Sygnia: Double extortion ransomware attack - threat actor leveraged an undocumented variant of MATA to distribute and execute the TFlower ransomware. Read More

Incident Response Threat Hunting Ransomware

Kaseya Ransomware Supply Chain Attack

Get a deep dive into the Kaseya ransomware attack, and how you can deploy effective defense strategies. Read More

Incident Response Threat Hunting Ransomware

Detection And Hunting Of Golden SAML Attack

Get actionable insights on how to detect a Golden SAML attack vector and an overview of the compromise at SolarWinds. Read More

Incident Response Threat Hunting

Demystifying The PrintNightmare Vulnerability

Learn about the PrintNightmare vulnerability, why it's such a cause for concern and how to mitigate the risk. Read More