Take a Deep Dive into PlugX Malware

Although there have been several variants over the years, an analysis of the timeline of variants discussed demonstrates the "original" PlugX variant continues to be used today.

Read More

Insider Threat Use Case: Detecting and Stopping Cryptojacking

We detected and stopped an insider threat before this individual turned LogRhythm into a part-time cryptocurrency mining operation. This highlighted the need for focused user entity and behavioral analytics (UEBA) across the organization, as business threats can come in many shapes and sizes.

Read More

Dynamic Data Exchange (DDE): Detection and Response, Part 1

Malicious actors have begun using Microsoft’s Dynamic Data Exchange (DDE) mechanism to deliver payloads via Microsoft Office documents instead of the traditional embedded macros or VBA code. Using LogRhythm’s integration with Carbon Black, security operations center (SOC) analysts can efficiently detect, mitigate, and remediate a Microsoft DDE-based attack.

Read More