Author:Prevailion Staff

Ransomware crime group known as UNC1878

On the Trail of UNC1878

Since October 28th, Prevailion has been investigating current and potential future victims of the ransomware crime group known as UNC1878. While our investigation is still underway, we have so far identified hundreds of organizations worldwide that show compromise activity by this threat actor, and which may be in the early- to mid-stages of a Ryuk ransomware attack. As of November 3rd, there are approximately 1,400 organizations that show beacon activity to the UNC1878 C2 domains, with a total of 340 organizations that are showing a substantial amount of this beaconing, indicating...

Share Post
Gartner Cool Vendor 2020

Prevailion Recognized as a 2020 Gartner “Cool Vendor”

We are pleased to announce that Prevailion has been named a Gartner Cool Vendor in the 2020 Cool Vendors in Security Operations and Threat Intelligence report. In the October 13th report, Gartner points out that “Organizations struggle to mitigate vulnerabilities because of the inability to prioritize them due to a lack of context about the assets and external threat environment.” We couldn’t agree more. It’s that lack of visibility, and subsequent inability to prioritize threats, which often hamper an organization’s cybersecurity posture. Our mission is to change that. Prevailion’s exclusive intelligence capabilities empower...

Share Post

Prevailion Increases Malware Coverage by 45%

[vc_row row_type="row" use_row_as_full_screen_section="no" type="full_width" text_align="left" box_shadow_on_row="no"][vc_column][vc_column_text] Prevailion’s threat intelligence team has substantially increased our monitoring of malicious cyber activity over the last month. The APEX Platform now tracks over 205 malware families, marking a 45% increase since the start of September. We have also increased our monitoring of malicious beacons by 20%, with more than 32 billion C2 communications collected. This expanded coverage of malware communications provides the industry’s most advanced, comprehensive view of nation-state and criminal actor campaigns that are actively targeting corporations, governments, non-government organizations and their suppliers worldwide. Many of...

Share Post
APEX Platform 4.6

NEW Release – APEX Platform 4.6 Delivers Greater Fidelity on Confirmed Cyber Attacks and Threats

Prevailion is excited to launch six new features in its latest release of the APEX Platform, version 4.6.  The features, outlined below, give organizations higher fidelity on real-time compromise activity empowering your security and cyber risk teams to be more effective, work faster, and immediately prioritize confirmed threats. Over the past four months, APEX Platform has increased the number of compromised IP addresses tracked by 285%. Over the past 180 days APEX Platform has tracked: 29.3B Malicious Beacons 469k IP Addresses 141 Malware Families --->  Sign Up Now for a Guided Tour & Free Account #1 -...

Share Post

A Note on the Trojan Compromise of NCR Corporation

Prevailion recently disclosed an active trojan compromise in the network of NCR Corporation. We at Prevailion are extremely pleased that NCR has taken this matter seriously, including the engagement of an elite IR team, and we applaud them for their quick and diligent response to the compromise we detected inside their network. As with all impacted organizations, we were more than happy to provide NCR with the full details of the compromise activity that we observed through our ongoing C2 monitoring. We were in touch with NCR’s security team and IR...

Share Post

Carnival Cruise Lines’ Long-Running Breach Problem

Carnival Corporation is back in the news again with another data breach. This time, the company disclosed in a recent 8-K filing that its network was compromised by an unnamed ransomware on August 15th which “encrypted a portion of one brand’s information technology systems” and “the download of certain of our data files.” This is the second public disclosure Carnival has made this year. In March, it also disclosed a data beach from April 11 – July 23 2019 which gained access to employee email accounts containing sensitive information. However, these are...

Share Post