Bitdefender Case Studies

14 September 2017

Virtualization’s hidden traps: security has become a battlefield for CISOs

• 85% of CISOs fear security flaws in the public cloud
• Half of CISOs say virtualization increases their company’s attack surface
• Only one company in six encrypts all data

Download Case Study

Languages: en
01 September 2017

EHDevel – The story of a continuously improving advanced threat creation toolkit

More than a year ago, on July 26th 2016, the Bitdefender Threat Intelligence Team came across a suspicious document called News.doc.

Upon preliminary investigation, the sample revealed a set of similar files that bear the same features, but appear to have been used in separate attacks targeted at different institutions.

This plug-and-play malware framework uses a handful of novel techniques for command and control identification and communications, as well as a plugin-based architecture, a design choice increasingly being adopted among threat actor groups in the past few years.

Dubbed EHDevel, this operation continues to this date, the latest known victims reportedly being several Pakistani individuals. In their case, the threat actors have chosen different lures than the ones presented in this paper, but the modus operandi is identical.
Download Case Study

Languages: en, uk
31 August 2017

New Pacifier APT Components Point to Russian-Linked Turla Group

In 2016, Bitdefender uncovered a new advanced persistent threat dubbed Pacifier, targeting government institutions starting in 2014. Using malicious .doc documents and .zip files distributed via spear phishing e-mails, attackers would lure victims with invitations to social functions or conferences into executing the attachments. Our previous analysis of the Pacifier components revealed that it’s capable of dropping multi-stage backdoors and that the analyzed first stage dropper is also known as “Skipper” by other security vendors.

Our new whitepaper covers an in-depth analysis of the three new backdoor modules, as well a short description of their capabilities and features.
Download Case Study

Languages: en, uk
02 August 2017

Remote Exploitation of the NeoCoolcam IP Cameras and Gateway

The Internet of connected things has changed the way we interact with our homes, offices or even with our own bodies. But although connected devices are sold mostly everywhere, manufacturers haven’t dived deep into the technology, as more innovation is expected to emerge the more connected we are.

In 2016, security researchers from Bitdefender detected multiple vulnerabilities in a number of Internet of Things devices. This paper is another investigative effort in the IoT space and it details the compromise of a vendor’s line of IPTV and gateway products by trivial remote exploitation.
Download Case Study

Languages: en, uk
18 July 2017

Inexsmar: An unusual DarkHotel campaign

The DarkHotel threat actors have been known to operate for a decade now, targeting thousands of businesses across the world via Wi-Fi infrastructure in hotels.

This whitepaper covers a sample of a particular DarkHotel attack, known as Inexsmar. Unlike any other known DarkHotel campaigns, the isolated sample uses a new payload delivery mechanism rather than the consacrated zero-day exploitation techniques. Instead, the new campaign blends social engineering with a relatively complex Trojan to infect its selected pool of victims.
Download Case Study

Languages: en, uk
13 July 2017

Companies blame competition for corporate cyberespionage

A survey of US, UK, French, German, Italian, Swedish and Danish IT execs (Author: Razvan Muresan)
Download Case Study

Languages: en
07 July 2017

Everything we know about GoldenEye

On January 27th, reports of a rapidly spreading ransomware attack started to emerge from Ukraine. The speed at which critical infrastructure networks were shutting down pointed to a ransomware application with a wormable component, whose virality called to mind the WannaCry ransomware. In less than three hours, the infection crippled banks, ATMs, public transport and an airport, as well as utilities provider Kyivenergo. Then it spread outside the Ukraine.

As multiple critical infrastructure networks reported major blackouts, Bitdefender started an internal investigation over the isolated malware samples to trace the attack’s origin and better understand what it targeted, and how. The following report is based on our internal telemetry and reflects what we know as of the moment of writing.
Download Case Study

Languages: en, uk
15 May 2017

Everything you need to know about the WannaCry ransomware

For the past decade or so, increasing tensions between International governments have led to what IT security experts call today “cyberterrorism” – the use of cyberweapons (hacks) to spy on or to commission cyber-attacks overseas.

The most recent such example occurred on May 12, 2017 when an unknown group of hackers deployed what was to become the most dangerous ransomware attack ever recorded. WannaCry, as the malware is dubbed, leverages a (now patched) 0-Day vulnerability developed by hackers contracted by the NSA. This whitepaper is a technical detail into how the malware operates and its spreading techniques.
Download Case Study

Languages: en, uk
28 April 2017

Ransomware targets SMBs due to weaker protection and greater willingness to pay up

Attackers are now targeting small and medium businesses to extort higher fees, a Bitdefender survey shows, meeting the company’s predictions for 2017. (Author: Razvan Muresan)
Download Case Study

Languages: en
25 April 2017

Inside Netrepser – a JavaScript-based Targeted Attack

In May 2016, the Bitdefender threat response team isolated a number of samples from the internal malware zoo while looking into a custom file-packing algorithm. A deeper look into the global telemetry revealed that this piece of malware was strictly affecting a limited pool of hosts belonging to a number of IP addresses marked as sensitive targets.

Its unusual build could have easily make it pass like a regular threat that organizations block on a daily basis ; however, telemetry information provided by our event correlation service has pointed out that most of its victims are government agencies.
Download Case Study

Languages: en, uk
10 April 2017

Delivering strong security in a hyperconverged data center environment

A new trend is emerging in data center technology that could dramatically change the way enterprises manage and maintain their IT infrastructures. It’s called hyperconvergence, and it’s gaining momentum as companies look for ways to run more efficient and agile technology environments.
Download Case Study

Languages: en, uk
04 April 2017

The emotional side of virtualization: how trust affects cloud adoption and security decisions

(A survey of US, UK and German IT decision makers)
Download Case Study

Languages: en, uk
03 March 2017

Sensibilisation à la sécurité à l'ère de l'Internet des Objets

Ce livre blanc vise à mettre en lumière la perception qu'ont les particuliers des technologies connectées et à illustrer la manière dont les internautes américains et européens comprennent et adoptent l'IoT (Internet des Objets). Nul doute, les gens apprécient le côté innovant de ces objets connectés. Mais comment gèrent-ils les problématiques de sécurité et de confidentialité ? Sont-ils compétents, ou non, en tant qu'administrateurs des Objets de leurs maisons ?
Download Case Study

Languages: fr
21 February 2017

Die Rolle des CIO wächst mit der Virtualisierung (Eine Studie unter IT-Entscheidern in Deutschland)

Die Studie von Bitdefender unter 100 IT-Entscheidern in deutschen Unternehmen mit mehr als 1000 PCs im Einsatz zeigt, dass die Rolle der IT innerhalb der Unternehmenshierarchien zunehmend wichtig wird. CEOs und Vorstandsmitglieder sind einer wachsenden Zahl interner und externer Sicherheitsrisiken ausgesetzt, die das Potenzial haben, Kundenvertrauen und Geschäftserfolg nachhaltig zu beinträchtigen. Dennoch haben nicht alle Vorstandsetagen bereits einen CIO oder CISO in ihren Entscheidungsprozessen eingebunden. Die von iSense Solution durchgeführte Studie zeigt auf, wie Entscheidungsträger in der IT ihre Rolle innerhalb von Organisationen wahrnehmen und was sie benötigen, um die Erwartungen des Unternehmens an sie zu erfüllen. Wie hat das Thema Virtualisierung die Spielregeln für Security verändert? Können Angriffe mit den gegebenen Mitteln gestoppt werden? Sind Unternehmen zu Zahlungen bereit, wenn Sie damit eine öffentliche Bloßstellung vermeiden können?
Download Case Study

Languages: de
20 February 2017

Dissecting the APT28 Mac OS X Payload

Since the APT28 group’s emergence in 2007, Bitdefender has become familiar with the backdoors used to compromise Windows and Linux targets, such as Coreshell, Jhuhugit and Azzy for the former OS or Fysbis for the latter.

This year we have been able to finally isolate the Mac OS X counterpart - the XAgent modular backdoor. This whitepaper describes our journey in dissecting the backdoor and documenting it piece by piece.
Download Case Study

Languages: en, uk
15 February 2017

Virtualization makes CIOs role key (UK)

A Bitdefender survey of 153 IT decision makers in the United Kingdom in companies with more than 1,000 PCs, shows they will rise in companies’ hierarchies, as CEOs and board members face increasing internal and external security risks that could ruin customer trust and business forecasts. Still, not all C-suites include CIOs/CISOs in the business decision-making process. This survey, carried out by iSense Solutions, shows how IT decision makers perceive their role inside the organizations and what they need to meet shareholder
expectations. How has virtualization changed the security game? How many attacks can be stopped with the current resources? Would they pay to avoid public shaming?
Download Case Study

Languages: uk
14 February 2017

Virtualization makes CIOs role key

An October 2016 Bitdefender survey of 250 IT decision makers in the United States in companies with more than 1,000 PCs, shows they will rise in companies’ hierarchies, as CEOs and board members face increasing internal and external security risks that could ruin customer trust and business forecasts. Still, not all C-suites include CIOs/CISOs in the business decision-making process. This survey, carried out by iSense Solutions, shows how IT decision makers perceive their role inside the organizations and what they need to meet shareholder expectations. How has virtualization changed the security game? How many attacks can be stopped with the current resources? Would they pay to avoid public shaming?
Download Case Study

Languages: en
08 February 2017

Chiffrer les données des entreprises : une activité rentable pour les cybercriminels

Le ransomware, cybermenace la plus prolifique du moment, se propage au sein des entreprises via les réseaux de partage de fichiers, les pièces jointes, les liens malveillants ou encore les sites Internet compromis autorisant les téléchargements directs. Le premier trimestre 2016 a enregistré une croissance de 3 500% du nombre de domaines utilisés pour la diffusion de ransomwares, établissant au passage un nouveau record.
Découvrez dans ce livre blanc quels sont les principaux pays touchés par les ransomwares, quelles sont les familles de ransomwares les plus diffusées, les types de ransomwares sous Android ou encore les risques liés aux adwares.
Download Case Study

Languages: fr
06 February 2017

Security Awareness in the Age of Internet of Things (A 2016 Bitdefender Study)

This paper looks to shed light on home users’ perception of smart technologies, to showcase how consumer IoT is embraced and understood by Internet users around the United States and Europe. Without a doubt, people are excited by the novelty of connected objects, but how well do they manage security and privacy? Are they succeeding or failing as the administrator of Things in their homes?
Download Case Study

Languages: en
21 December 2016

Des idées aux brevets. Transformer des approches visionnaires de la sécurité en technologies révolutionnaires

Ces dernières années, le terme « innovation » est devenu un mot à la mode dans toutes les industries du numérique. Des applications aux technologies, les idées révolutionnaires se propagent dans le but de changer le monde. Bitdefender a commencé à proposer des solutions de sécurité dès 2001 et, après 15 années d’innovation continue, ces solutions protègent désormais un demi-milliard d’endpoints dans le
monde. L’innovation nous a permis de gagner la confiance de nombreux foyers et d’entreprises dans plus de 150 pays et nous a permis de remporter de très nombreuses récompenses.
Download Case Study

Languages: fr
20 December 2016

Encrypting Businesses – ransomware developers’ favorite cash cow

Ransomware, the most prolific cyber threat of the moment, gains foothold in organizations and companies via file-sharing networks, e-mail attachments, malicious links or compromised websites that allow direct downloads. The first quarter of 2016 saw 3,500% growth in the number of ransomware domains created, setting a new record.
Download Case Study

Languages: au, en, uk
DISPLAYED IN CAROUSEL
08 December 2016

From ideas to patents. How visionary security dreams become breakthrough technologies

The R&D team is at the center of Bitdefender to ensure we are fully equipped to look after our customers’ interests, both now and in the future. Our team of engineers and researchers reached the 600+ milestone this year. To keep the innovation flame burning bright, Bitdefender invests 25% of its yearly research and development budget in visionary security dreams. From a total of 72 patents, Bitdefender has 42 patents issued for core technologies in past three years alone. In addition, 35 more are currently filed for examination. With almost 10 percent of Bitdefender patents pertaining to machine-learning algorithms for detecting malware and other online threats, deep learning and anomaly-based detection techniques play a vital role in proactively fighting new and unknown threats.
Download Case Study

Languages: en
23 November 2016

Virtualization brings new security challenges for large companies (UK)

A November 2016 Bitdefender survey of 153 IT decision makers in the United Kingdom in companies with more than 1,000 PCs shows that virtualization is a strategic priority, yet they are still not fully ready for the security challenges this environment brings. Hybrid infrastructures have become the major common architecture in the enterprise environment and CIOs have to adapt to the new world. This survey, carried out by iSense Solutions, shows the main security concerns and issues they face. What cyber threats are companies not ready to handle? What are the main concerns regarding the security management of hybrid infrastructures? Why do IT decision makers fear for their jobs?
Download Case Study

Languages: uk
22 November 2016

Ce que vous devez savoir sur les ransomwares - et sur la façon dont Bitdefender vous protège

Avec les cybercriminels qui génèrent des millions, voire des milliards de dollars, grâce aux demandes de rançons en ligne, les ransomwares sont unanimement considérés comme l’une des plus grandes menaces auxquelles les entreprises doivent faire face de nos jours.

Dans ce livre blanc, vous apprendrez ce que vous devez savoir sur ce type de menace et quelles technologies Bitdefender utilise pour protéger votre entreprise contre l’un des plus grands fléaux en ligne auxquels elle est confrontée aujourd’hui.
Download Case Study

Languages: fr
21 November 2016

Virtualisierung: Neue Sicherheits- Herausforderungen für Unternehmen

Virtualisierung ist in deutschen Unternehmen mittlerweile zu einem strategischen Faktor geworden, dennoch können bislang viele die notwendigen Sicherheitsanforderungen nicht erfüllen, die eine solche Umgebung mit sich bringt. Das ist das Ergebnis einer Bitdefender-Umfrage bei 100 IT-Entscheidungsträgern deutscher Unternehmen mit mehr als 1.000 PC-Arbeitsplätzen. Hybride Infrastrukturen sind
mittlerweile ein wichtiger Bestandteil in einer großen umfassenden Architektur im Unternehmensumfeld geworden, dieser neuen Welt müssen sich CIOs anpassen. Die Umfrage, die von iSense durchgeführt wurde, zeigt die wichtigsten Sicherheitsbedenken und Probleme auf. Welche Cyber-Bedrohungen können Unternehmen heutzutage noch nicht abwehren? Was sind die Hauptanliegen hinsichtlich des
Sicherheitsmanagements von hybriden Infrastrukturen? Warum haben IT-Entscheider Angst um ihre Jobs?
Download Case Study

Languages: de
07 November 2016

Virtualization brings new security challenges for large companies

An October 2016 Bitdefender survey of 250 IT decision makers in the United States in companies with more than 1,000 PCs shows that virtualization is a strategic priority, yet they are still not fully ready for the security challenges this environment brings. Hybrid infrastructures have become the major common architecture in the enterprise environment and CIOs have to adapt to the new world.

This survey, carried out by iSense Solutions, shows the main security concerns and issues they face. What cyber threats are companies not ready to handle?

What are the main concerns regarding the security management of hybrid infrastructures? Why do IT decision makers fear for their jobs?
Download Case Study

Languages: en
14 October 2016

Delivering Security and Performance in the Continuous Data Center

Enterprises are rapidly transforming how applications, services, and data are delivered and have brought tremendous transformation to enterprise cybersecurity. The changes brought by virtualization, public and private clouds, and the adoption of enterprise management practices such as DevOps are nothing short of astounding.

Unfortunately, when it comes to being both swift and nimble, cybersecurity efforts sometimes can get in the way—at least if they aren’t done right. To successfully secure the continuous data center, security must be continuous, manageable, and unobtrusive.
Download Case Study

Languages: en
15 September 2016

Bitdefender Hypervisor Introspection : détecter les attaques ciblées avec l’introspection de l‘hyperviseur

Découvrez dans ce document comment Bitdefender a développé une technologie capable de révéler une activité malveillante au sein des systèmes d’exploitation invités, au niveau de l’hyperviseur sous-jacent. Cette approche ne représente pas une simple évolution dans la sécurisation des charges de travail et des endpoints, on peut parler de révolution pour leur sécurité.
Download Case Study

Languages: fr
30 June 2016

Pacifier APT

Bitdefender detected and blocked an ongoing cyber-espionage campaign against Romanian institutions and
other foreign targets.
Download Case Study

Languages: en, ro
09 June 2016

Hypervisor Introspection - A Revolutionary Approach to Targeted Attacks

Recent headlines about data breaches are clear – securing infrastructures against increasingly targeted attacks is imperative, yet traditional endpoint security tools are not closing the gap with attack technologies, let alone getting ahead of them.

A study conducted in February 2016 shows it takes companies an average of 5 months to detect a data breach. What’s more, 53% of them needed external investigators to discover them, as internal resources showed no signs of a breach.
Download Case Study

Languages: en
24 September 2015

Un point de vue sur la valeur réelle des protections contre les APT

Au cours des dernières années, un nouveau type de menace est devenu un sujet de prédilection chez les journalistes et les analystes en sécurité. Considérées comme étant les menaces les plus sophistiquées, les APT (Advanced Persistent Threats) rendent vulnérables les entreprises à des cas de cyber-espionnage et de vol de données.

Dans cet article nous allons passer en revue une à une les affirmations faites au sujet des APT, et les réfuter en utilisant des cas réels. Nous terminerons notre analyse par une série de questions que les entreprises devraient poser aux fournisseurs de solutions contre les APT, si elles souhaitent s’assurer qu'elles choisissent les bons produits pour répondre à leurs besoins.
Download Case Study

Languages: fr
19 August 2015

Le nouvel acronyme IT : KISSME (Keep IT Security Simple, Manageable and Effective)

Les environnements informatiques ont évolué pour permettre aux utilisateurs d’être plus productifs et à l’IT d’être plus flexible. Dans le même temps, les attaquants ont eux aussi fait évoluer leurs méthodes, adoptant des malwares polymorphes pour échapper à la détection des contrôles préventifs. Par ailleurs, les DSI continuent de pratiquer une approche au coup par coup, réactive, de colmatage de brèches et cela met les entreprises dans une situation périlleuse.

Découvrez dans ce dossier technique :
- Les défis les plus significatifs auxquels doivent faire face les DSI
- Comment gérer la complexité de la sécurité informatique
- Quelles sont les techniques de sécurité pour faire face à des menaces de plus en plus sophistiquées
- Des données sur la cybersécurité en 2014 : augmentation des failles et des coûts, diminution de la confiance et des budgets
- Un rapport sur la pression subie par les professionnels de la sécurité informatique
- 10 éléments clés pour une paranoïa saine dans le cadre d’un rôle de leader de la sécurité de l’information
Download Case Study

Languages: fr
DISPLAYED IN CAROUSEL
19 August 2015

Les 11 questions les plus fréquentes sur les Botnets – et leurs réponses !

Ce livre blanc a pour vocation de répondre aux questions que vous vous posez sur les botnets. Au-delà des définitions d’un bot et d’un botnet, découvrez notamment :
- Quels sont les types d’actions que peut effectuer un bot
- Comment et pourquoi apparaît un botnet
- Comment un botnet est-il contrôlé
- Comment on enquête sur les botnets et comment ils sont détectés
-Si il est possible de bloquer les communications entre les bots avec des solutions d’analyse de trafic
Download Case Study

Languages: fr
DISPLAYED IN CAROUSEL
02 June 2015

The Impact of Virtualization Security on Your VDI Environment

VDI empowers employees and employers with many benefits, no matter the size of the organization. However, as with any environment, security should always play a pivotal role and should complement the business environment. With VDI it’s no different; security should be seamless, without any effect on the user experience.
Download Case Study

Languages: au, en, uk
02 June 2015

Securing the Virtual Infrastructure without Impacting Performance

Virtualization offers many benefits, but also raises additional performance issues in areas of security. This bodes the question: is virtualization security counterproductive? Moreover, do the currently-available security solutions impact some of the benefits offered by virtualization, creating bottlenecks and additional issues in virtualized environments as compared to physical server environments?
Download Case Study

Languages: au, en, uk
28 May 2015

Evolve or Die: Security Adaptation in a Virtual World

As virtualization projects continue to accelerate, organizations are discovering they have changed how datacenters are architected, built, and managed.

This white paper explores areas of security concern organizations must address as they move, ever-increasingly, to rely on virtualization.
Download Case Study

Languages: au, en, uk
28 May 2015

Next Generation Security for Virtualized Datacenters

To accelerate the business benefits enabled by virtualization, companies must not overlook security. However isolated and self-contained, virtual containers are still vulnerable to increasingly sophisticated malicious attacks carried out by dedicated networks of cybercriminals. The larger the virtualized environment, the more challenging it can become to efficiently secure virtual machines.
Download Case Study

Languages: au, en, uk
28 May 2015

The New IT Acronym KISSME: Keep IT Security Simple, Manageable, and Effective

IT has evolved immensely over the past decade, always adapting to become faster, more agile, and more efficient. Unfortunately, security threats have evolved as well, and are more stealthy, more intelligent, and more malicious than ever before.
Download Case Study

Languages: au, en, uk
27 May 2015

Getting the most out of your cloud deployment

Virtual machines in a cloud environment are as susceptible to nefarious exploitation – where sensitive data is highly valuable – as physical machines. The same exposure profile exists regardless of the underlying platform (traditional physical, virtualized, private cloud or public cloud). Although traditional security can be used in the cloud, it is neither built, nor optimized for the cloud.
Download Case Study

Languages: au, en, uk
22 January 2015

Évoluer ou mourir : L’adaptation de la sécurité au monde virtuel

En juin 2011, le Conseil des normes de sécurité PCI (Payment Card Industry) a publié un supplément informatif attendu depuis très longtemps, qui complète la norme de sécurité des données (DSS) et qui se nomme PCI DSS Virtualization Guidelines. Ce guide collaboratif, réalisé par un groupe d’experts en sécurité et en conformité, regroupe des conseils à l’intention des équipes informatiques, en particulier des experts, pour procéder à l’évaluation des infrastructures virtualisées qui rentrent dans le champ d’application des obligations de mise en conformité des cartes de paiements. Deux parties essentielles de ce document se démarquent : la première présente les risques de la virtualisation ; la seconde formule des recommandations de contrôle.
Download Case Study

Languages: fr
05 January 2015

Evolve or Die: Security Adaptation in a Virtual World

As virtualization projects continue to accelerate, organizations are discovering they have changed how datacenters are architected, built, and managed.

This white paper explores areas of security concern organizations must address as they move, ever-increasingly, to rely on virtualization.
Download Case Study

Languages: au, en, uk