U.S. government authorities have issued warnings about malware attacks related to the Hidden Cobra group. In response LogPoint has developed a Hidden Cobra Application specifically designed to detect Joanap and Brumbul malware, that seems to be the current Hidden Cobra weapons of choice. The LogPoint Hidden Cobra App is available to all LogPoint users now.
Copenhagen – June 6, 2018 – The U.S. Department of Homeland Security and the FBI has issued a warning against a Remote Access Trojan called Joanap and a brute-force authentication/server message block worm called Brambul. This malicious activity can be tied to the Hidden Cobra group, also linked to last year’s WannaCry ransomware outbreak.
In response, LogPoint has developed a Hidden Cobra application for the LogPoint SIEM solution. It enables users to normalize data from the specified source and view statistics for Hidden Cobra. LogPoint can fully extract and correlate the Hidden Cobra events and at the same time, combine the results with observations from other systems. Admins can use LogPoint to get alerts in real time and provide long-term analytics
Jonap is a typical remote access Trojan, traditionally used in phishing attacks. Hidden Cobra uses it for data exfiltration purposes, and to “drop and run” payloads. Brambul is a type of brute-force authentication worm that spreads by using log-in parameters to self-authenticate on remote devices.
With the help of the LogPoint SIEM solution, you can track malware infection within an infrastructure by detecting malicious file installation, data exfiltration and connection attempt to any compromised infrastructure within minutes. LogPoint continuously monitors your infrastructure to detect any possible indicators of compromise.
“We use an Integrity scanner/Windows server, firewall and mail server to detect malicious file installations, malware infected hosts, connections to malicious listed sources and any emails sent to malicious addresses with compromised system information. Furthermore, LogPoint vulnerabilitymanagement detects any hosts vulnerable to malware, providing you top-tier protection,” says Christian Have, LogPoint Chief Product Officer.
The LogPoint solution combines the simplicity and flexibility by design with cutting-edge technology, including UEBA capabilities. The simplicity and flexibility of LogPoint does not only apply to the technical platform but also to the business model, which includes a licensing structure that drastically reduces the cost of deploying a SIEM solution whether it is local or global, hosted on-premise or in the cloud via our MSSPs.
LogPoint enables organizations to convert data into actionable intelligence, improving their cybersecurity posture and creating immediate business value. Our advanced next-gen SIEM, UEBA and Automation and Incident Response solutions, simple licensing model, and market-leading support organization empower our customers to build, manage and effectively transform their businesses. We provide cybersecurity automation and analytics that create contextual awareness to support security, compliance, operations, and business decisions. Our offices are located throughout Europe and in North America. Our passionate employees throughout the world are achieving outstanding results through consistent customer value-creation and process excellence. Don’t just take our word for it, our more than 600 customers agree. Check out our 98% customer satisfaction rating. We scored extremely well in the Gartner Peer Insights review for Security Information and Event Management (SIEM) and received a Silver Award in the Gartner 2017 Customer Choice Awards. With more than 50 certified partners, we are committed to ensuring our deployments exceed expectations.