Global
Africa
South Africa
Albania
Australia
Austria
Belgium
Bosnia Herzegovina
Bulgaria
Canada
Canada FR
Croatia
Czech Republic
Denmark
Estonia
Finland 
Finland (English)
France
Germany
Hong Kong
Hungary
Iceland
India
Indonesia
Ireland
Israel
Italy
Kosovo
Latvia
Lithuania
Malaysia
Middle East
Montenegro
Netherlands
New Zealand
North Macedonia
Norway
Philippines
Poland
Portugal
Romania
Saudi Arabia
Serbia
Singapore
Slovakia
Slovenija
Spain
Sweden
Switzerland DE
Thailand
Turkey
USA
Ukraine
United Kingdom
Vietnam
SentinelLabs 2020 Review of Fighting Cybercrime
SentinelLabs came into being at the back end of 2019 as a means of providing value to the cyber security community by focusing on research and threat intelligence unavailable elsewhere.
Looking back over the last 12 months, they have seen the cybercrime story unsurprisingly dominated by social engineering and malware campaigns themed around the COVID-19 pandemic. But there were also a lot of other things going on, from an explosion in RaaS (ransomware as a service) offerings and victim data exploitation with operators like Maze and Egregor, to a unique macOS ransomware/spyware campaign and, notably, the SUNBURST SolarWinds Orion supply chain attack.
You can catch up on all their research and threat intelligence posts at SentinelLabs,
but here is a brief recap on some of the main highlights:
January
SentinelLabs broke news of a new TrickBot backdoor called “PowerTrick”. Built for stealth, persistence and reconnaissance, PowerTrick is deployed inside infected high-value targets such as financial institutions.
February
SentinelLabs rounded up a collection of the toolsets used by North Korean cybercrime actors, including Bistromath, Hoplight, Slickshoes and more.
March
SentinelLabs developed a unique unpacker for the crypter used to obfuscate Get2 DLLs utilizing SMT.
April
SentinelLabs was the first to uncover how the infamous IcedID botnet uses social engineering and custom PowerShell uploaders to steal documents related to the victim’s identity and tax returns.
May
SentinelOne’s Vigilance MDR team revealed how their Incident Response procedure uncovered an APT actor’s entry point, lateral movement, and persistence mechanisms.
June
SentinelLabs revealed affiliate preconditions, technical details, and victim exploitation associated with the NetWalker RaaS.
July
SentinelLabs researchers were the first to reverse the encryption routine used in a rare case of macOS ransomware malware and to release a public decryptor for any unfortunate victims.
August
SentinelLabs caught a Maze attack customized by human operators to exploit the particular environment of victims in action and detailed the attacker’s moves.
September
From the earliest months of the pandemic, threat actors exploited the COVID-19 coronavirus in multiple ways. A rolling blog post began in February and details the phishing campaigns and other social engineering lures seen by SentinelLabs throughout the year.
October
SentinelLabs was the first to uncover and reverse the ICMP component of the Anchor module.
November
SentinelLabs detailed the Egrefor payload, leveraging of Cobalt Strike and Rclone, and its post-compromise behavior.
December
The final month of 2020 revealed that a nation-state actor had been running a campaign since at least April via what may turn out to be one of the most damaging supply chain attacks of all time, the compromise of SolarWinds Orion, first detected in the environment of cyber security outfit FireEye. SentinelLabs took a look inside the SUNBURST backdoor and the dropped SUPERNOVA webshell trojan.
Conclusion
2020 turned out to be a busy twelve months for all those involved in fighting cybercrime, and for SentinelLabs’ researchers, there was no shortage of threats and threat intelligence to keep on top of.
More details on the SentinelLabs research and findings are available in the full blog here.
Please contact your local Exclusive Networks Account Manager to learn more about how SentinelOne can better protect your organization from cyberattacks.
