July 19, 2021

How to detect a cyberattack and prevent money theft

Money theft is one of the most important risks for any organization, regardless of its scope of activity. According to our data, 42% of cyberattacks on companies are committed to obtain direct financial benefits. You can detect an attack at various stages — from network penetration to the moment when attackers start withdrawing money. In this article, we will show how to detect an attack at each of its stages and minimize the risk, as well as analyze two common scenarios of such attacks: money theft manually using remote control programs and using special malware — a banking trojan.

April 21, 2021

Open letter to the research community

Dear all,

In light of recent events, we have received many words of encouragement in comments on social media, through direct messages, and over the phone. We truly appreciate your support. It means a lot to us.

Over the years, we have detected and helped fix a huge number of vulnerabilities in applications and hardware from almost all renowned vendors, such as Cisco, Citrix, Intel, Microsoft, Siemens, and VMware.

All this would be impossible without close collaboration with the best infosec researchers, or without vendors' proactive approach and willingness to cooperate with research centers like ours in fixing all detected vulnerabilities. In line with the responsible disclosure policy, we only announce new vulnerabilities by agreement with vendors, and only after the vendor itself confirms it has fixed the bug and delivered the patch to customers.

We believe this approach makes our world better and more secure.

To unite our community, we started Positive Hack Days (PHDays), the biggest international security forum in Russia. Cybersecurity specialists and business leaders now have an opportunity to connect with white hats and cybersecurity geeks who know firsthand what a true pentest is and are willing to share their experience.

To gain more practical knowledge on how cybercriminals operate in actual life, every year for more than a decade now, we have held The Standoff, an attackers-vs-defenders cyberbattle set in a real-world environment. Only this way, under hyper-realistic conditions, is it possible to learn how infrastructure components can be attacked and how to protect them. The Standoff and PHDays threw their doors open to capture-the-flag (CTF) teams from many countries, including Russia, the U.S., Kazakhstan, India, Japan, and the UAE. Even the world’s top CTF teams, such as PPP, Carnegie Mellon University's competitive hacking team, have sharpened their skills in cyberexercises at The Standoff cyber-range.

Following our principle of open knowledge for the community, we made the event available to everyone. All-comers could watch videos of interesting talks, try their hand at detecting vulnerabilities or warding off a cyberattack, as well as freely monitor the cyberbattle traffic and take this expertise away with them so as to better protect their companies, develop efficient antihacker products, and create securer solutions and components.

Openness of information and knowledge, responsible disclosure, and a hands-on approach to cybersecurity are our key values. As such, we cannot but promise hot new infosec research, continued wide support for the community, and a host of new interesting conferences.

Thank you very much for your support, and see you all at PHDays 10!

Please also go check out our collection of best infosec findings in the past three years, and share it with your colleagues.

Denis Baranov,

Managing Director, Head of Research Department at Positive Technologies

April 16, 2021

Positive Technologies' official statement following U.S. sanctions

As a company, we deny the groundless accusations made by the U.S. Department of the Treasury. In the almost 20 years we have been operating there has been no evidence of the results of Positive Technologies’ research being used in violation of the principles of business transparency and the ethical exchange of information with professional information security community.