welcome to

White Papers

Ransomware – A Growing Menace for Healthcare Providers

Costs associated with data breaches in healthcare are nearly three times higher than in other industries. Health or clinical data is also the most common type of personal data compromised. Electronic health records contain highly sensitive data, yet many clinics communicate through unsecure channels and their systems are poorly patched. Stolen patient health information that makes its way onto the dark can be used for various kinds of fraud and extortion, such as banking and credit fraud, healthcare fraud, identity theft and ransom extortion.


Linux in the Datacenter: Why Baseline Security is Not Enough

The Linux kernel has been characterized as the most exposed operating system in the world, surpassing even Mac OS X. Beyond kernel, a wide range of vulnerabilities can affect a Linux machine’s application stack, be it proprietary or open source.

Given the prevalence of Linux in the datacenter, such vulnerabilities can cause widespread damage to businesses. Read this Bitdefender whitepaper to learn about notorious Linux attacks from Heartbleed to Erebus ransomware and ways to protect your environment against them.


Top Security Challenges for the Financial Services Industry in 2018

How Well Is the Financial Services Industry Doing on Security? Healthcare, manufacturing and financial services have one thing in common: they are the three most-targeted industries in 2018. Not only do they provide access to reams of data, but the sectors are also critical to society. So, if hackers want to seriously do harm, they can go after either of these sectors to succeed. Companies in the financial services sector manage money, covering banking, offshore financial operations, stock brokers, credit card vendors, insurance companies and investment funds.
What is the actual cost of breaches in this sector and what kind of measures do CISOs leading financial services institutions take to ensure proper cyber defense, data security and prevent business disruption? The financial services sector currently spends as much as 40 percent more on breach containment and detection than it did three years ago, Accenture found, making it easily “the highest cost of cybercrime” in comparison with other industries. Financial services companies are severely impacted by business disruption and information loss, which end up draining the mitigation budget.


Bitdefender Global Mid-Year Threat Landscape Report 2018

The first half of 2018 brought interesting developments in terms of new emerging threats, significant “upgrades” to old threats, and a change in cybercriminal tactics when choosing targets and tools to increase revenue.

From an increase in the number of reported vulnerabilities to ransomware, cryptocurrency miners, fileless malware, and Android threats, we've also seen adware that is now borderline malware and IoT malware that both persistent and resilient.


Triout - The Malware Framework for Android That Packs Potent Spyware Capabilities

Bitdefender researchers have identified a new Android spyware that seems to act as a framework for building extensive surveillance capabilities into seemingly benign applications. Found bundled with a repackaged app, the spyware’s surveillance capabilities involve hiding its presence on the device, recording phone calls, logging incoming text messages, recoding videos, taking pictures, collecting GPS coordinates, and broadcasting all of that to an attacker-controlled C&C server.


The IoT Threat Landscape and Top Smart Home Vulnerabilities in 2018

The IoT market has been booming in the past two years, impacting both consumers and businesses across sectors worldwide. Even though the technology has been widely adopted with great enthusiasm, a thorough security pattern still hasn’t been properly discussed to ensure its further growth in an increasingly sophisticated threat landscape.

Following large-scale cyberattacks launched through exploited IoT botnets in the past two years, IoT risk awareness has slightly increased, yet smart devices are still vulnerable. One major cause is that manufacturers rush to deliver innovative gadgets that catch the eye of the consumer, but completely disregard end-to-end encryption.


Cyber Risk Management

Many experts say that data, and not gold or oil, has become the most valuable commodity in the world in recent years. As the value of data increases, cyber-attacks become a threat that business leaders have no choice but to place at the top of their priority list. But how can organizations manage cyber risks and improve readiness for regulations like GDPR?

This whitepaper uncovers software vulnerabilities as a major risk exposure for organizations. It also shows how frameworks like NIST and patch management solutions can be of great help in eliminating vulnerabilities and manage cyber risk exposure.


Six Years and Counting: Inside the Complex Zacinlo Ad Fraud Operation

The line between adware and spyware has become increasingly fuzzy during recent years as modern adware combines aggressive opt-outs with confusing legal and marketing terms as well as extremely sophisticated persistence mechanisms aimed at taking control away from the user.

This whitepaper details an extremely sophisticated piece of spyware that has been running covertly since early 2012, generating revenue for its operators and compromising the privacy of its victims.


RadRAT: An all-in-one toolkit for complex espionage ops

Around February this year, we came across a piece of malware that had previously gone unnoticed. Buried in the malware zoo, the threat seems to have been operational since at least 2015, undocumented by the research community.
Our interest was stirred by its remote access capabilities, which include unfettered control of the compromised computer, lateral movement across the organization and rootkit-like detection-evasion mechanisms. Powered by a vast array of features, this RAT was used in targeted attacks aimed at exfiltrating information or monitoring victims in large networked organizations.

This whitepaper details on the technical capabilities of RadRAT, its complex lateral movement mechanisms and other particularities that make it an advanced threat.


CISOs’ Toughest Dilemma: Prevention Is Faulty, yet Investigation Is a Burden

A Bitdefender survey on IT security purchase professionals from large companies in the US and Europe

(April 2018)


Endpoint Detection & Response (EDR) - How to safeguard customers’ personally identifiable information under the GDPR

More data records were lost or stolen in the fi rst half of 2017 than in all of 2016. And in 2017, Gartner found organizations were gravely underprepared for the European Union’s General Data Protection Regulation (GDPR). More than half of companies affected by the regulation will not be in full compliance when it takes effect in May, the group said.

With only two months to go before the regulation is enforced, studies show little has changed. Yet the pressure of complying with the upcoming law weighs more heavily on everyone’s shoulders by the day. Fortunately, solutions are readily available to businesses big and small seeking to ensure cyber resilience on their way to GDPR compliance.


Cryptocurrency Mining Craze Going for Data Centers

Cybercriminals have always been financially motivated, and cryptocurrency mining is the latest trend in generating revenue by abusing the same age-old malware attack vectors previously associated with ransomware dissemination. The recent Bitcoin craze, with the currency peaking at $19,000 per unit, has focused cybercriminals on crypto mining, instead of traditional ransomware.

Bitdefender telemetry has shown that crypto currency-enabled malware is increasingly outdoing ransomware in popularity, with the rise in adoption picking up in the past six months.


Hybrid Architectures and Software-Defined Datacenters Drive New Requirements for Security Solutions

The evolution of IT architecture, with the software-defined and cloud technologies at its heart, is fundamental to business transformation. It allows organizations to capitalize on scalable, flexible infrastructure and rapidly roll out new applications, products, and services. At the same time, datacenter modernization introduces security challenges that many solutions struggle to address.

Read this IDC whitepaper, sponsored by Bitdefender, to learn about transformative datacenter technologies (including software-defined compute, storage, networking, hyperconverged infrastructure, and hybrid cloud), the security challenges they entail and new requirements for security solutions they impose.


Playing Hide ‘N Seek: World’s first IoT Botnet with custom-built P2P communication

Bitdefender researchers have uncovered an emerging botnet that uses advanced communication techniques to exploit victims and build its infrastructure. The bot, dubbed HNS, was intercepted by our IoT honeypot system following a credentials dictionary attack on the Telnet service.

The bot was first spotted on Jan. 10 then faded away in the following days, only to re-emerge on Jan. 20 in a significantly improved form.


Operation PZCHAO - Inside a highly specialized espionage infrastructure

This whitepaper tells the story of a custom-built piece of malware that we have been monitoring for several months as it wrought havoc in Asia.

Our threat intelligence systems picked up the first indicators of compromise in July last year, and we have kept an eye on the threat ever since.

This whitepaper takes an in-depth look at the the attack chain, the infrastructure used by the threat actors, the malware subdomains they control and the payloads delivered on the targeted systems, as well as other telltale signs about a possible return of the Iron Tiger APT.


Terdot: Zeus-based malware strikes back with a blast from the past

This whitepaper is a technical analysis of the Terdot, a Banker Trojan that derives inspiration from the 2011 Zeus source code leak. Highly customized and sophisticated, Terdot can operate a MITM proxy, steal browsing information such as login credentials and stored credit card information, as well as inject HTML code in visited Web pages.


Virtualization’s hidden traps: security has become a battlefield for CISOs

• 85% of CISOs fear security flaws in the public cloud
• Half of CISOs say virtualization increases their company’s attack surface
• Only one company in six encrypts all data


EHDevel – The story of a continuously improving advanced threat creation toolkit

More than a year ago, on July 26th 2016, the Bitdefender Threat Intelligence Team came across a suspicious document called News.doc.

Upon preliminary investigation, the sample revealed a set of similar files that bear the same features, but appear to have been used in separate attacks targeted at different institutions.

This plug-and-play malware framework uses a handful of novel techniques for command and control identification and communications, as well as a plugin-based architecture, a design choice increasingly being adopted among threat actor groups in the past few years.

Dubbed EHDevel, this operation continues to this date, the latest known victims reportedly being several Pakistani individuals. In their case, the threat actors have chosen different lures than the ones presented in this paper, but the modus operandi is identical.


New Pacifier APT Components Point to Russian-Linked Turla Group

In 2016, Bitdefender uncovered a new advanced persistent threat dubbed Pacifier, targeting government institutions starting in 2014. Using malicious .doc documents and .zip files distributed via spear phishing e-mails, attackers would lure victims with invitations to social functions or conferences into executing the attachments. Our previous analysis of the Pacifier components revealed that it’s capable of dropping multi-stage backdoors and that the analyzed first stage dropper is also known as “Skipper” by other security vendors.

Our new whitepaper covers an in-depth analysis of the three new backdoor modules, as well a short description of their capabilities and features.


Remote Exploitation of the NeoCoolcam IP Cameras and Gateway

The Internet of connected things has changed the way we interact with our homes, offices or even with our own bodies. But although connected devices are sold mostly everywhere, manufacturers haven’t dived deep into the technology, as more innovation is expected to emerge the more connected we are.

In 2016, security researchers from Bitdefender detected multiple vulnerabilities in a number of Internet of Things devices. This paper is another investigative effort in the IoT space and it details the compromise of a vendor’s line of IPTV and gateway products by trivial remote exploitation.


Inexsmar: An unusual DarkHotel campaign

The DarkHotel threat actors have been known to operate for a decade now, targeting thousands of businesses across the world via Wi-Fi infrastructure in hotels.

This whitepaper covers a sample of a particular DarkHotel attack, known as Inexsmar. Unlike any other known DarkHotel campaigns, the isolated sample uses a new payload delivery mechanism rather than the consacrated zero-day exploitation techniques. Instead, the new campaign blends social engineering with a relatively complex Trojan to infect its selected pool of victims.


Companies blame competition for corporate cyberespionage

A survey of US, UK, French, German, Italian, Swedish and Danish IT execs (Author: Razvan Muresan)


Everything we know about GoldenEye

On January 27th, reports of a rapidly spreading ransomware attack started to emerge from Ukraine. The speed at which critical infrastructure networks were shutting down pointed to a ransomware application with a wormable component, whose virality called to mind the WannaCry ransomware. In less than three hours, the infection crippled banks, ATMs, public transport and an airport, as well as utilities provider Kyivenergo. Then it spread outside the Ukraine.

As multiple critical infrastructure networks reported major blackouts, Bitdefender started an internal investigation over the isolated malware samples to trace the attack’s origin and better understand what it targeted, and how. The following report is based on our internal telemetry and reflects what we know as of the moment of writing.


Everything you need to know about the WannaCry ransomware

For the past decade or so, increasing tensions between International governments have led to what IT security experts call today “cyberterrorism” – the use of cyberweapons (hacks) to spy on or to commission cyber-attacks overseas.

The most recent such example occurred on May 12, 2017 when an unknown group of hackers deployed what was to become the most dangerous ransomware attack ever recorded. WannaCry, as the malware is dubbed, leverages a (now patched) 0-Day vulnerability developed by hackers contracted by the NSA. This whitepaper is a technical detail into how the malware operates and its spreading techniques.


Ransomware targets SMBs due to weaker protection and greater willingness to pay up

Attackers are now targeting small and medium businesses to extort higher fees, a Bitdefender survey shows, meeting the company’s predictions for 2017. (Author: Razvan Muresan)


Inside Netrepser – a JavaScript-based Targeted Attack

In May 2016, the Bitdefender threat response team isolated a number of samples from the internal malware zoo while looking into a custom file-packing algorithm. A deeper look into the global telemetry revealed that this piece of malware was strictly affecting a limited pool of hosts belonging to a number of IP addresses marked as sensitive targets.

Its unusual build could have easily make it pass like a regular threat that organizations block on a daily basis ; however, telemetry information provided by our event correlation service has pointed out that most of its victims are government agencies.


Delivering strong security in a hyperconverged data center environment

A new trend is emerging in data center technology that could dramatically change the way enterprises manage and maintain their IT infrastructures. It’s called hyperconvergence, and it’s gaining momentum as companies look for ways to run more efficient and agile technology environments.


Dissecting the APT28 Mac OS X Payload

Since the APT28 group’s emergence in 2007, Bitdefender has become familiar with the backdoors used to compromise Windows and Linux targets, such as Coreshell, Jhuhugit and Azzy for the former OS or Fysbis for the latter.

This year we have been able to finally isolate the Mac OS X counterpart - the XAgent modular backdoor. This whitepaper describes our journey in dissecting the backdoor and documenting it piece by piece.


Virtualization makes CIOs role key

An October 2016 Bitdefender survey of 250 IT decision makers in the United States in companies with more than 1,000 PCs, shows they will rise in companies’ hierarchies, as CEOs and board members face increasing internal and external security risks that could ruin customer trust and business forecasts. Still, not all C-suites include CIOs/CISOs in the business decision-making process. This survey, carried out by iSense Solutions, shows how IT decision makers perceive their role inside the organizations and what they need to meet shareholder expectations. How has virtualization changed the security game? How many attacks can be stopped with the current resources? Would they pay to avoid public shaming?


Security Awareness in the Age of Internet of Things (A 2016 Bitdefender Study)

This paper looks to shed light on home users’ perception of smart technologies, to showcase how consumer IoT is embraced and understood by Internet users around the United States and Europe. Without a doubt, people are excited by the novelty of connected objects, but how well do they manage security and privacy? Are they succeeding or failing as the administrator of Things in their homes?


Encrypting Businesses – ransomware developers’ favorite cash cow

Ransomware, the most prolific cyber threat of the moment, gains foothold in organizations and companies via file-sharing networks, e-mail attachments, malicious links or compromised websites that allow direct downloads. The first quarter of 2016 saw 3,500% growth in the number of ransomware domains created, setting a new record.


From ideas to patents. How visionary security dreams become breakthrough technologies

The R&D team is at the center of Bitdefender to ensure we are fully equipped to look after our customers’ interests, both now and in the future. Our team of engineers and researchers reached the 600+ milestone this year. To keep the innovation flame burning bright, Bitdefender invests 25% of its yearly research and development budget in visionary security dreams. From a total of 72 patents, Bitdefender has 42 patents issued for core technologies in past three years alone. In addition, 35 more are currently filed for examination. With almost 10 percent of Bitdefender patents pertaining to machine-learning algorithms for detecting malware and other online threats, deep learning and anomaly-based detection techniques play a vital role in proactively fighting new and unknown threats.


Virtualization brings new security challenges for large companies

An October 2016 Bitdefender survey of 250 IT decision makers in the United States in companies with more than 1,000 PCs shows that virtualization is a strategic priority, yet they are still not fully ready for the security challenges this environment brings. Hybrid infrastructures have become the major common architecture in the enterprise environment and CIOs have to adapt to the new world.

This survey, carried out by iSense Solutions, shows the main security concerns and issues they face. What cyber threats are companies not ready to handle?

What are the main concerns regarding the security management of hybrid infrastructures? Why do IT decision makers fear for their jobs?


Delivering Security and Performance in the Continuous Data Center

Enterprises are rapidly transforming how applications, services, and data are delivered and have brought tremendous transformation to enterprise cybersecurity. The changes brought by virtualization, public and private clouds, and the adoption of enterprise management practices such as DevOps are nothing short of astounding.

Unfortunately, when it comes to being both swift and nimble, cybersecurity efforts sometimes can get in the way—at least if they aren’t done right. To successfully secure the continuous data center, security must be continuous, manageable, and unobtrusive.


Pacifier APT

Bitdefender detected and blocked an ongoing cyber-espionage campaign against Romanian institutions and
other foreign targets.


Hypervisor Introspection - A Revolutionary Approach to Targeted Attacks

Recent headlines about data breaches are clear – securing infrastructures against increasingly targeted attacks is imperative, yet traditional endpoint security tools are not closing the gap with attack technologies, let alone getting ahead of them.

A study conducted in February 2016 shows it takes companies an average of 5 months to detect a data breach. What’s more, 53% of them needed external investigators to discover them, as internal resources showed no signs of a breach.


The Impact of Virtualization Security on Your VDI Environment

VDI empowers employees and employers with many benefits, no matter the size of the organization. However, as with any environment, security should always play a pivotal role and should complement the business environment. With VDI it’s no different; security should be seamless, without any effect on the user experience.


Securing the Virtual Infrastructure without Impacting Performance

Virtualization offers many benefits, but also raises additional performance issues in areas of security. This bodes the question: is virtualization security counterproductive? Moreover, do the currently-available security solutions impact some of the benefits offered by virtualization, creating bottlenecks and additional issues in virtualized environments as compared to physical server environments?


Evolve or Die: Security Adaptation in a Virtual World

As virtualization projects continue to accelerate, organizations are discovering they have changed how datacenters are architected, built, and managed.

This white paper explores areas of security concern organizations must address as they move, ever-increasingly, to rely on virtualization.


Next Generation Security for Virtualized Datacenters

To accelerate the business benefits enabled by virtualization, companies must not overlook security. However isolated and self-contained, virtual containers are still vulnerable to increasingly sophisticated malicious attacks carried out by dedicated networks of cybercriminals. The larger the virtualized environment, the more challenging it can become to efficiently secure virtual machines.


The New IT Acronym KISSME: Keep IT Security Simple, Manageable, and Effective

IT has evolved immensely over the past decade, always adapting to become faster, more agile, and more efficient. Unfortunately, security threats have evolved as well, and are more stealthy, more intelligent, and more malicious than ever before.


Getting the most out of your cloud deployment

Virtual machines in a cloud environment are as susceptible to nefarious exploitation – where sensitive data is highly valuable – as physical machines. The same exposure profile exists regardless of the underlying platform (traditional physical, virtualized, private cloud or public cloud). Although traditional security can be used in the cloud, it is neither built, nor optimized for the cloud.