Adapting to the changing Threat Landscape with Detection Engineering - VMRay

Adapting to the Changing Threat Landscape
with Detection Engineering


Let’s delve into the evolution of incident response due to the ever-changing threat landscape and the importance of adapting to emerging risks.

As security professionals, we have witnessed firsthand the continuous evolution of incident response while collaborating with diverse security teams across various industries including Fortune 500 companies and government organizations. The dynamic nature of bad actors demands that our response processes and strategies remain agile and responsive. Threat actors constantly refine their tactics, creating more intricate and elusive attacks that are increasingly difficult to detect.

Imagine a seesaw with two distinct ends: on one side, we have the threat actors continuously changing their stripes, adapting their tactics, and devising complex attack vectors. On the other side, we find the dedicated incident response teams, tasked with reacting swiftly and effectively to mitigate the impact of these threats. It’s an ongoing tug of war between threat actors and response teams, and the stakes are high.

In our exploration of the ever-evolving threat landscape, we had initially intended to delve into an example analysis of a different scenario. However, the rapid pace of change in the cybersecurity landscape demands our constant vigilance and adaptability. Just as we were preparing to discuss a particular instance, the landscape shifted once again, compelling us to update our analysis to reflect the latest developments.

One notable transformation that has unfolded is the response of Qbot operators to Microsoft’s decision to auto-block Office macros originating from the web. Faced with this barrier, threat actors swiftly adapted their tactics, leveraging alternative methods to propagate malware and infiltrate systems. One such technique gaining traction is the use of OneNote documents as a vehicle for spreading malicious payloads. This unforeseen twist highlights the agility and resourcefulness of cybercriminals, who are quick to exploit any available vulnerabilities or changes in the security ecosystem.

The rapid evolution we witness within the threat landscape serves as a stark reminder that security measures must continually evolve to counter emerging risks. By remaining at the forefront of these developments and understanding the tactics employed by threat actors, we can proactively fortify our defenses and better safeguard our digital environments.

Course home page: 
Converging Incident Response & Detection Engineering

See VMRay in action.
Start maximizing value for
Incident Response & Detection Engineering

Further resources


Analysis of Qbot to enhance Detection Engineering

Watch the full recording from the our webinar at SANS DFIR Summit.


Explore how you can improve the efficacy of detection Engineering through VMRay.


Check the most advanced sandbox for analyzing malware and phishing.

Welcome to the playground.

Explore what you can do with VMRay.

Click on the yellow dots to check the report formats, see the overview, explore the network connections of the sample, malicious behavior, and relevant files, map the threat on MITRE ATT&CK Framework, analyze and download IOCs and artifacts.

The analysis report tabs are available both for VMRayDeepResponse and VMRayTotalInsight. The bundle of VMRay FinalVerdict and VMRayDeepResponse also offers access to the analysis report tabs.

We’re sorry. 

The interactive tour is not available on mobile devices.

Unveiling the power:
See our experts showcasing VMRay’s capabilities.

Analysis of a malicious file

Join Fatih Akar from the VMRay team as he provides a detailed walkthrough of a malicious LNK file, a prevalent attack vector since Microsoft’s Office macros block.

Gain valuable insights into each tab of our comprehensive analysis report and get a sneak peek into what you’ll be exploring.

Analysis of a malicious URL

Join Andrey Voitenko, an expert in advanced malware and phishing analysis from the VMRay team, as he demonstrates how to submit emails and URLs to the VMRay platform using built-in connectors.

Discover the capabilities of our new Automation Dashboard, enabling one-click automation with your existing EDR, SOAR, SIEM, and TIP tools. Monitor analysis data seamlessly from your VMRay dashboard and unlock new levels of efficiency in your security operations.

Integrating with existing tools

Watch Michael Bourton showcasing the seamless integration of VMRay platform with your existing security stacks.

Discover how effortlessly you can leverage unparalleled detection and analysis capabilities by utilizing dedicated connectors or our Rest API.

Experience VMRay in Action:
Explore Real-world Malware Analysis Reports

Get a firsthand look at the power and capabilities of the VMRay platform by delving into our sample malware and phishing analysis reports.

Immerse yourself in a range of report formats, providing comprehensive insights.

Dive into the overview, explore intricate network connections, analyze malicious behavior in detail, and map threats using the MITRE ATT&CK Framework. See the possibilities to download clear IOCs.

Uncover the capabilities that await you.

Calculate how much malware false positives are costing your organization:
Malware False Positive Cost Calculator