South Korean Wipers and Spear Phishing E-mails
News broke last week of a “wiper” malware that affected South Korean banks and broadcasting companies. NSHC Red Alert Team has published a detailed analysis of the malware here. There were several hashes mentioned for the same component, which suggest multiple operations under the same campaign. So how did the affected companies get infected? No […] more…APT43: An investigation into the North Korean group’s cybercrime operations
Introduction As recently reported by our Mandiant’s colleagues, APT43 is a threat actor believed to be associated with North Korea. APT43’s main targets include governmental institutions, research groups, think tanks, business services, and the manufacturing sector, with most victims located in the United States and South Korea. The group uses a variety of techniques and […] more…Gaming-related cyberthreats in 2020 and 2021
The video game industry is soaring, not in the least thanks to the lockdowns, which forced people to look for new ways to entertain themselves and socialize. Even with things going back to normal, gaming is expected to have a very bright future. Newzoo estimates the industry to gross 175.8 billion USD in 2021, which […] more…Kids on the Web in 2021: Infinite creativity
For over a year we’ve been living in a world gripped by the COVID-19 pandemic. Not only has the pandemic affected people’s lifestyles, it has also accelerated the development and implementation of technologies that make it easier for us to complete everyday and work-related tasks. We no longer need to fly halfway around the world […] more…Exposing Modular Adware: How DealPly, IsErIk, and ManageX Persist in Systems
By RonJay Caragay, Fe Cureg, Ian Lagrazon, Erika Mendoza, and Jay Yaneza (Threats Analysts) Adware isn’t new and they don’t spark much interest. A lot of them are overlooked and underestimated because they’re not supposed to cause harm — as its name suggests, adware is advertising-supported software. However, we have constantly observed suspicious activities caused […] more…Project TajMahal – a sophisticated new APT framework
Executive summary ‘TajMahal’ is a previously unknown and technically sophisticated APT framework discovered by Kaspersky Lab in the autumn of 2018. This full-blown spying framework consists of two packages named ‘Tokyo’ and ‘Yokohama’. It includes backdoors, loaders, orchestrators, C2 communicators, audio recorders, keyloggers, screen and webcam grabbers, documents and cryptography key stealers, and even its […] more…5 Ways to Protect Your Finances Online
Financial companies continue to innovate with their online products and services, bringing conveniences for customers, but challenges when it comes to security. This is because the current “fintech” (financial technology) landscape doesn’t just include traditional banks with online services. New players, like cryptocurrency sites, robo advisors and online loan providers have all joined the party. […] more…IT threat evolution Q2 2018. Statistics
Q2 figures According to KSN: Kaspersky Lab solutions blocked 962,947,023 attacks launched from online resources located in 187 countries across the globe. 351,913,075 unique URLs were recognized as malicious by Web Anti-Virus components. Attempted infections by malware designed to steal money via online access to bank accounts were logged on the computers of 215,762 users. […] more…Post-Tax Season Spam Campaign Delivers URSNIF to North American Taxpayers
by Marshall Chen, Loseway Lu, Kawabata Kohei, and Rubio Wu Tax season has traditionally been notorious for increased cybercrime activity, as threat actors take advantage of a large number of people rushing to file their taxes. The problem has cost taxpayers billions of dollars — tax fraud amounted to $2.5 billion worth of losses in […] more…IT threat evolution Q1 2018. Statistics
Q1 figures According to KSN: Kaspersky Lab solutions blocked 796,806,112 attacks launched from online resources located in 194 countries across the globe. 282,807,433 unique URLs were recognized as malicious by Web Anti-Virus components. Attempted infections by malware designed to steal money via online access to bank accounts were logged on the computers of 204,448 users. […] more…Uncovering the Inner Workings of EyePyramid
Two Italians referred to as the “Occhionero brothers” have been arrested and accused of using malware and a carefully-prepared spear-phishing scheme to spy on high-profile politicians and businessmen. This case has been called “EyePyramid”, which we first discussed last week. (Conspiracy theories aside, the name came from a domain name and directory path that was found during the […] more…Kiristysohjelmat ja sinä
Olin viime viikonloppuna läheisellä rullaluisteluradalla, jossa lapseni pääsivät ensimmäistä kertaa kokeilemaan taitojaan rullaluistimilla. Seurailin juuri, kuinka esikoiseni selvitti kokonaisen kierroksen ongelmitta, kun eräs toinen isä tuli luokseni ja sanoi: ”Sinä kun olet tietoturva-alalla – mitä ne kiristysohjelmat oikein ovat? Pitäisikö niistä olla huolissaan?” Minulta on kyselty viime aikoina enemmänkin kiristysohjelmista, mutta se oli kyllä ensimmäinen […] more…Belästigung in sozialen Medien ist eine reale Bedrohung. So schützen Sie sich.
Es ist eine traurige Wahrheit, dass der Deckmantel der Anonymität und ein riesiges Mikrofon das Niederträchtigste in einigen Leuten hervorbringt. Das trifft heutzutage in besonderem Maße auf soziale Medien zu. Online-Belästigungen und Hassnachrichten sind in sozialen Medien leider ein wachsender Trend, der zunehmend Besorgnis in puncto Sicherheit hervorruft. Tatsächlich sagen 40 % der Internetnutzer, sie hätten […] more…Multiplatform Boleto Fraud Hits Users in Brazil
A study conducted around June last year revealed a malware-based fraud ring that infiltrated one of Brazil’s most popular payment methods – the Boleto Bancário, or simply the boleto. While the research and analysis was already published by RSA, we’ve recently discovered that this highly profitable fraud is still out in the wild and remains […] more…Reminder: be careful opening invoices on the 21st March
On March 4th we spotted a large number of unusual emails being blocked by our Linux Mail Security product. The emails all contained the same PDF attachment (MD5: 97b720519aefa00da58026f03d818251) but were being sent from many different source addresses. The emails were written in German and most were sent from German IP addresses. Below is a […] more…Varying Degrees of Malware Injections Decoded
It is no longer the day of human-readable injections, or even the use of basic encoding schemes like base64. Instead we’re seeing a rise in complex, and in some instances, elusive encoding schemes that carry with them a big punch. There are varying degrees of malware injections that include some of the following traits: Encoding (pretty […] more…More information
- Man Sentenced to 5 Years in Prison for DDoS Attacks
- Senators Reintroduce DHS Cyber Hunt and Incident Response Teams Act
- Microsoft Windows PDF Library CVE-2016-3215 Information Disclosure Vulnerability
- Log4Shell-like code execution hole in popular Backstage dev tool
- US lawmaker who’s pushing anti-swatting bill gets swatted
- New Android ransomware uses clickjacking to gain admin privileges
- Instagram vulnerability: Anyone can add you, see your photos
- ICANN resets passwords after website breach
- Resolved: Voice Service Maintenance: University Park
- Second LulzSec member pleads out in Sony Pictures attack