APT trends report Q3 2021
For more than four years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They […] more…DDoS attacks in Q3 2020
News overview Q3 was relatively calm from a DDoS perspective. There were no headline innovations, although cybercriminals did continue to master techniques and develop malware already familiar to us from the last reporting period. For example, another DDoS botnet joined in the assault on Docker environments. The perpetrators infiltrated the target server, created an infected […] more…APT trends report Q3 2019
For more than two years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They […] more…KopiLuwak: A New JavaScript Payload from Turla
On 28 January 2017, John Lambert of Microsoft (@JohnLaTwC) tweeted about a malicious document that dropped a “very interesting .JS backdoor“. Since the end of November 2016, Kaspersky Lab has observed Turla using this new JavaScript payload and specific macro variant. This is a technique we’ve observed before with Turla’s ICEDCOFFEE payloads, detailed in a […] more…An In-Depth Look at How Pawn Storm’s Java Zero-Day Was Used
Operation Pawn Storm is a campaign known to target military, embassy, and defense contractor personnel from the United States and its allies. The attackers behind Operation Pawn Storm have been active since at least 2007 and they continue to launch new campaigns. Over the past year or so, we have seen numerous techniques and tactics […] more…The BlueNoroff cryptocurrency hunt is still on
BlueNoroff is the name of an APT group coined by Kaspersky researchers while investigating the notorious attack on Bangladesh’s Central Bank back in 2016. A mysterious group with links to Lazarus and an unusual financial motivation for an APT. The group seems to work more like a unit within a larger formation of Lazarus attackers, […] more…Cyberthreats to financial organizations in 2022
First of all, we are going to analyze the forecasts we made at the end of 2020 and see how accurate they were. Then we will go through the key events of 2021 relating to attacks on financial organizations. Finally, we will make some forecasts about financial attacks in 2022. Analysis of forecasts for 2021 […] more…APT review: what the world’s threat actors got up to in 2019
What were the most interesting developments in terms of APT activity during the year and what can we learn from them? This is not an easy question to answer, because researchers have only partial visibility and it´s impossible to fully understand the motivation for some attacks or the developments behind them. However, let´s try to […] more…Jenkins Admins: Relying on Default Settings Could Put Master at Risk of Remote Code Execution Attacks
By David Fiser Jenkins is a popular open-source automation server for software development teams. Used for managing the development side in DevOps, the main purpose of Jenkins is to perform tasks, called jobs, such that software project builds are automatically developed in the CI/CD process. Jenkins has a distributed architecture: A master machine manages a […] more…ROCA: Which Key-Pair Attacks Are Credible?
In the past two weeks, we have seen two big encryption issues arise: key reinstallation attacks, called KRACKs; and “Return of Coppersmith’s Attack,” called ROCA. Many CEOs, CIOs, and CISO/CSOs are asking, as they must, “Are we protected?” and “What’s our exposure?” Security architects are scurrying about to identify reasonable responses that can be presented […] more…IT threat evolution Q1 2017
Overview Targeted attacks and malware campaigns More wipers The aim of most targeted attack campaigns is to steal sensitive data. However, this isn’t always the goal. Sometimes attackers erase data instead of – or as well as – trying to gain access to confidential information. We’ve seen several wiper attacks in recent years. They include […] more…VDI: Non-virtual problems of virtual desktop security, and how to solve them for real
Introduction Virtualization marches victoriously across the globe, adding to its list of champions not only individual IT-specialists and businesses, but even whole sections of the IT industry. In fact, it’s barely possible to find a data center with only physical servers on board: both electricity and physical space are far too expensive nowadays to be […] more…KSN Report: Mobile ransomware in 2014-2016
Part 1. KSN Report: PC ransomware in 2014-2016 Download PDF version Statistics The activity of mobile ransomware, although not as widely covered in the media as PC ransomware, also skyrocketed over the period covered by this report. Especially in the second half. Fig. 12: The number of users encountering mobile ransomware at least once in […] more…Apache Web Server Attacks Continue to Evolve
For the past few months we have seen a gradual increase in server-level compromises. In fact, every week it seems we’re handling half a dozen or so and it continues to increase. It’s one of the reasons that I have started including this as a trend in my most recent Website Security presentations. Just last […] more…WordPress Security – Cutting Through The BS
I recently spoke at WordCamp Chicago 2012 and did so on WordPress Security. In this post I’ll share my presentation but also provide context such that it allows the reader to better digest the presentations content. Let me know how I do!!! When putting the presentation together I found myself between a rock and hard […] more…More information
- Critical flaw in WordPress SEO plugin hits millions of sites
- Is outsourcing bad for your IT security?
- Are We Beyond Peak Buzzword?
- Behind the ‘AndroidOS.Koler’ distribution network
- U.S. Seizes $1 Billion Worth of Bitcoin Connected to Silk Road
- Britain Fines US Hotel Chain Marriott Over Data Breach
- Ransomware: Four Ways to Assess This Growing Threat as a Business Risk
- Trolls who use fake profiles to torment others to be prosecuted
- Tesla patches Model S after researchers hack car’s software
- Russia, China said to use hacked databases to find US spies