Locky Ransomware Makes a Comeback with New .Diablo6 and .Lukitus Variants
Old threats die hard it seems as Locky ransomware, one of the most powerful threats out there, is back in town. Historically, we’ve seen this ransomware do serious damage, as it has rapidly adapted its capabilities to keep victims and security researchers bewildered. Now, it’s evolved with two new forms to become even more stealthy […] more…Cryptocurrency Miner Uses WMI and EternalBlue To Spread Filelessly
By Buddy Tancio Fileless malware can be a difficult threat to analyze and detect. It shouldn’t be a surprise that an increasing number of new malware threats are fileless, as threat actors use this technique to make both detection and forensic investigation more difficult. We recently found a new cryptocurrency miner (which we detect as TROJ64_COINMINER.QO) […] more…Interview with IS Director on Building a “Game Changing” Threat Defense Architecture
Director of Information Security Simon Brown oversees information security for the Liquor Control Board of Ontario (LCBO), one of the world’s largest retailers of beverage alcohol. LCBO operates 650 brick-and-mortar retail stores plus ecommerce and mobile storefronts across the Canadian province. The adaptable threat defense infrastructure that Brown and his very small IS team have […] more…DefPloreX: A Machine-Learning Toolkit for Large-scale eCrime Forensics
By Marco Balduzzi and Federico Maggi The security industry as a whole loves collecting data, and researchers are no different. With more data, they commonly become more confident in their statements about a threat. However, large volumes of data require more processing resources, as extracting meaningful and useful information from highly unstructured data is particularly difficult. […] more…ChessMaster Makes its Move: A Look into the Campaign’s Cyberespionage Arsenal
by Benson Sy, CH Lei, and Kawabata Kohei From gathering intelligence, using the right social engineering lures, and exploiting vulnerabilities to laterally moving within the network, targeted attacks have multifarious tools at their disposal. And like in a game of chess, they are the set pieces that make up their modus operandi. Take for instance the […] more…POS Malware Steals Payment Card and Personal Info from Food Kiosks
Point-of-sale malware can make its way into almost anything these days, from massive corporate systems to individual devices. The latest victim is Avanti Markets, a leading “micro market” vending company hit with malware that has stolen payment and possibly fingerprint data from self-service payment kiosks in various locations. The cybercriminals likely breached the kiosk provider’s […] more…Spam Campaign Delivers Cross-platform Remote Access Trojan Adwind
Cybercriminals are opportunists. As other operating systems (OS) are more widely used, they, too, would diversify their targets, tools, and techniques in order to cash in on more victims. That’s the value proposition of malware that can adapt and cross over different platforms. And when combined with a business model that can commercially peddle this […] more…Petya More Effective at Destruction Than as Ransomware
At the beginning of the recent Petya malware campaign, the world was quick to exclaim this attack was ransomware. Now, with time to analyze the facts and make comparisons to other ransomware campaigns, this Petya attack does not look so much like ransomware. To back up this claim, let’s examine three other well-known ransomware campaigns: […] more…Information Stealer Found Hitting Israeli Hospitals
The abuse of shortcut (LNK) files is steadily gaining traction among cybercriminals. We’ve seen a plethora of threats that leverage malicious LNK files: from well-known ransomware families, backdoors typically deployed in targeted attacks, and banking Trojans to spam emails, even an exploit to a LNK vulnerability itself. These threats are usually exacerbated by the further […] more…How to Protect Against Petya Ransomware in a McAfee Environment
This post has been updated with information about McAfee Enterprise Security Manager and McAfee Web Gateway (June 28, 14:20 Pacific time). A new variant of the ransomware Petya (also called Petrwrap) began spreading around the world on June 27. Petya is ransomware that exploits the vulnerability CVE-2017-0144 in Microsoft’s implementation of the Server Message Block protocol. This ransomware […] more…Large-Scale Petya Ransomware Attack In Progress, Hits Europe Hard
A large-scale ransomware attack reported to be caused by a variant of the Petya ransomware is currently hitting various users, particularly in Europe. This variant, which Trend Micro already detects as RANSOM_PETYA.SMA, is known to use both the EternalBlue exploit and the PsExec tool as infection vectors. Users and organizations are thus advised to perform the […] more…Large-Scale Ransomware Attack In Progress, Hits Europe Hard
A large-scale ransomware attack reported to be caused by a variant of the Petya ransomware is currently hitting various users, particularly in Europe. This variant, which Trend Micro already detects as RANSOM_PETYA.SMA, is known to use both the EternalBlue exploit and the PsExec tool as infection vectors. Users and organizations are thus advised to perform the […] more…Following the Trail of BlackTech’s Cyber Espionage Campaigns
by Lenart Bermejo, Razor Huang, and CH Lei (Threat Solution Team) BlackTech is a cyber espionage group operating against targets in East Asia, particularly Taiwan, and occasionally, Japan and Hong Kong. Based on the mutexes and domain names of some of their C&C servers, BlackTech’s campaigns are likely designed to steal their target’s technology. Following […] more…AdGholas Malvertising Campaign Employs Astrum Exploit Kit
At the end of April this year, we found Astrum exploit kit employing Diffie-Hellman key exchange to prevent monitoring tools and researchers from replaying their traffic. As AdGholas started to push the exploit, we saw another evolution: Astrum using HTTPS to further obscure their malicious traffic. We spotted a new AdGholas malvertising campaign using the […] more…Analyzing the Fileless, Code-injecting SOREBRECT Ransomware
by Buddy Tancio (Threats Analyst) Fileless threats and ransomware aren’t new, but a malware that incorporates a combination of their characteristics can be dangerous. Take for instance the fileless, code-injecting ransomware we’ve uncovered—SOREBRECT, which Trend Micro detects as RANSOM_SOREBRECT.A and RANSOM_SOREBRECT.B. We first encountered SOREBRECT during our monitoring in the beginning of second quarter this […] more…Yara Used to RickRoll Security Researchers
For most security researchers, Yara, a tool that allows them to create their own set of rules for malware tracking, is an invaluable resource that helps automate many processes. However, despite Yara’s reliability, it shouldn’t be the only tool used to monitor new versions of malware. This article will show why. There are many resources […] more…More information
- To crypt, or to mine – that is the question
- Microsoft’s top lawyer: We face ‘digital dark ages’ without Safe Harbor solution
- LastPass Says DevOps Engineer Home Computer Hacked
- Trucking Giant Says Ransomware Attack Had $7.5M Impact
- Mobile health device market to grow 8X to $42B
- From phish to network compromise in two hours: How Carbanak operates
- Surveillance cameras sold on Amazon infected with malware
- Exploit lets your farm Dead Space 3 items to avoid micro-transactions
- FBI faces lawsuit because it’s stayed mum on iPhone 5c hack
- Joke dating site matches people based on their passwords