When phone systems attack
A telephony denial of service (TDoS) attack is a specific type of DDoS attack that originates from or is directed towards a telephone system with the intent of bringing down the targeted system. These attacks commonly focus on commercial businesses and may often include ransomware requests. In reality, these attacks can affect anyone, including our nation’s […] more…Lazarus Under The Hood
Download full report (PDF) In February 2017 an article in the Polish media broke the silence on a long-running story about attacks on banks, allegedly related to the notoriously known Lazarus Group. While the original article didn’t mention Lazarus Group it was quickly picked up by security researchers. Today we’d like to share some of […] more…How To Prevent Ransomware (and Leprechauns) From Locking Up Your Data
St. Patrick’s Day is right around the corner, but before you crowd into your local pub and raise a green pint in honor of the Irish patron saint, keep an eye out for mischievous leprechauns… a.k.a: cybercriminals. No pot of gold is safe: including your company data. Leprechauns may be the stuff of folklore, but […] more…Fake Font Update on Google Chrome Uses Social Engineering to Infect Users with Ransomware
We’ve seen social engineering attacks manipulate users time and time again. From phishing emails, to baiting attempts – this breed of cyberthreat has continued to manipulate users for years. And now a new scam has emerged that utilizes a fake update on Google Chrome to trick users into downloading and infecting themselves with the infamous Spora ransomware. […] more…Spora Ransomware Infects ‘Offline’—Without Talking to Control Server
Spora is a ransomware family that encrypts victims’ files and demands money to decrypt the files. It has infected many computers in a short time due to a huge spam campaign. It has a very special feature—to work offline. Propagation vector The spam campaign carries a .zip file, which contains an HTA (HTML Application) file to […] more…Spam and phishing in 2016
The year in figures According to Kaspersky Lab, in 2016: The proportion of spam in email flows was 58.31%, which is 3.03 percentage points more than in 2015. 62.16% of spam emails were no more than 2 KB in size. 12.08% of spam was sent from the US. Trojan.Win32.Bayrob was the most popular malware family […] more…Lurk: Retracing the Group’s Five-Year Campaign
by Fyodor Yarochkin and Vladimir Kropotov (Senior Threat Researchers) Fileless infections are exactly what their namesake says: they’re infections that don’t involve malicious files being downloaded or written to the system’s disk. While fileless infections are not necessarily new or rare, it presents a serious threat to enterprises and end users given its capability to […] more…Oracle Will Stop Trusting MD5-Signed JAR Files in April
Oracle has decided to give Java developers more time to ensure that their JAR files are not signed with the MD5 algorithm. Java Runtime Environment (JRE) will no longer trust these types of files starting with April 2017. read more more…Updated Sundown Exploit Kit Uses Steganography
This year has seen a big shift in the exploit kit landscape, with many of the bigger players unexpectedly dropping out of action. The Nuclear exploit kit operations started dwindling in May, Angler disappeared around the same time Russia’s Federal Security Service made nearly 50 arrests last June, and then in September Neutrino reportedly went […] more…Businesses as Ransomware’s Goldmine: How Cerber Encrypts Database Files
Possibly to maximize the earning potential of Cerber’s developers and their affiliates, the ransomware incorporated a routine with heavier impact to businesses: encrypting database files. These repositories of organized data enable businesses to store, retrieve, sort, analyze, and manage pertinent information. When utilized effectively they help maintain the organization’s efficiency, so holding these mission-critical files […] more…IT threat evolution Q3 2016. Statistics
Download the full report (PDF) Statistics All the statistics used in this report were obtained using Kaspersky Security Network (KSN), a distributed antivirus network that works with various anti-malware protection components. The data was collected from KSN users who agreed to provide it. Millions of Kaspersky Lab product users from 213 countries and territories worldwide […] more…The Last Key on The Ring – Server Solutions to Ransomware
This entry is the last part of a four-part blog series discussing the different techniques ransomware uses to affect users and organizations. These techniques show that the best way to mitigate the risks brought about by this threat is to implement multiple layers of protection in different aspects of an enterprise network: from the gateway, […] more…Untangling the Ripper ATM Malware
Last August , security researchers released a blog discussing a new ATM malware family called Ripper which they believe was involved in the recent ATM attacks in Thailand. Large numbers of ATMs were also temporarily shut down as a precautionary measure. That analysis gave an overview of the techniques used by the malware, the fact that it targets three major ATM vendors, and […] more…The Hunt for Lurk
In early June, 2016, the Russian police arrested the alleged members of the criminal group known as Lurk. The police suspected Lurk of stealing nearly three billion rubles, using malicious software to systematically withdraw large sums of money from the accounts of commercial organizations, including banks. For Kaspersky Lab, these arrests marked the culmination of […] more…KSN Report: Mobile ransomware in 2014-2016
Part 1. KSN Report: PC ransomware in 2014-2016 Download PDF version Statistics The activity of mobile ransomware, although not as widely covered in the media as PC ransomware, also skyrocketed over the period covered by this report. Especially in the second half. Fig. 12: The number of users encountering mobile ransomware at least once in […] more…JScript-toting Ransomware Can Steal Your Passwords and Bitcoin Wallets, Too
By Renaud Bidou In an effort to develop a target base and increase the conversion rate of victims, ransomware perpetrators will try to veer away from well-known families and create new family sporting seemingly new techniques—with varying degrees of practicality. This is the case with the RAA ransomware, which Trend Micro detects as RANSOM_JSRAA.A. While most ransomware […] more…More information
- Apple Watch rumor hints it’s time for 3D printing to go mainstream
- Spam rate falls below 50 percent for first time in a decade
- Microsoft: Latest ‘Shadow Brokers’ Exploits Already Patched
- Resolved: Network and power outage
- Windows Information Protection to Address Data Leaks in Windows 10
- Wikimedia Gets $2.5 Million in Funding to Secure Wikipedia
- Verifying Software Integrity With Sigstore
- Symantec plays down PGP hole
- Balancing Security Automation and the Human Element
- Breaking Down the Rapidly Evolving GandCrab Ransomware