Defense Evolved: From Threat Intelligence, to Investigation, to Orchestration with DXL
In my last post, I discussed the attributes of our adversaries, the drivers behind their activities, and their recent attack methodologies. I also discussed the threat defense efficacy curve, which illustrates how cyber defense capabilities decline in efficacy over time as attackers develop countermeasures to evade them. My FOCUS 16 keynote last week also explained […] more…Talking About Cyber Risks Educates the Community
In the last 12 months, we have seen an unprecedented number of cyberattacks occur or come to light. Sophisticated attacks against governments, businesses, consumers, and the pillars of the Internet itself. The future appears to be fraught with runaway risks. Can security tame data breaches, ransomware, massive denial of service assaults, cyber theft, and attacks against autonomous and […] more…Security, Time, and the Decline of Efficacy
This week at the FOCUS’16 conference in Las Vegas, I shared perspectives on today’s changing threat landscape, how we must re-think cyber defense technologies, and Intel Security’s vision for thwarting the cyber-threats of tomorrow. In 2016, we saw significant cases of cyber activity from criminals, nation-states, and hacktivists. In each case, they’ve really upped their […] more…New Bizarro Sundown Exploit Kit Spreads Locky
A new exploit kit has arrived which is spreading different versions of Locky ransomware. We spotted two cases of this new threat, which is based on the earlier Sundown exploit kit. Sundown rose to prominence (together with Rig) after the then-dominant Neutrino exploit kit was neutralized. Called Bizarro Sundown, the first version was spotted on October 5 with a second sighting two weeks […] more…IT threat evolution Q3 2016. Statistics
Download the full report (PDF) Statistics All the statistics used in this report were obtained using Kaspersky Security Network (KSN), a distributed antivirus network that works with various anti-malware protection components. The data was collected from KSN users who agreed to provide it. Millions of Kaspersky Lab product users from 213 countries and territories worldwide […] more…IT threat evolution Q3 2016
Download the full report (PDF) Overview Targeted attacks and malware campaigns Dropping Elephant Targeted attack campaigns don’t need to be technically advanced in order to be successful. In July 2016 we reported on a group called Dropping Elephant (also known as ‘Chinastrats’ and ‘Patchwork’). Using a combination of social engineering, old exploit code and some […] more…How Valuable is Your Healthcare Data?
Health care is a hot topic in security right now. A quick search for “hospital ransomware” returns a laundry list of news reports on hospitals as targets of cyberattacks. However, it is not just ransomware that people need to worry about. In the report Health Warning: Cyberattacks Are Targeting the Health Care Industry, our McAfee […] more…Free tool protects PCs from master boot record attacks
Cisco Systems’ Talos team has developed an open-source tool that can protect the master boot record of Windows computers from modification by ransomware and other malicious attacks. The tool, called MBRFilter, functions as a signed system driver and puts the disk’s sector 0 into a read-only state. It is available for both 32-bit and 64-bit […] more…NoMoreRansom Initiative Gets Global Law Enforcement Support
Law enforcement agencies from 13 additional countries have signed up to the NoMoreRansom project since it started in July 2016. The project, launched as a collaborative initiative by the Dutch National Police, Europol, Kaspersky Lab and Intel Security, is designed to provide practical help for victims of ransomware. read more more…Several Exploit Kits Now Deliver Cerber 4.0
We have tracked three malvertising campaigns and one compromised site campaign using Cerber ransomware after version 4.0 (detected as as Ransom_CERBER.DLGE) was released a month after version 3.0. More details of this latest iteration of Cerber are listed in a ransomware advertisement provided by security researcher Kafeine. The upgrades include shifting their ransom note to […] more…Trust me, I have a pen
Earlier today we became aware of a malicious website delivering Petya through the Hunter exploit kit. While there is nothing special about yet another exploit kit page, this one caught our attention because it mimics the index page of our sinkhole systems. A malicious webpage faking one of our research systems With cybercriminals increasingly trying […] more…Encryptor RaaS Shuts Down Without Releasing Master Key
Security researchers earlier this year managed to zero-in on the Encryptor Ransomware-as-a-Service (Raas), which forced the developer to shut down the operation, but without releasing the master key to help victims. read more more…The Rise and Fall of Encryptor RaaS
by Stephen Hilt and Fernando Mercês Back in July 2015, a new ransomware as a service named “Encryptor RaaS” (detected by Trend Micro as RANSOM_CRYPRAAS.SM) entered the threat scene, rivaling or at least expecting to succeed the likes of similar get-rich-quick schemes from Tox and ORX Locker. The newcomer appeared to be a dark horse: […] more…How to keep terrifying medical device hacks from becoming reality
While some of the scariest IoT hacks envisioned – those involving hijacked medical devices such as pacemakers and insulin pumps – have yet to surface in the real world, those in the medical and IT security fields are not letting down their guard. They’ve seen enough ransomware and other attacks on healthcare outfits of late […] more…The banker that can steal anything
In the past, we’ve seen superuser rights exploit advertising applications such as Leech, Guerrilla, Ztorg. This use of root privileges is not typical, however, for banking malware attacks, because money can be stolen in numerous other ways that don’t require exclusive rights. However, in early February 2016, Kaspersky Lab discovered Trojan-Banker.AndroidOS.Tordow.a, whose creators decided that […] more…Sophos Unveils Next-Gen Security Product "Intercept X"
Sophos “Intercept X” Endpoint Security Integrates Next Generation Anti-Exploit and Anti-Ransomware Technology read more more…More information
- We won! Naked Security scoops “Legends of security” award
- Library service interruption, June 12, 2013
- Cisco Webex supports hybrid work with new collaboration capabilities
- U.S. Charges Two Iranians Over SamSam Ransomware Attacks
- Apple bans outdated Adobe Flash plugins from Safari
- Black Basta Ransomware Hit Over 500 Organizations
- WebAccess: new certificate for connect.webaccess.psu.edu
- Use of Tor pointed FBI to Harvard University bomb hoax suspect
- Large-scale Google malvertising campaign hits users with exploits
- Kansas Water Facility Switches to Manual Operations Following Cyberattack