Internet Safety Begins with All of Us
Internet Safety Begins with All of Us Now’s the time to pause for a moment and consider just how important the internet is to us. Not just any internet. A safer internet. June marks Internet Safety Month. Why June? The original thought was that the onset of summer sees more kids online, making it an […] more…IT threat evolution Q1 2020
Targeted attacks and malware campaigns Operation AppleJeus: the sequel In 2018, we published a report on Operation AppleJeus, one of the more notable campaigns of the threat actor Lazarus, currently one of the most active and prolific APT groups. One notable feature of this campaign was that it marked the first time Lazarus had targeted […] more…Exposed Redis Instances Abused for Remote Code Execution, Cryptocurrency Mining
By David Fiser and Jaromir Horejsi (Threat Researchers) Recently, we wrote an article about more than 8,000 unsecured Redis instances found in the cloud. In this article, we expound on how these instances can be abused to perform remote code execution (RCE), as demonstrated by malware samples captured in the wild. These malicious files have […] more…Spam and phishing in 2019
Figures of the year The share of spam in mail traffic was 56.51%, which is 4.03 p.p. more than in 2018. The biggest source of spam this year was China (21.26%). 44% of spam e-mails were less than 2 KB in size. Malicious spam was detected most commonly with the Exploit.MSOffice.CVE-2017-11882 verdict. The Anti-Phishing system […] more…More Than 8,000 Unsecured Redis Instances Found in the Cloud
By David Fiser (Security Researcher) We discovered 8,000 Redis instances that are running unsecured in different parts of the world, even ones deployed in public clouds. These Redis instances have been found without Transport Layer Security (TLS) encryption and are not password protected. Redis, according to its developers, is originally intended to be used only […] more…Is WhatsApp Safe for Kids? Here’s What Parents Need to Know
We may be talking about the TikTok app in our public circles, but there’s another app — just as widely used — that kids are hoping parents’ won’t ask too many questions about. That’s because they can use the messaging app WhatsApp to talk privately with friends, exchange content and videos, and (hopefully) fly under […] more…DDoS attacks in Q4 2019
News overview In the past quarter, DDoS organizers continued to harness non-standard protocols for amplification attacks. In the wake of WS-Discovery, which we covered in the previous report, cybercriminals turned to Apple Remote Management Service (ARMS), part of the Apple Remote Desktop (ARD) application for remote administration. The first attacks using ARMS were registered back […] more…Happy New Fear! Gift-wrapped spam and phishing
Pre-holiday spam Easy money In the run-up to Christmas and New Year, scam е-mails mentioning easy pickings, lottery winnings, and other cash surprises are especially popular. All the more so given how simple it is to adapt existing schemes simply by mentioning the holiday in the subject line. For example, one scam е-mail with the […] more…First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group
by Ecular Xu and Joseph C Chen We found three malicious apps in the Google Play Store that work together to compromise a victim’s device and collect user information. One of these apps, called Camero, exploits CVE-2019-2215, a vulnerability that exists in Binder (the main Inter-Process Communication system in Android). This is the first known active […] more…DDoS Attacks and IoT Exploits: New Activity from Momentum Botnet
by Aliakbar Zahravi We recently found notable malware activity affecting devices running Linux, a platform that has battled numerous issues just this year. Further analysis of retrieved malware samples revealed that these actions were connected to a botnet called Momentum (named for the image found in its communication channel). We found new details on the […] more…APT review: what the world’s threat actors got up to in 2019
What were the most interesting developments in terms of APT activity during the year and what can we learn from them? This is not an easy question to answer, because researchers have only partial visibility and it´s impossible to fully understand the motivation for some attacks or the developments behind them. However, let´s try to […] more…Cyberthreats to financial institutions 2020: Overview and predictions
Kaspersky Security Bulletin 2019. Advanced threat predictions for 2020 Cybersecurity of connected healthcare 2020: Overview and predictions 5G technology predictions 2020 Corporate security prediction 2020 Key events 2019 Large-scale anti-fraud bypass: Genesis digital fingerprints market uncovered Multi-factor authentication (MFA) and biometric challenges Targeted attack groups specializing in financial institutions: splitting and globalization ATM malware becomes […] more…Operation ENDTRADE: Finding Multi-Stage Backdoors that TICK
By Joey Chen, Hiroyuki Kakara and Masaoki Shoji While we have been following cyberespionage group TICK (a.k.a. “BRONZE BUTLER” or “REDBALDKNIGHT”) since 2008, we noticed an unusual increase in malware development and deployments towards November 2018. We already know that the group uses previously deployed malware and modified tools for obfuscation, but we also found […] more…IT threat evolution Q3 2019. Statistics
These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data. Quarterly figures According to Kaspersky Security Network: Kaspersky solutions blocked 989,432,403 attacks launched from online resources in 203 countries across the globe. 560,025,316 unique URLs were recognized as malicious by Web Anti-Virus components. Attempted infections by […] more…Unwanted notifications in browser
When, back in 2015, push notifications were just appearing in browsers, very few people wondered how this tool would be used in the future: once a useful technology made to keep regular readers informed about updates, today it is often used to shell website visitors with unsolicited ads. To achieve that, users are hoaxed into […] more…Black Friday Alert 2019: Net Shopping Bag of Threats
Every year, Kaspersky releases an annual Black Friday alert to highlight how fraudsters may capitalize on increased levels of online shopping at this time of year when many brands are offering their customers appealing discounts. In the rush to get a big discount or, even more panic-inducing, a limited time offer, many shoppers lose all […] more…More information
- Whatsapp now provides end-to-end encryption by default for messages
- VMware Patches File Read, SSRF Vulnerabilities in vCenter Server
- Novel 5G Attack Bypasses Need for Malicious Base Station
- Adobe updates Flash again in a Patch Tuesday of its own
- Targeted Attacks: Don’t be a Victim
- Target, Neiman Marcus executives defend security practices
- An ambitious plan to tackle ransomware faces long odds
- The PCI effect — for better or worse — following fresh breach of MasterCard, VISA
- New Cerber ransomware strain morphs every 15 seconds to avoid detection
- Website ‘spoofing’ still fools users, security study reveals