Spanish MSSP Targeted by BitPaymer Ransomware
Initial Discovery This week the news hit that several companies in Spain were hit by a ransomware attack. Ransomware attacks themselves are not new but, by interacting with one of the cases in Spain, we want to highlight in this blog how well prepared and targeted an attack can be and how it appears to […] more…Chrome 0-day exploit CVE-2019-13720 used in Operation WizardOpium
Executive summary Kaspersky Exploit Prevention is a component part of Kaspersky products that has successfully detected a number of zero-day attacks in the past. Recently, it caught a new unknown exploit for Google’s Chrome browser. We promptly reported this to the Google Chrome security team. After reviewing of the PoC we provided, Google confirmed there […] more…Did You Check Your Quarantine?!
A cost-effective way to detect targeted attacks in your enterprise While it is easy to get caught up in the many waves of new and exciting protection strategies, we have recently discovered an interesting approach to detect a targeted attack and the related actor(s). Quite surprisingly, a big part of the solution already exists in […] more…IoT: a malware story
Since 2008, cyber-criminals have been creating malware to attack IoT-devices, such as routers and other types of network equipment. You will find a lot of statistics on this on Securelist, most notably, here and here. The main problem with these IoT/embedded devices is that one simply cannot install any kind of security software. How do […] more…McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – The All-Stars
Episode 2: The All-Stars Analyzing Affiliate Structures in Ransomware-as-a-Service Campaigns This is the second installment of the McAfee Advanced Threat Research (ATR) analysis of Sodinokibi and its connections to GandGrab, the most prolific Ransomware-as-a-Service (RaaS) Campaign of 2018 and mid-2019. GandCrab announced its retirement at the end of May. Since then, a new RaaS family […] more…McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – What The Code Tells Us
Episode 1: What the Code Tells Us McAfee’s Advanced Threat Research team (ATR) observed a new ransomware family in the wild, dubbed Sodinokibi (or REvil), at the end of April 2019. Around this same time, the GandCrab ransomware crew announced they would shut down their operations. Coincidence? Or is there more to the story? In […] more…The Seven Main Phishing Lures of Cybercriminals
One of the oldest tricks in the cybercrime playbook is phishing. It first hit the digital scene in 1995, at a time when millions flocked to America Online (AOL) every day. And if we know one thing about cybercriminals, it’s that they tend to follow the masses. In earlier iterations, phishing attempts were easy to […] more…Fully equipped Spying Android RAT from Brazil: BRATA
“BRATA” is a new Android remote access tool malware family. We used this code name based on its description – “Brazilian RAT Android”. It exclusively targets victims in Brazil: however, theoretically it could also be used to attack any other Android user if the cybercriminals behind it want to. It has been widespread since January […] more…IT threat evolution Q2 2019
Targeted attacks and malware campaigns More about ShadowHammer In March, we published the results of our investigation into a sophisticated supply-chain attack involving the ASUS Live Update Utility, used to deliver BIOS, UEFI and software updates to ASUS laptops and desktops. The attackers added a backdoor to the utility and then distributed it to users […] more…Back-to-Back Campaigns: Neko, Mirai, and Bashlite Malware Variants Use Various Exploits to Target Several Routers, Devices
By Augusto Remillano II and Jakub Urbanec Within a span of three weeks, our telemetry uncovered three notable malware variants of Neko, Mirai, and Bashlite. On July 22, 2019, we saw and started analyzing a Neko botnet sample, then observed another sample with additional exploits the following week. A Mirai variant that calls itself “Asher” […] more…APT trends report Q2 2019
For two years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They aim to […] more…Demystifying Blockchain: Sifting Through Benefits, Examples and Choices
You have likely heard that blockchain will disrupt everything from banking to retail to identity management and more. You may have seen commercials for IBM touting the supply chain tracking benefits of blockchain.[i] It appears nearly every industry is investing in, adopting, or implementing blockchain. Someone has probably told you that blockchain can completely transform […] more…On the IoT road: perks, benefits and security of moving smartly
Kaspersky has repeatedly investigated security issues related to IoT technologies (for instance, here, or here). Earlier this year our experts have even gained foothold in the security of biomechanical prosthetic devices. The same implies to smart car security: our own research has indicated that there are number of issues—look here or here. This year, we […] more…McAfee ATR Aids Police in Arrest of the Rubella and Dryad Office Macro Builder Suspect
Everyday thousands of people receive emails with malicious attachments in their email inbox. Disguised as a missed payment or an invoice, a cybercriminal sender tries to entice a victim to open the document and enable the embedded macro. This macro then proceeds to pull in a whole array of nastiness and infect a victim’s machine. […] more…New FinSpy iOS and Android implants revealed ITW
FinSpy is spyware made by the German company Gamma Group. Through its UK-based subsidiary Gamma International Gamma Group sells FinSpy to government and law enforcement organizations all over the world. FinSpy is used to collect a variety of private user information on various platforms. Its implants for desktop devices were first described in 2011 by […] more…How we hacked our colleague’s smart home
In this article, we publish the results of our study of the Fibaro Home Center smart home. We identified vulnerabilities in Fibaro Home Center 2 and Fibaro Home Center Lite version 4.540, as well as vulnerabilities in the online API. An offer you cannot refuse The backbone of any technology company is made up of […] more…More information
- SAP Patches Critical Vulnerability in Hybris Commerce
- Celebgate hacker who stole nude photos gets nine months in jail
- Ox Security Bags $60M Series B to Tackle Appsec Alert Fatigue
- RTX Confirms Airport Services Hit by Ransomware
- You’re doing passwords wrong. Here’s how to make them uncrackable.
- BlackBerry suffering global slide as developing world shuns devices for low-cost Android phones
- Cyberattack Causes MoneyGram Service Outage
- Netwrix Acquires Remediant for PAM Technology
- US investors try to buy TikTok from Chinese owner
- ICS Vendors Respond to Log4j Vulnerabilities