IT threat evolution Q1 2020
Targeted attacks and malware campaigns Operation AppleJeus: the sequel In 2018, we published a report on Operation AppleJeus, one of the more notable campaigns of the threat actor Lazarus, currently one of the most active and prolific APT groups. One notable feature of this campaign was that it marked the first time Lazarus had targeted […] more…Netwalker Fileless Ransomware Injected via Reflective Loading
By Karen Victor Threat actors are continuously creating more sophisticated ways for malware to evade defenses. We have observed Netwalker ransomware attacks that involve malware that is not compiled, but written in PowerShell and executed directly in memory and without storing the actual ransomware binary into the disk. This makes this ransomware variant a fileless […] more…Cisco, others, shine a light on VPN split-tunneling
As the work-from-home trend grows due to the COVID-19 pandemic, the need for secure access to enterprise resources continues to grow and with it the demand for ever-more VPN. For example demand for commercial virtual private networks in the U.S. jumped by 41% between March 13 and March 23, according to research from Top10VPN.com, a […] more…Tropic Trooper’s Back: USBferry Attack Targets Air-gapped Environments
By Joey Chen (Threats Analyst) Tropic Trooper, a threat actor group that targets government, military, healthcare, transportation, and high-tech industries in Taiwan, the Philippines, and Hong Kong, has been active since 2011. The group was reportedly using spear-phishing emails with weaponized attachments to exploit known vulnerabilities. Primarily motivated by information theft and espionage, the group […] more…New MacOS Dacls RAT Backdoor Show Lazarus’ Multi-Platform Attack Capability
By Gabrielle Joyce Mabutas With additional insights/analysis from Kazuki Fujisawa A one-time password (OTP) system involves the use of a generated password that can only be used once to log in and access specific online services. Often managed by a third-party provider, this rolling password system aims to reduce unauthorized intrusions to systems via compromised […] more…Personal and Professional Development From Home
Personal and Professional Development from Home Like so many of us, I’m doing my best to look forward. While everyone’s situation is different from family to family, community to community, and even from country to country, one thing I hope is that you have the chance to look forward too—like what you want your life […] more…DDoS attacks in Q1 2020
News overview Since the beginning of 2020, due to the COVID-2019 pandemic, life has shifted almost entirely to the Web — people worldwide are now working, studying, shopping, and having fun online like never before. This is reflected in the goals of recent DDoS attacks, with the most targeted resources in Q1 being websites of […] more…APT trends report Q1 2020
For more than two years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They […] more…School #FromHome: The Challenges of Online Learning for Parents and Kids
School #FromHome: The Challenges of Online Learning for Parents and Kids With classrooms closed and millions of kids faced with schooling at home, parents are wondering how do we make this work? If you’re asking yourself that question, you’re certainly not alone. Earlier this month, we conducted a study, Distance Learning Challenges. We reached out […] more…A look at the ATM/PoS malware landscape from 2017-2019
From remote administration and jackpotting, to malware sold on the Darknet, attacks against ATMs have a long and storied history. And, much like other areas of cybercrime, attackers only refine and grow their skillset for infecting ATM systems from year-to-year. So what does the ATM landscape look like as of 2020? Let’s take a look. […] more…Grouping Linux IoT Malware Samples With Trend Micro ELF Hash
The internet of things (IoT) has swiftly become a seemingly indispensable part of our daily lives. The IoT devices in pockets, homes, offices, cars, factories, and cities make people’s lives more efficient and convenient. It is little wonder, then, that IoT adoption continues to increase. In 2019, the number of publicly known IoT platforms […] more…Exposing Modular Adware: How DealPly, IsErIk, and ManageX Persist in Systems
By RonJay Caragay, Fe Cureg, Ian Lagrazon, Erika Mendoza, and Jay Yaneza (Threats Analysts) Adware isn’t new and they don’t spark much interest. A lot of them are overlooked and underestimated because they’re not supposed to cause harm — as its name suggests, adware is advertising-supported software. However, we have constantly observed suspicious activities caused […] more…OneTone Vulnerability Leads to JavaScript Cookie Hijacking
A vulnerability in the discontinued WordPress theme OneTone has been added to an ongoing campaign that is targeting vulnerable WordPress websites and causes malicious redirects through domains like ischeck[.]xyz. This specific wave uses the XSS vulnerability to inject malicious JavaScript and redirect visitors to the attacker’s landing page. The malware also detects and leverages existing […] more…How Do Hackers Hack Phones and How Can I Prevent It?
The threat of having your phone hacked has become a common and rational fear. The cold hard truth is that it is now possible to hack any phone. With the advancement of technology, where discovery of knowledge and information advances the understanding of technology, hackers are able to hack even some of the most sophisticated […] more…What is Data Privacy and How Can I Safeguard It?
There is certain information that is important to keep to yourself. If a stranger asks for your first name, you are likely to tell them. But if a stranger asks for your bank account number, you are unlikely to tell them. Data privacy works in the same way, if the piece of data or information […] more…iOS exploit chain deploys LightSpy feature-rich malware
A watering hole was discovered on January 10, 2020 utilizing a full remote iOS exploit chain to deploy a feature-rich implant named LightSpy. The site appears to have been designed to target users in Hong Kong based on the content of the landing page. Since the initial activity, we released two private reports exhaustively detailing […] more…More information
- Attack Simulation Firm Cymulate Raises $15 Million
- Why walking around in public with Vision Pro makes no sense
- 92 Million User Credentials Lost by MyHeritage
- Tim Cook expects ‘inevitable’ privacy legislation, values user privacy as an Apple core value
- Target’s data breach MUCH bigger than first thought – now more than 100,000,000 records
- IP theft attacks can hide on networks for years, unspotted by corporate victims, report claims
- FireEye buys Mandiant for nearly $1 billion to stamp out cyber attacks
- Resolved: Library service interruption, 8/29/2013
- Intel Tackles ROP Attacks With New Technology
- Twitter glitch makes it more difficult to report abuse, while "mute" is on its way