TeamXRat: Brazilian cybercrime meets ransomware
Brazilian cybercriminals are notorious for their ability to develop banking trojans but now they have started to focus their efforts in new areas, including ransomware. We discovered a new variant of a Brazilian-made ransomware, Trojan-Ransom.Win32.Xpan, that is being used to infect local companies and hospitals, directly affecting innocent people, encrypting their files using the extension […] more…The Rise and Fall of Encryptor RaaS
by Stephen Hilt and Fernando Mercês Back in July 2015, a new ransomware as a service named “Encryptor RaaS” (detected by Trend Micro as RANSOM_CRYPRAAS.SM) entered the threat scene, rivaling or at least expecting to succeed the likes of similar get-rich-quick schemes from Tox and ORX Locker. The newcomer appeared to be a dark horse: […] more…Future attack scenarios against ATM authentication systems
A lot has already been said about current cyber threats facing the owners of ATMs. The reason behind the ever-growing number of attacks on these devices is simple: the overall level of security of modern ATMs often makes them the easiest and fastest way for fraudsters to access the bank’s money. Naturally, the banking industry […] more…From RAR to JavaScript: Ransomware Figures in the Fluctuations of Email Attachments
By Lala Manly, Maydalene Salvador, and Ardin Maglalang Why is it critical to stop ransomware at the gateway layer? Because email is the top entry point used by prevalent ransomware families. Based on our analysis, 71% of known ransomware families arrive via email. While there’s nothing new about the use of spam, ransomware distributors continue to employ this infection […] more…A Show of (Brute) Force: Crysis Ransomware Found Targeting Australian and New Zealand Businesses
Crysis (detected by Trend Micro as RANSOM_CRYSIS.A), a ransomware family first detected in February this year, has been spotted targeting businesses in Australia in New Zealand through remote desktop protocol (RDP) brute force attacks. Crysis has been reported in early June this year to have set its sights into carving a market share left by TeslaCrypt when the latter’s […] more…Untangling the Ripper ATM Malware
Last August , security researchers released a blog discussing a new ATM malware family called Ripper which they believe was involved in the recent ATM attacks in Thailand. Large numbers of ATMs were also temporarily shut down as a precautionary measure. That analysis gave an overview of the techniques used by the malware, the fact that it targets three major ATM vendors, and […] more…Fooling the ‘Smart City’
The concept of a smart city involves bringing together various modern technologies and solutions that can ensure comfortable and convenient provision of services to people, public safety, efficient consumption of resources, etc. However, something that often goes under the radar of enthusiasts championing the smart city concept is the security of smart city components themselves. […] more…BkSoD by Ransomware: HDDCryptor Uses Commercial Tools to Encrypt Network Shares and Lock HDDs
by Stephen Hilt and William Gamazo Sanchez While most ransomware we’ve seen only target specific file types or folders stored on local drives, removable media and network shares, we were able to uncover a ransomware family that does not discriminate: HDDCryptor. Detected as Ransom_HDDCRYPTOR.A, HDDCryptor not only targets resources in network shares such as drives, folders, […] more…The Missing Piece – Sophisticated OS X Backdoor Discovered
In a nutshell Backdoor.OSX.Mokes.a is the most recently discovered OS X variant of a cross-platform backdoor which is able to operate on all major operating systems (Windows,Linux,OS X). Please see also our analysis on the Windows and Linux variants. This malware family is able to steal various types of data from the victim’s machine (Screenshots, […] more…New Open Source Ransomware Based on Hidden Tear and EDA2 May Target Businesses
By Francis Antazo, Byron Gelera, Ardin Maglalang, and Mary Yambao In a span of one to two weeks, three new open source ransomware strains have emerged, which are based on Hidden Tear and EDA2. These new ransomware families specifically look for files related to web servers and databases, which could suggest that they are targeting businesses. Both […] more…Operation Ghoul: targeted attacks on industrial and engineering organizations
Introduction Kaspersky Lab has observed new waves of attacks that started on the 8th and the 27th of June 2016. These have been highly active in the Middle East region and unveiled ongoing targeted attacks in multiple regions. The attackers try to lure targets through spear phishing emails that include compressed executables. The malware collects […] more…R980 Ransomware Found Abusing Disposable Email Address Service
By Francis Antazo and Mary Yambao Perhaps emboldened by the success of their peers, attackers have been releasing more ransomware families and variants with alarming frequency. The latest one added to the list is R980 (detected by Trend Micro as RANSOM_CRYPBEE.A). R980 has been found to arrive via spam emails, or through compromised websites. Like […] more…ProjectSauron: top level cyber-espionage platform covertly extracts encrypted government comms
Download the full report (PDF) Technical analysis Indicators of compromise (IOC)Download YARA rules More information about ProjectSauron is available to customers of Kaspersky Intelligence Reporting Service. Contact: intelreports@kaspersky.com Introduction: Over the last few years, the number of “APT-related” incidents described in the media has grown significantly. For many of these, though, the designation “APT”, indicating an “Advanced […] more…Kaspersky DDoS Intelligence Report for Q2 2016
Q2 events DDoS attacks on cryptocurrency wallet services have played an important role in the lives of these services. In the second quarter of 2016, two companies – CoinWallet and Coinkite – announced they were terminating their work due to lengthy DDoS attacks. According to Coinkite’s official blog, the e-wallet service will be shut down, […] more…CrypMIC Ransomware Wants to Follow CryptXXX’s Footsteps
By Kawabata Kohei They say imitation is the sincerest form of flattery. Take the case of CrypMIC—detected by Trend Micro as RANSOM_CRYPMIC—a new ransomware family that mimics CryptXXX in terms of entry point, ransom notes and payment site UIs. CrypMIC’s perpetrators are possibly looking for a quick buck owing to the recent success of CryptXXX. […] more…Security software that uses ‘code hooking’ opens the door to hackers
Some of the intrusive techniques used by security, performance, virtualization and other types of programs to monitor third-party processes have introduced vulnerabilities that hackers can exploit. Researchers from data exfiltration prevention company enSilo found six common security issues affecting over 15 products when they studied how software vendors use ‘hooking’ to inject code into a process […] more…More information
- What About a Heart-To-Heart Talk with Your Loved Ones This Valentine’s Day?
- Nanoscale trick makes “dark excitons” glow 300,000 times stronger
- Windows Hello Face Recognition Tricked by Photo
- First sites admit data loss through Heartbleed attacks
- Apple quietly bumping iCloud storage to 25 GB until the year 2050?
- Two men rob internet cafe at gunpoint, but forget to log out of Facebook first
- Citrix Patches 11 Vulnerabilities in Networking Products
- Notes from SophosLabs: The anti-anti-virus arms race
- Enabling of IPv6 on Friends of Penn State – August 20
- Half of network management systems vulnerable to injection attacks