Category: Securelist

Kaspersky Incident Response report for 2022: incident response statistics, key trends and conclusions, expert recommendations. This article has been indexed from Securelist Read the original article: The nature of cyberincidents in 2022

Read more →

On the eve of the global Anti-Ransomware Day, Kaspersky researchers share an overview of the key trends observed among ransomware groups. This article has been indexed from Securelist Read the original article: New ransomware trends in 2023

Read more →

The new Trojan family, Fleckpe, spreads via Google Play inside photo editors and wallpapers, subscribing the unaware user to paid services. This article has been indexed from Securelist Read the original article: Not quite an Easter egg: a new family…

Read more →

Managed Detection and Response in 2022: number and severity of incidents, detection rate, breakdown by country and industry, data on cyberattacks in different regions. This article has been indexed from Securelist Read the original article: Managed Detection and Response in…

Read more →

Kaspersky research on ChatGPT capabilities to tell a phishing link from a legitimate one by analyzing the URL, as well as extract target organization name. This article has been indexed from Securelist Read the original article: What does ChatGPT know…

Read more →

For more than five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot…

Read more →

We continued to track Tomiris as a separate threat actor over three new attack campaigns between 2021 and 2023, and our telemetry allowed us to shed light on the group. In this blog post, we’re excited to share what we…

Read more →

In early April, we detected a significant increase in attacks that use banking Trojans of the QBot family (aka QakBot, QuackBot, and Pinkslipbot). The malware would be delivered through e-mails that were based on real business letters the attackers had…

Read more →

Kaspersky researchers discuss infection methods used by Mirai-based RapperBot, Rhadamantys stealer, and CUEMiner: smart brute forcing, malvertising, and distribution through BitTorrent and OneDrive. This article has been indexed from Securelist Read the original article: Uncommon infection methods—part 2

Read more →

The Lazarus group is a high-profile Korean-speaking threat actor with multiple sub-campaigns. In this blog, we’ll focus on an active cluster that we dubbed DeathNote. This article has been indexed from Securelist Read the original article: Following the Lazarus group…

Read more →

In February 2023, we found a zero-day exploit, supporting different versions and builds of Windows, including Windows 11. This particular zero-day was used by a sophisticated cybercrime group that carries out ransomware attacks. This article has been indexed from Securelist…

Read more →

Kaspersky research into dark web offers related to Android malware and its distribution via Google Play: hacked app developer accounts, malicious loaders, etc. This article has been indexed from Securelist Read the original article: Overview of Google Play threats sold…

Read more →

Phishing bots and services on Telegram: how malicious actors use the messaging app to automate the process of generating phishing pages, and sell phishing kits and data. This article has been indexed from Securelist Read the original article: The Telegram…

Read more →

A DLL named guard64.dll, which was loaded into the infected 3CXDesktopApp.exe process, was used in recent deployments of a backdoor that we dubbed “Gopuram” and had been tracking internally since 2020. This article has been indexed from Securelist Read the…

Read more →

This paper aims to provide guidance for organizations looking to select an MSSP and help to identify the benefits and drawbacks of using an MSSP. This article has been indexed from Securelist Read the original article: Selecting the right MSSP:…

Read more →

This report shines a spotlight on the financial cyberthreat landscape in 2022. We look at phishing threats commonly encountered by users and companies, as well as the dynamics of various Windows and Android-based financial malware. This article has been indexed…

Read more →

Clipboard injector malware targeting cryptocurrencies such as Bitcoin, Ethereum, Litecoin, Dogecoin and Monero, is distributed under the guise of Tor Browser. This article has been indexed from Securelist Read the original article: Copy-paste heist or clipboard-injector attacks on cryptousers

Read more →

Attackers put phishing HTML files in IPFS thus cutting back on web hosting costs. IPFS is used in both mass phishing and targeted (spearphishing) campaigns. This article has been indexed from Securelist Read the original article: How scammers employ IPFS…

Read more →

How do we ensure the services being provided by SOCs are meeting expectations? How do we know continuous improvement is being incorporated in daily operations? The answer lies in the measurement of SOC internal processes and services. This article has…

Read more →

Incident response playbooks help optimize the SOC processes, and are a major step forward to SOC maturity, but can be challenging for a company to develop. In this article, I want to share some insights on how to create the…

Read more →

In October 2022, we identified an active infection of government, agriculture and transportation organizations located in the Donetsk, Lugansk, and Crimea regions. This article has been indexed from Securelist Read the original article: Bad magic: new APT found in the…

Read more →

How deals and arrangements are made on the dark web, what parties are involved, what escrow services and arbitration are and how these affect the security of deals. This article has been indexed from Securelist Read the original article: Business…

Read more →

Kaspersky observes a growth in malvertising activity that exploits Google search ads to promote fake software websites that deliver stealers, such as RedLine and Rhadamantys. This article has been indexed from Securelist Read the original article: Malvertising through search engines

Read more →

In 2022, Kaspersky data shows that 29,312 unique individuals around the world were affected by stalkerware. We detected 182 different stalkerware apps, the most popular one was Reptilicus. This article has been indexed from Securelist Read the original article: The…

Read more →

In H2 2022, the percentage of ICS computers on which malicious objects were blocked increased by 3.5 percentage points compared to the previous six-month period, reaching 34.3%. This article has been indexed from Securelist Read the original article: Threat landscape…

Read more →

Android threat report by Kaspersky for 2022: malware on Google Play and inside the Vidmate in-app store, mobile malware statistics. This article has been indexed from Securelist Read the original article: The mobile malware threat landscape in 2022

Read more →

We decided to check what ChatGPT already knows about threat research and whether it can help with identifying simple adversary tools and classic indicators of compromise, such as well-known malicious hashes and domains. This article has been indexed from Securelist…

Read more →

Statistics on spam and phishing with the key trends in 2022: two-stage spear phishing, hijacking of social network and instant messaging accounts, import substitution, and survey phishing. This article has been indexed from Securelist Read the original article: Spam and…

Read more →

We decided to check what ChatGPT already knows about threat research and whether it can help with identifying simple adversary tools and classic indicators of compromise, such as well-known malicious hashes and domains. This article has been indexed from Securelist…

Read more →

What is the analyst on a penetration testing team, what role they perform at Kaspersky, and why is their job vital to the success of the project? This article has been indexed from Securelist Read the original article: Good, Perfect,…

Read more →

Explaining web beacons (web bugs, spy or tracking pixels), what companies use these on websites and in e-mail, how and why. This article has been indexed from Securelist Read the original article: Web beacons on websites and in e-mail

Read more →

Explaining web beacons (web bugs, spy or tracking pixels), what companies use these on websites and in e-mail, how and why. This article has been indexed from Securelist Read the original article: Web beacons on websites and in e-mail

Read more →

Kaspersky discovers three new variants of the Prilex PoS malware capable of blocking contactless NFC transactions on an infected device. This article has been indexed from Securelist Read the original article: Prilex modification now targeting contactless credit card transactions

Read more →

Kaspersky discovers three new variants of the Prilex PoS malware capable of blocking contactless NFC transactions on an infected device. This article has been indexed from Securelist Read the original article: Prilex modification now targeting contactless credit card transactions

Read more →

We have analyzed more than 800 IT job ads and resumes on the dark web. Here is what the dark web job market looks like. This article has been indexed from Securelist Read the original article: Come to the dark…

Read more →

Supply chain and reoccurring attacks, data destruction, lack of staff — what challenges will your security operations center be facing in 2023? This article has been indexed from Securelist Read the original article: What your SOC will be facing in…

Read more →

Roaming Mantis (a.k.a Shaoye) is a long-term cyberattack campaign that uses malicious Android package (APK) files to control infected Android devices and steal data. In 2022, we observed a DNS changer function implemented in its Android malware Wroba.o. This article…

Read more →

Kaspersky’s predictions about the threats to corporations in 2023: media blackmail, fake leaks, cloud attacks, and more advanced ransomware. This article has been indexed from Securelist Read the original article: What threatens corporations in 2023: media blackmail, fake leaks and…

Read more →

A common perception in the infosec community is that there can never be too much security, but it is understood that “too much” security is expensive — and sometimes, prohibitively so — from a business perspective. So, where is that fine line…

Read more →

We continue to track the BlueNoroff group’s activities and this October we observed the adoption of new malware strains in its arsenal. This article has been indexed from Securelist Read the original article: BlueNoroff introduces new methods bypassing MoTW

Read more →

In this report, we compare the ROADSWEEP ransomware and ZEROCLEARE wiper versions used in two waves of attacks against Albanian government organizations. This article has been indexed from Securelist Read the original article: Ransomware and wiper signed with stolen certificates

Read more →

At the end of September, GTSC reported the finding of two 0-day vulnerabilities in Microsoft Exchange Server, CVE-2022-41040 and CVE-2022-41082. The cybersecurity community dubbed the pair of vulnerabilities ProxyNotShell. This article has been indexed from Securelist Read the original article:…

Read more →

In this report, we propose to go over the various activities that were observed in cyberspace in relation to the conflict in Ukraine, understand their meaning in the context of the current conflict, and study their impact on the cybersecurity…

Read more →

Brief introduction to setting up Ghidra, and then configuring it with a familiar UI and shortcuts, so that you would not need to re-learn all the key sequences you have got used to over the years. This article has been…

Read more →

While hunting for less common Deathstalker intrusions, we identified a new Janicab variant used in targeting legal entities in the Middle East throughout 2020. This article has been indexed from Securelist Read the original article: DeathStalker targets legal entities with…

Read more →

Phishing in social networks and messengers, marketplace fraud, exploitation of Google Forms and other services: we uncover what’s trending among attackers in 2022 This article has been indexed from Securelist Read the original article: Main phishing and scamming trends and…

Read more →

In this report, Kaspersky researchers discuss propagation methods of several ransomware families, and a vulnerable driver abuse case that may become a trend. This article has been indexed from Securelist Read the original article: Crimeware trends: self-propagation and driver exploitation

Read more →

In this report, Kaspersky researchers discuss propagation methods of several ransomware families, and a vulnerable driver abuse case that may become a trend. This article has been indexed from Securelist Read the original article: If one sheep leaps over the…

Read more →

How exactly can indicators of compromise help information security specialists in their everyday work? To find the answer we asked three Kaspersky experts to share their experience. This article has been indexed from Securelist Read the original article: Indicators of…

Read more →

Key statistics for 2022: ransomware, trojan bankers, miners and other financial malware, zero-day vulnerabilities and exploits, web attacks, threats for macOS and IoT. This article has been indexed from Securelist Read the original article: Kaspersky Security Bulletin 2022. Statistics

Read more →

Kaspersky consumer cyberthreat predictions: console shortage, scams related to new games and shows, cyberattacks in the metaverse, and threats related to online education. This article has been indexed from Securelist Read the original article: Consumer cyberthreats: predictions for 2023

Read more →

We think the geopolitical and economic events of 2022, as well as new technological trends, will be the major factors influencing the privacy landscape in 2023. Here we take a look at the most important developments that, in our opinion,…

Read more →

A review of Do Not Track (DNT) statistics for the most widely used web tracking services in 2021 and 2022. This article has been indexed from Securelist Read the original article: Who tracked internet users in 2021–2022

Read more →

Online shopping security threat statistics and trends in 2022: phishing, scams, banking Trojans—things that you should be aware of as the Black Friday sales are approaching. This article has been indexed from Securelist Read the original article: Black Friday shoppers…

Read more →

This report assesses how accurately we predicted the developments in the financial threats landscape in 2022 and ponder at what to expect in 2023. This article has been indexed from Securelist Read the original article: Crimeware and financial cyberthreats in…

Read more →

This is the first edition of our policy analysis and observations of trends in the regulation of cyberspace, and cybersecurity, within the Kaspersky Security Bulletin. This article has been indexed from Securelist Read the original article: Policy trends: where are…

Read more →

The coming year looks to be much more complicated. In the post we share some of our thoughts on potential developments of 2023, though we cannot claim to be providing either a complete picture or a high degree of precision.…

Read more →

Recent APT campaigns, a sophisticated UEFI rootkit, new ransomware for Windows, Linux and ESXi, attacks on foreign and crypto-currency exchanges, and malicious packages in online code repositories. This article has been indexed from Securelist Read the original article: IT threat…

Read more →

In Q3 2022, a total of 5,623,670 mobile malware, adware, and riskware attacks were blocked, and 438,035 malicious installation packages were detected. This article has been indexed from Securelist Read the original article: IT threat evolution in Q3 2022. Mobile…

Read more →

PC malware statistics for Q3 2022 includes data on miners, ransomware, banking Trojans, and other threats to Windows, macOS and IoT devices. This article has been indexed from Securelist Read the original article: IT threat evolution in Q3 2022. Non-mobile…

Read more →

In recent campaigns DTrack targets organizations in Europe and Latin America, and uses more delivery stages. This article has been indexed from Securelist Read the original article: DTrack activity targeting Europe and Latin America

Read more →

In recent campaigns DTrack targets organizations in Europe and Latin America, and uses more delivery stages. This article has been indexed from Securelist Read the original article: DTrack activity targeting Europe and Latin America

Read more →

We polled our experts from the GReAT team and have gathered a small number of key insights about what APT actors are likely to focus on in 2023. This article has been indexed from Securelist Read the original article: Advanced…

Read more →

In 2022 cryptocurrencies dropped, but cryptojacking (illicit cryptocurrency mining) activity grew. In this report we provide statistics on cryptojacking in 2022. This article has been indexed from Securelist Read the original article: The state of cryptojacking in the first three…

Read more →

We invited notable experts to share their insights and unbiased opinions on what we should expect from cybersecurity in the following year. This article has been indexed from Securelist Read the original article: Cybersecurity threats: what awaits us in 2023?

Read more →

In Q3 2022, the situation on the DDoS market stabilized, and sophisticated attacks on HTTP(S) began to hold sway over simple TCP attacks. This article has been indexed from Securelist Read the original article: DDoS attacks in Q3 2022

Read more →

This report describes several interesting incidents observed by the Kaspersky Managed Detection and Response (MDR) team. We hope that it helps you to stay up to date on the modern threat landscape and to be better prepared for attacks. This…

Read more →

This is our latest summary of advanced persistent threat (APT) activities, focusing on events that we observed during Q3 2022. This article has been indexed from Securelist Read the original article: APT trends report Q3 2022

Read more →

The first part of this report will provide technical analysis of the new infection methods such as SFX files and DOWNIISSA, a new downloader shellcode used to deploy the LODEINFO backdoor. This article has been indexed from Securelist Read the…

Read more →

In the second part of this report, we discuss improvements made to the LODEINFO backdoor shellcode in 2022. This article has been indexed from Securelist Read the original article: APT10: Tracking down LODEINFO 2022, part II

Read more →

In this report we provide technical analysis of the GamePlayerFramework deployed by an APT we call DiceyF, which is targeting online casinos in Southeast Asia. This article has been indexed from Securelist Read the original article: DiceyF deploys GamePlayerFramework in…

Read more →

In this report we provide technical analysis of the GamePlayerFramework deployed by an APT we call DiceyF, which is targeting online casinos in Southeast Asia. This article has been indexed from Securelist Read the original article: DiceyF deploys GamePlayerFramework in…

Read more →

We investigated CVE-2022-41352 and were able to confirm that unknown APT groups have actively been exploiting this vulnerability in the wild, one of which is systematically infecting servers in Central Asia. This article has been indexed from Securelist Read the…

Read more →

The malicious version of YoWhatsApp messenger, containing Triada trojan, was spreading through ads in the popular Snaptube app and the Vidmate app’s internal store. This article has been indexed from Securelist Read the original article: Malicious WhatsApp mod distributed through…

Read more →

We investigated CVE-2022-41352 and were able to confirm that unknown APT groups have actively been exploiting this vulnerability in the wild, one of which is systematically infecting servers in Central Asia. This article has been indexed from Securelist Read the…

Read more →

The malicious version of YoWhatsApp messenger, containing Triada trojan, was spreading through ads in the popular Snaptube app and the Vidmate app’s internal store. This article has been indexed from Securelist Read the original article: Malicious WhatsApp mod distributed through…

Read more →

We investigated CVE-2022-41352 and were able to confirm that unknown APT groups have actively been exploiting this vulnerability in the wild, one of which is systematically infecting servers in Central Asia. This article has been indexed from Securelist Read the…

Read more →

The malicious version of YoWhatsApp messenger, containing Triada trojan, was spreading through ads in the popular Snaptube app and the Vidmate app’s internal store. This article has been indexed from Securelist Read the original article: Malicious WhatsApp mod distributed through…

Read more →

We looked at the number of affected ATMs and PoS terminals, geography of attacks and threat families used by cybercriminals to target victims in 2020-2022. This article has been indexed from Securelist Read the original article: A look at the…

Read more →

In this report, Kaspersky researchers discuss uncommon infection and propagation methods observed in certain crimeware families. This article has been indexed from Securelist Read the original article: Uncommon infection and malware propagation methods

Read more →

TajMahal, DarkUniverse, PuzzleMaker, ProjectSauron (aka Strider), USB Thief, TENSHO (aka White Tur), PlexingEagle, SinSono, MagicScroll (aka AcidBox), Metador—all these targeted attacks are still unattributed. This article has been indexed from Securelist Read the original article: TOP 10 unattributed APT mysteries

Read more →

Kaspersky researchers detected OnionPoison campaign: malicious Tor Browser installer spreading through a popular YouTube channel and targeting Chinese users. This article has been indexed from Securelist Read the original article: OnionPoison: infected Tor Browser installer distributed through popular YouTube channel

Read more →

We looked at the number of affected ATMs and PoS terminals, geography of attacks and threat families used by cybercriminals to target victims in 2020-2022. This article has been indexed from Securelist Read the original article: A look at the…

Read more →

In this report we focus on tactics, techniques, and procedures (TTPs) of the DeftTorero (aka Lebanese Cedar or Volatile Cedar) threat actor, which targets Middle East countries. This article has been indexed from Securelist Read the original article: DeftTorero: tactics,…

Read more →

In this report, Kaspersky researchers discuss uncommon infection and propagation methods observed in certain crimeware families. This article has been indexed from Securelist Read the original article: Uncommon infection and malware propagation methods

Read more →

Kaspersky researchers detected OnionPoison campaign: malicious Tor Browser installer spreading through a popular YouTube channel and targeting Chinese users. This article has been indexed from Securelist Read the original article: OnionPoison: infected Tor Browser installer distributed through popular YouTube channel

Read more →

In this report we focus on tactics, techniques, and procedures (TTPs) of the DeftTorero (aka Lebanese Cedar or Volatile Cedar) threat actor, which targets Middle East countries. This article has been indexed from Securelist Read the original article: DeftTorero: tactics,…

Read more →

Kaspersky ICS CERT report on vulnerabilities in Schneider Electric’s engineering software that enables UMAS protocol abuse. This article has been indexed from Securelist Read the original article: The secrets of Schneider Electric’s UMAS protocol

Read more →

Prilex is a Brazilian threat actor focusing on ATM and PoS attacks. In this report, we provide an overview of its PoS malware. This article has been indexed from Securelist Read the original article: Prilex: the pricey prickle credit card…

Read more →

Kaspersky ICS CERT report on vulnerabilities in Schneider Electric’s engineering software that enables UMAS protocol abuse. This article has been indexed from Securelist Read the original article: The secrets of Schneider Electric’s UMAS protocol

Read more →

NullMixer is a dropper delivering a number of Trojans, such as RedLine Stealer, SmokeLoader, Satacom, and others. This article has been indexed from Securelist Read the original article: NullMixer: oodles of Trojans in a single dropper

Read more →

Prilex is a Brazilian threat actor focusing on ATM and PoS attacks. In this report, we provide an overview of its PoS malware. This article has been indexed from Securelist Read the original article: Prilex: the pricey prickle credit card…

Read more →

NullMixer is a dropper delivering a number of Trojans, such as RedLine Stealer, SmokeLoader, Satacom, and others. This article has been indexed from Securelist Read the original article: NullMixer: oodles of Trojans in a single dropper

Read more →

Mass spam mailing posing as customer email delivers the Agent Tesla stealer disguised as a document to corporate users. This article has been indexed from Securelist Read the original article: Mass email campaign with a pinch of targeted spam

Read more →

We analyze external threats for organizations in APAC region based on the data collected by Kaspersky Digital Footprint Intelligence service. This article has been indexed from Securelist Read the original article: External attack surface and ongoing cybercriminal activity in APAC…

Read more →

We analyze external threats for organizations in APAC region based on the data collected by Kaspersky Digital Footprint Intelligence service. This article has been indexed from Securelist Read the original article: External attack surface and ongoing cybercriminal activity in APAC…

Read more →

A malicious bundle containing the RedLine stealer and a miner is distributed on YouTube through cheats and cracks ads for popular games. This article has been indexed from Securelist Read the original article: Self-spreading stealer attacks gamers via YouTube

Read more →

H1 2022 in numbers Geography In H1 2022, malicious objects were blocked at least once on 31.8% of ICS computers globally. Percentage of ICS computers on which malicious objects were blocked For the first time in five years of observations,…

Read more →

In this report, we analyze malware, potentially unwanted applications and phishing cases related to most popular video games and cheats for these games. This article has been indexed from Securelist Read the original article: Good game, well played: an overview…

Read more →

In this report Kaspersky provides incident response statistics for 2021, as well as conclusions based on investigations of the real incidents. This article has been indexed from Securelist Read the original article: The nature of cyber incidents

Read more →