Tag: Securelist

In this report, we present a UEFI firmware rootkit that we called CosmicStrand and attribute to an unknown Chinese-speaking threat actor. This article has been indexed from Securelist Read the original article: CosmicStrand: the discovery of a sophisticated UEFI firmware…

Read more →

This report discusses new ransomware, that targets Windows, Linux and ESXi systems: Luna written in Rust and Black Basta. This article has been indexed from Securelist Read the original article: Luna and Black Basta — new ransomware for Windows, Linux…

Read more →

Text-based fraud (419 scams, vishing, extortion, etc.) is still alive and well. Here, we describe cybercriminal techniques and present statistics. This article has been indexed from Securelist Read the original article: Text-based fraud: from 419 scams to vishing

Read more →

Text-based fraud (419 scams, vishing, extortion, etc.) is still alive and well. Here, we describe cybercriminal techniques and present statistics. This article has been indexed from Securelist Read the original article: Text-based fraud: from 419 scams to vishing

Read more →

We decided to discuss less obvious tools for working with firmware, including Renode and Qiling. Each of those tools has its own features, advantages, and limitations that make it effective for certain types of task. This article has been indexed…

Read more →

We decided to discuss less obvious tools for working with firmware, including Renode and Qiling. Each of those tools has its own features, advantages, and limitations that make it effective for certain types of task. This article has been indexed…

Read more →

In early 2022, we investigated an IIS backdoor called SessionManager. It has been used against NGOs, government, military and industrial organizations in Africa, South America, Asia, Europe, Russia and the Middle East. This article has been indexed from Securelist Read…

Read more →

In early 2022, we investigated an IIS backdoor called SessionManager. It has been used against NGOs, government, military and industrial organizations in Africa, South America, Asia, Europe, Russia and the Middle East. This article has been indexed from Securelist Read…

Read more →

We want to familiarize the reader with the different stages of ransomware deployment and provide a visual guide to defending against targeted ransomware attacks. This article has been indexed from Securelist Read the original article: The hateful eight: Kaspersky’s guide…

Read more →

ToddyCat is a relatively new APT actor responsible for multiple sets of attacks against high-profile entities in Europe and Asia. Its main distinctive signs are two formerly unknown tools that we call ‘Samurai backdoor’ and ‘Ninja Trojan’. This article has…

Read more →

How is technical attribution carried out? What are the key challenges in conducting reliable technical attribution? How can this be more accessible to the multitude of stakeholders? Below are our reflections on these questions. This article has been indexed from…

Read more →

This article has been indexed from Securelist What cybercriminals charge for the data of large companies on the dark web – a review of underground forum offers by category. Read the original article: How much does access to corporate infrastructure…

Read more →

This article has been indexed from Securelist We analyze data on vulnerabilities in routers, plus malware that attacks IoT devices: Mirai, NyaDrop, Gafgyt, and other. Read the original article: Router security in 2021

Read more →

This article has been indexed from Securelist At the end of May, researchers reported a new zero-day vulnerability in MSDT that can be exploited using Microsoft Office documents. The vulnerability, which dubbed Follina, later received the identifier CVE-2022-30190. Read the…

Read more →

This article has been indexed from Securelist We have discovered that malware dubbed WinDealer, spread by Chinese-speaking APT actor LuoYu, has an ability to perform intrusions through a man-on-the-side attack. Read the original article: WinDealer dealing on the side

Read more →

This article has been indexed from Securelist PC malware statistics for the Q1 2022 includes data on miners, ransomware, banking Trojans, and other threats to Windows, macOS and IoT devices. Read the original article: IT threat evolution in Q1 2022.…

Read more →

This article has been indexed from Securelist Kaspersky IT threat review in Q1 2022: activity of APTs such as MoonBounce, BlueNororff, Lazarus and Roaming Mantis, attacks against Ukraine, phishing kits, Okta hack and more. Read the original article: IT threat…

Read more →

This article has been indexed from Securelist According to Kaspersky Security Network, in Q1 2022 516,617 mobile malware installation packages were detected, of which 53,947 packages were related to mobile banking trojans, and 1,942 packages were mobile ransomware trojans. Read…

Read more →

This article has been indexed from Securelist Kaspersky Managed Detection and Response (MDR) services in 2021 in facts and figures: number of security incidents detected, their severity, etc. Read the original article: Managed detection and response in 2021

Read more →

This article has been indexed from Securelist The Verizon 2022 Data Breach Investigations Report is out, where Kaspersky collaborated as a contributor. The report provides interesting analysis of a full amount of global incident data. Read the original article: The…

Read more →

This article has been indexed from Securelist Third party automotive mobile apps, web apps and API clients provide drivers with additional functions but may pose security risks for their data. Read the original article: What’s wrong with automotive mobile apps?

Read more →

This article has been indexed from Securelist This report includes an analysis of the ISaGRAF framework, its architecture, the IXL and SNCP protocols and the description of several vulnerabilities the Kaspersky ICS CERT team had identified. Read the original article:…

Read more →

This article has been indexed from Securelist With this article, our core aim is to share a threat landscape overview, which Kaspersky cybersecurity researchers are observing in relation to the conflict, with the wider international community and thus to contribute…

Read more →

This article has been indexed from Securelist In this article we review phishing HTML attachments, explaining common tricks the attackers use, and give statistics on HTML attachments detected by Kaspersky solutions. Read the original article: HTML attachments in phishing e-mails

Read more →

This article has been indexed from Securelist This year, ransomware is no less active than before: cybercriminals continue to threaten nationwide retailers and enterprises, old variants of malware return while the new ones develop. Read the original article: New ransomware…

Read more →

This article has been indexed from Securelist Kaspersky analysis of mobile subscription Trojans Joker (Jocker), MobOk, Vesub and GriftHorse and their activity: technical description and statistics. Read the original article: Mobile subscription Trojans and their little tricks

Read more →

This article has been indexed from Securelist We observed the technique of putting the shellcode into Windows event logs for the first time “in the wild” during the malicious campaign. It allows the “fileless” last stage Trojan to be hidden…

Read more →

This article has been indexed from Securelist This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q1 2022. Read the original article: APT trends report Q1 2022

Read more →

This article has been indexed from Securelist Against the backdrop of the conflict between Russia and Ukraine, the number of DDoS attacks in Q1 2022 increased by 4.5 times against Q1 2021. A significant proportion of them were by hacktivists.…

Read more →

This article has been indexed from Securelist A new ransomware actor started advertising its services on a Russian underground forum. They presented themselves as ALPHV, but the group is also known as BlackCat. Two recent BlackCat incidents stand out as…

Read more →

This article has been indexed from Securelist Technical details and mitigations for CVE-2022-22965 vulnerability (Spring4Shell) that can help an attacker to execute arbitrary code on a remote web server. Read the original article: Spring4Shell (CVE-2022-22965): details and mitigations

Read more →

This article has been indexed from Securelist We recently discovered a Trojanized DeFi application that was compiled in November 2021. This application contains a legitimate program called DeFi Wallet that saves and manages a cryptocurrency wallet, but also implants a…

Read more →

This article has been indexed from Securelist What are phishing kits (phishkits), what do they include, who uses them, and where are they sold? A report and statistics on phishing kits. Read the original article: Phishing-kit market: what’s inside “off-the-shelf”…

Read more →

This article has been indexed from Securelist Exploit for CVE-2022-0847 (Dirty Pipe) vulnerability in Linux kernel is available online. Kaspersky solutions detect and prevent exploitation attempts. Read the original article: CVE-2022-0847 aka Dirty Pipe vulnerability in Linux kernel

Read more →

This article has been indexed from Securelist Last week, Kaspersky’s GReAT shared their insights into the current (and past) cyberattacks in Ukraine. In this post we address the questions that we did not have the time to answer and provide…

Read more →

This article has been indexed from Securelist By 2021 everyone got used to pandemic limitations – industrial organization employees and IT security professionals and threat actors. If we compare the numbers from 2020 and 2021, we see that 2021 looks…

Read more →

This article has been indexed from Securelist We present our analysis of HermeticRansom (aka Elections GoRansom) ransomware that was likely used as a smokescreen for the HermeticWiper attack. Read the original article: Elections GoRansom – a smoke screen for the…

Read more →

This article has been indexed from Securelist This report provides insight into 2021 financial threat trends and statistics, including data on banking malware for Windows and Android, banking, payment system and e-shop phishing, etc. Read the original article: Financial cyberthreats…

Read more →

This article has been indexed from Securelist In 2021, cybercriminal activity gradually decreased, and attempts to exploit the pandemic topic became less common. However, mobile malware became more advanced, and attacks more complex. Read the original article: Mobile malware evolution…

Read more →

This article has been indexed from Securelist In Q4 2021, as expected, the number of DDoS attacks rose, while DDoS botnets weaponized a Log4Shell vulnerability. In this report, we present the main DDoS trends and statistics. Read the original article:…

Read more →

This article has been indexed from Securelist Statistics on spam and phishing with the key trends in 2021: investment scams, fake streaming websites, theft of corporate credentials and COVID-19. Read the original article: Spam and phishing in 2021

Read more →

This article has been indexed from Securelist We’ve observed some new activities by Roaming Mantis in 2021, and some changes in the Wroba malware that’s mainly used in this campaign. Furthermore, we discovered that France and Germany were added as…

Read more →

This article has been indexed from Securelist This report contains statistics and observations on vulnerabilities, phishing schemes and malware related to telehealth. Read the original article: Telehealth: A New Frontier in Medicine—and Security

Read more →

This article has been indexed from Securelist This report contains statistics and observations on vulnerabilities, phishing schemes and malware related to telehealth. Read the original article: Telehealth: A New Frontier in Medicine—and Security

Read more →

This article has been indexed from Securelist At the end of 2021, we inspected UEFI firmware that was tampered with to embed a malicious code we dub MoonBounce. In this report we describe how the MoonBounce implant works and how…

Read more →

This article has been indexed from Securelist Kaspersky ICS CERT has uncovered a number of spyware campaigns targeting industrial enterprises. Read the original article: Campaigns abusing corporate trusted infrastructure hunt for corporate credentials on ICS networks

Read more →

This article has been indexed from Securelist It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group’s illegal income. Read the original article: The BlueNoroff cryptocurrency hunt…

Read more →

This article has been indexed from Securelist Kaspersky Safe Kids statistics on categories of websites, mobile apps and YouTube searches, plus some suggestions on what to buy children for Christmas this year. Read the original article: Choosing Christmas gifts for…

Read more →

This article has been indexed from Securelist Check out the answers to some of users’ biggest security questions about the Log4Shell vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105). Read the original article: Answering Log4Shell-related questions

Read more →

This article has been indexed from Securelist How to trick the machine-learning model in Anti-Spam designed to detect and quarantine suspicious e-mails, and how to detect such attacks. Read the original article: How and why do we attack our own…

Read more →

This article has been indexed from Securelist Kaspersky ICS CERT experts identified malware whose loader has some similarities to the Manuscrypt malware, which is part of the Lazarus APT group’s arsenal. Read the original article: PseudoManuscrypt: a mass-scale spyware attack…

Read more →

This article has been indexed from Securelist Key statistics for 2021: miners, ransomware, trojan bankers and other financial malware, zero-day vulnerabilities and exploits, web attacks, threats for macOS and IoT. Read the original article: Kaspersky Security Bulletin 2021. Statistics

Read more →

This article has been indexed from Securelist Several interesting attacks detected by Kaspersky Managed Detection and Response (MDR): two PrintNightmare exploitation attempts, MuddyWater attack and LSASS credential dumping. Read the original article: Kaspersky Managed Detection and Response: interesting cases

Read more →

This article has been indexed from Securelist We found a suspicious binary and determined it as an IIS module, aimed at stealing credentials and enabling remote command execution from OWA. We named the malicious module ‘Owowa’, Read the original article:…

Read more →

This article has been indexed from Securelist The summary of the critical vulnerability CVE-2021-44228 in the Apache Log4j library, technical details and mitigations. Read the original article: CVE-2021-44228 vulnerability in Apache Log4j library

Read more →

This article has been indexed from Securelist We’ve analyzed the life cycle of phishing pages, how they transform during their active period, and the domains where they’re located. Read the original article: The life cycle of phishing pages

Read more →

This article has been indexed from Securelist In the past twelve months, the word “ransomware” has popped up in countless headlines worldwide across both print and digital publications. But how did we get here and what has changed about the…

Read more →

This article has been indexed from Securelist For this annual review, we have tried to focus on what we consider to be the most interesting trends and developments of the last 12 months. Read the original article: APT annual review…

Read more →

This article has been indexed from Securelist The ScarCruft group (also known as APT37 or Temp.Reaper) is a nation-state sponsored APT actor. Recently, we had an opportunity to perform a deeper investigation on a host compromised by this group. Read…

Read more →

This article has been indexed from Securelist In this report we provide details on a malicious VBS implant distributed via MS Excel droppers and a fake “Kaspersky Update Agent” which we attribute to WIRTE APT who may be linked to…

Read more →

This article has been indexed from Securelist WildPressure and LuminousMoth threat actors, FinSpy implants, zero-day vulnerabilities and PrintNightmare, threats for Linux and macOS in our review of Q3 2021. Read the original article: IT threat evolution Q3 2021

Read more →

This article has been indexed from Securelist PC threat statistics for Q3 2021 contain data on miners, encrypting ransomware, financial malware, and threats to Windows, macOS and IoT. Read the original article: IT threat evolution in Q3 2021. PC statistics

Read more →

This article has been indexed from Securelist In Q3 2021, 9,599,519 malware, adware and riskware attacks on mobile devices were prevented. Read the original article: IT threat evolution in Q3 2021. Mobile statistics

Read more →

This article has been indexed from Securelist In recent years, we have observed various trends in the changing threat landscape for industrial enterprises. We can say with high confidence that many of these trends will not only continue, but gain…

Read more →

This article has been indexed from Securelist We are going to analyze the forecasts we made at the end of 2020, go through the key events of 2021 relating to financial attacks and make some forecasts about them in 2022.…

Read more →

This article has been indexed from Securelist We constantly monitor the landscape of shopping-related threats and release a report tracking the latest criminal activity targeting online shoppers. Here’s what we found this year. Read the original article: Black Friday 2021:…

Read more →

This article has been indexed from Securelist Over the past 12 months, the style and severity of APT threats has continued to evolve. Despite their constantly changing nature, there is a lot we can learn from recent APT trends to…

Read more →

This article has been indexed from Securelist 2020–2021 report on malware, unwanted software and phishing schemes using streaming services Netflix, Apple TV, Amazon Prime, Hulu and Disney+ as a lure. Read the original article: Streaming wars continue — what about…

Read more →

This article has been indexed from Securelist This report provides DDoS attack statistics for Q3 2021, as well as a news roundup and forecasts for the next quarter. Read the original article: DDoS attacks in Q3 2021

Read more →

This article has been indexed from Securelist This report contains spam and phishing statistics for Q3 2021, plus descriptions of scams linked to the Olympics, Euro 2020, COVID-19, and other relevant events. Read the original article: Spam and phishing in…

Read more →

This article has been indexed from Securelist How we took part in the Machine Learning Security Evasion Competition (MLSEC) — a series of trials testing contestants’ ability to create and attack machine learning models. Read the original article: How we…

Read more →

This article has been indexed from Securelist Go programs may contain hundreds of calls, it is obviously impractical to manually look up each type using a hex editor. So, there is the script I use in my daily work. Read…

Read more →

This article has been indexed from Securelist The APT trends reports are based on our threat intelligence research and provide a representative snapshot of what we have discussed in greater detail in our private APT reports. This is our latest…

Read more →

This article has been indexed from Securelist This report shares our insights into the Russian-speaking cybercrime world and the changes in how it operates that have happened in the past five years. Read the original article: Russian-speaking cybercrime evolution: What…

Read more →

This article has been indexed from Securelist In this article we describe the functionality of the Trickbot (aka TrickLoader or Trickster) banking malware modules and provide a tip on how to download and analyze these modules. Read the original article:…

Read more →

This article has been indexed from Securelist According to older public researches, Lyceum conducted operations against organizations in the energy and telecommunications sectors across the Middle East. In 2021, we have been able to identify a new cluster of the…

Read more →

This article has been indexed from Securelist John Southworth gives insights about APT41 and the malware used by the threat actor – the Motnug loader and its descendant, the ChaCha loader; also, shares some thoughts on the actor’s attribution and…

Read more →

This article has been indexed from Securelist We detected attacks with the use of an elevation of privilege exploit on multiple Microsoft Windows servers. Variants of the malware payload used along with the zero-day exploit were detected in widespread espionage…

Read more →

This article has been indexed from Securelist How to build up a fascinating story from a hardcore APT report? Sitting by the virtual fireside, Brian Bartholomew and Christopher Bing will discuss how malware researchers and investigative journalists can help each…

Read more →

This article has been indexed from Securelist Experts from NTT Security (Japan) will cover a new APT named Operation Software Concepts. They will share details about this multi-stage attack campaign targeting government and defense sector. Read the original article: SAS…

Read more →

This article has been indexed from Securelist Statistics on ransomware attacks in the CIS and technical descriptions of Trojans, including BigBobRoss/TheDMR, Crysis/Dharma, Phobos/Eking, Cryakl/CryLock, CryptConsole, Fonix/XINOF, Limbozar/VoidCrypt, Thanos/Hakbit and XMRLocker. Read the original article: Ransomware in the CIS

Read more →

This article has been indexed from Securelist While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. With a long-standing operation, high profile victims, advanced toolset…

Read more →

This article has been indexed from Securelist We discovered a campaign delivering the Tomiris backdoor that shows a number of similarities with the Sunshuttle malware distributed by DarkHalo APT and target overlaps with Kazuar. Read the original article: DarkHalo after…

Read more →

This article has been indexed from Securelist FinSpy, also known as FinFisher or Wingbird, is an infamous surveillance toolset, we has been tracking deployments of this spyware since 2011. In the report we decided to share some of our unseen…

Read more →

This article has been indexed from Securelist We take a closer look at threats linked to loss of accounts with popular video game digital distribution services, such as Steam and Origin. We also explore the kind of game-related data that…

Read more →

This article has been indexed from Securelist What do cyberthreats, Kubernetes and donuts have in common – except that all three end in “ts”, that is? All these topics will be mentioned during the new SAS@Home online conference, scheduled for…

Read more →

This article has been indexed from Securelist In this article we demonstrate a detection evasion technique using CLR that may be useful for penetration testing as well as a couple of tips for SOCs to help detect such attacks. Read…

Read more →

This article has been indexed from Securelist Last week, Microsoft reported the RCE vulnerability CVE-2021-40444 in the MSHTML browser engine. Kaspersky is aware of targeted attacks using this vulnerability, and our products protect against attacks leveraging it. Read the original…

Read more →

This article has been indexed from Securelist This report discusses the statistics gathered by Kaspersky Safe Kids on the websites and apps children use, and on children’s YouTube search queries in summer 2021. Read the original article: Summer 2021: Friday…

Read more →

This article has been indexed from Securelist We deliver a range of services: incident response, digital forensics and malware analysis. Data in the report comes from our daily practices with organizations seeking assistance with full-blown incident response or complementary expert…

Read more →

This article has been indexed from Securelist We deliver a range of services: incident response, digital forensics and malware analysis. Data in the report comes from our daily practices with organizations seeking assistance with full-blown incident response or complementary expert…

Read more →

This article has been indexed from Securelist Statistics on industrial automation system threats in the first half of 2021: by Kaspersky ICS CERT: share of attacked ICS computers, detected malware etc. Read the original article: Threat landscape for industrial automation…

Read more →

This article has been indexed from Securelist On August 31, 2021 we ran a joint webinar between VirusTotal and Kaspersky, with a focus on YARA rules best practices and real world examples. In this post, we answer your questions that…

Read more →

This article has been indexed from Securelist This report contains technical analysis of the Trojan-Banker named QakBot (aka QBot, QuackBot or Pinkslipbot) and its information stealing, web injection and other modules. Read the original article: QakBot technical analysis

Read more →

This article has been indexed from Securelist We discovered that the Trojan Triada snook into one of modified versions of the WhatsApp messenger called FMWhatsapp 16.80.0 together with the advertising software development kit (SDK). Read the original article: Triada Trojan…

Read more →

This article has been indexed from Securelist We discovered that the Trojan Triada snook into one of modified versions of the WhatsApp messenger called FMWhatsapp 16.80.0 together with the advertising software development kit (SDK). Read the original article: Triada Trojan…

Read more →

This article has been indexed from Securelist In this report, you will find statistics and other information about gaming-related malware, phishing schemes and other threats in 2020 and the first half of 2021. Read the original article: Gaming-related cyberthreats in…

Read more →

This article has been indexed from Securelist PC threat statistics for Q2 2021 contain data on miners, encrypting ransomware, financial malware and threats to Windows, macOS and IoT. Read the original article: IT threat evolution in Q2 2021. PC statistics

Read more →

This article has been indexed from Securelist In Q2 2021, we prevented 14,465,672 mobile malware, adware and riskware attacks; 886,105 malicious installation packages were detected, of which 24,604 packages were mobile banking Trojans and 3,623 packages were mobile ransomware Trojans.…

Read more →

This article has been indexed from Securelist Ferocious Kitten, TunnelSnake, PuzzleMaker and other threat actors, zero-day vulnerabilities, ransomware and banking Trojans – check out our review of Q2 2021. Read the original article: IT threat evolution Q2 2021

Read more →