Collaborate Disseminate
It is a trend that is not going away – cybercriminals will always be attempting to circumvent security defenses with the assistance of increasingly sophisticated techniques. This leads us to the so-called fileless malware where the effectiveness … Continue reading PowerShell Malware Attacks Increasingly Sophisticated in 2018
Security researchers have spotted the first-ever ransomware exploiting Process Doppelgänging, a new fileless code injection technique that could help malware evade detection.
The Process Doppelgänging attack takes advantage of a built-in Windows funct… Continue reading First-Ever Ransomware Found Using ‘Process Doppelgänging’ Attack to Evade Detection
Attackers are determined to circumvent security defenses using increasingly sophisticated techniques. Fileless malware boosts the stealth and effectiveness of an attack, and two of last years major ransomware outbreaks (Petya and WannaCry) used fileles… Continue reading Now you see me: Exposing fileless malware
Hackers associated with a sophisticated Russian cybercrime ring attacked a series of banks in the U.S., U.K. and Russia, robbing at least one U.S. financial institution two separate times, according to Moscow-based cybersecurity company Group-IB. The researchers dubbed the group “Money Taker,” based on a custom, modular malware framework used to spy on banks and manipulate payment data. Security researchers say Money Taker has been active since at least 2016, targeting more than 20 organizations over the last two years. In addition to banks, victims include international law firms and financial software vendors. Money Taker is likely a criminal enterprise unaffiliated with any government, although they’ve proved to be highly-skilled, resourceful and well-equipped — similar to advanced persistent threat (APT) groups supported by a foreign government, Group-IB Director Nik Palmer told CyberScoop. “The [banking-focused] attacks were certainly conducted by a skillful targeted attack group,” explained Palmer. “The group is skillful enough to […]
The post Meet Money Taker, the latest hacking group tied to Russian cybercrime appeared first on Cyberscoop.
Continue reading Meet Money Taker, the latest hacking group tied to Russian cybercrime
When cybercrime gang FIN7 weaponized a new attack vector against Microsoft applications within a day of it being published last week, it was just the latest slick move from a threat group who’ve been consistently one step ahead of cyber defenders. A timeline of different attack vectors used by the group compiled by Morphisec researchers shows that FIN7 typically adopts a new technique within “a couple of days” of an attack being discovered, once the number of security solutions that detect it gets into double figures. The Morphisec researchers analyzed scoring of FIN7 attachment lures by VirusTotal — a service that scans files and tests them against 56 kinds of security software. “A look at Virus Total scoring reveals that when a FIN7 campaign is first active, is goes mostly undetected by security solutions. The malicious documents do not score more than 1-3 detections. Within a couple of days, security solutions update their patterns and […]
The post Fin7 weaponization of DDE is just their latest slick move, say researchers appeared first on Cyberscoop.
Continue reading Fin7 weaponization of DDE is just their latest slick move, say researchers
Since 2014, Kaspersky Lab’s Global Research and Analysis Team (GReAT) has been providing threat intelligence reports to a wide-range of customers worldwide, leading to the delivery of a full and dedicated private reporting service. Prior to the new service offering, GReAT published research online for the general public in an effort to help combat the ever-increasing threat from nation-state and other advanced actors. Continue reading APT Trends report Q2 2017
A string of data thefts targeting North American mining companies and casinos are extorting as much as $620,000 from victims. Continue reading FIN10 Extorting Canadian Mining Companies, Casinos
It is no secret that hackers and cybercriminals are becoming dramatically more adept, innovative, and stealthy with each passing day.
While new forms of cybercrime are on the rise, traditional activities seem to be shifting towards more clandestine te… Continue reading New Fileless Ransomware with Code Injection Ability Detected in the Wild
A campaign attributed to the FIN7 attackers targets restaurants with phishing emails and infected RTF Word documents that carry out fileless malware attacks. Continue reading FIN7 Hitting Restaurants with Fileless Malware
Weeks before the WannaCry ransomware spread like wildfire through unpatched Windows systems, a more sophisticated, stealthier attacker used the same NSA-engineered cyberweapon to infiltrate the IT networks of companies across the world, including at least one publicly traded in the U.S., according to new research. So stealthy was the fileless, in-memory attack, which hides itself inside the activity of a legitimate application, that it evaded five different security products running on the infected system, Gil Barak, CTO of Israeli cybersecurity firm Secdo told CyberScoop. Those products included so-called “next generation” filters that don’t rely on known signatures, he said. “Not only did they not stop the attack, they couldn’t even see it,” he said. Attackers using the technique “can pretty much do what they want, unnoticed — and then vanish.” Barak wrote a blog post on the attack and appeared with noted security researcher Jake Williams on a webcast this week where the two discussed the […]
The post Super-stealthy attackers used NSA exploit weeks before WannaCry appeared first on Cyberscoop.
Continue reading Super-stealthy attackers used NSA exploit weeks before WannaCry