For many crooks, malware is out and PowerShell attacks are in, IBM says

Digital thieves are ditching traditional forms of cybercrime in favor of more subtle techniques that apparently help them avoid detection, IBM says. Scammers are moving away from the use of malicious software, opting instead to exploit administrative tools to target business and organizations, according to a report published Tuesday by the company’s X-Force Threat Intelligence team. Nation-state hacking groups appear to have started the trend, but it seems to have spread throughout the broader cybercriminal black market. FireEye said in 2017 it detected a suspected Iranian group using similar techniques to collect reconnaissance about global critical infrastructure companies. IBM’s report says such tactics are everywhere now. Fifty-seven percent of the attacks IBM detected used common, otherwise benign applications like PsExec or PowerShell, a tool that can execute code from memory. Just 29 percent used more traditional phishing attacks. IBM says. This tactic enables hackers to evade antivirus protection and other common security controls. “PowerShell is useful in data […]

The post For many crooks, malware is out and PowerShell attacks are in, IBM says appeared first on CyberScoop.

Continue reading For many crooks, malware is out and PowerShell attacks are in, IBM says

New POS Malware PinkKite Takes Flight

Researchers shed light on a newly discovered family of point of sale malware that is extremely small in size and adept at siphoning credit card numbers from POS endpoints. Continue reading New POS Malware PinkKite Takes Flight

EternalPetya – yet another stolen piece in the package?

Since 27th June we’ve been investigating the outbreak of the new Petya-like malware armed with an infector similar to WannaCry. Since the day one, various contradicting theories started popping up. Some believed, that it is a rip-off the original Petya, others – that it is another step in its evolution. However, so far, those were just different opinions, and none of them was backed up with enough evidence. In this post, we will try to fill this gap, by making a step-by-step comparison of the current kernel and the one on which it is based (Goldeneye Petya).

Categories:

Tags:

(Read more…)

The post EternalPetya – yet another stolen piece in the package? appeared first on Malwarebytes Labs.

Continue reading EternalPetya – yet another stolen piece in the package?

New Petya Distribution Vectors Bubbling to Surface

Microsoft has made a definitive link between MEDoc and initial distribution of the Petya ransomware. Kaspersky Lab, meanwhile, has identified a Ukrainian government website used in a watering hole attack. Continue reading New Petya Distribution Vectors Bubbling to Surface