PSexec – WindowsTechs.com

For many crooks, malware is out and PowerShell attacks are in, IBM says

Posted on February 26, 2019 by Jeff Stone

Digital thieves are ditching traditional forms of cybercrime in favor of more subtle techniques that apparently help them avoid detection, IBM says. Scammers are moving away from the use of malicious software, opting instead to exploit administrative tools to target business and organizations, according to a report published Tuesday by the company’s X-Force Threat Intelligence team. Nation-state hacking groups appear to have started the trend, but it seems to have spread throughout the broader cybercriminal black market. FireEye said in 2017 it detected a suspected Iranian group using similar techniques to collect reconnaissance about global critical infrastructure companies. IBM’s report says such tactics are everywhere now. Fifty-seven percent of the attacks IBM detected used common, otherwise benign applications like PsExec or PowerShell, a tool that can execute code from memory. Just 29 percent used more traditional phishing attacks. IBM says. This tactic enables hackers to evade antivirus protection and other common security controls. “PowerShell is useful in data […]

The post For many crooks, malware is out and PowerShell attacks are in, IBM says appeared first on CyberScoop.

Continue reading For many crooks, malware is out and PowerShell attacks are in, IBM says→

New POS Malware PinkKite Takes Flight

Posted on March 14, 2018 by Tom Spring

Researchers shed light on a newly discovered family of point of sale malware that is extremely small in size and adept at siphoning credit card numbers from POS endpoints. Continue reading New POS Malware PinkKite Takes Flight→

Mamba Ransomware Resurfaces in Brazil, Saudi Arabia

Posted on August 9, 2017 by Michael Mimoso

Researchers at Kaspersky Lab have seen a resurgence of Mamba ransomware pop up recently in Brazil and Saudi Arabia. Continue reading Mamba Ransomware Resurfaces in Brazil, Saudi Arabia→

EternalPetya – yet another stolen piece in the package?

Posted on June 30, 2017 by Malwarebytes Labs

Since 27th June we’ve been investigating the outbreak of the new Petya-like malware armed with an infector similar to WannaCry. Since the day one, various contradicting theories started popping up. Some believed, that it is a rip-off the original Petya, others – that it is another step in its evolution. However, so far, those were just different opinions, and none of them was backed up with enough evidence. In this post, we will try to fill this gap, by making a step-by-step comparison of the current kernel and the one on which it is based (Goldeneye Petya).

Categories:

Tags: attribution EternalPetya hasherezade hexedit janus Malwarebytes NotPetya NSA petya psexec ransomware

Continue reading EternalPetya – yet another stolen piece in the package?→

New Petya Distribution Vectors Bubbling to Surface

Posted on June 28, 2017 by Michael Mimoso

Microsoft has made a definitive link between MEDoc and initial distribution of the Petya ransomware. Kaspersky Lab, meanwhile, has identified a Ukrainian government website used in a watering hole attack. Continue reading New Petya Distribution Vectors Bubbling to Surface→

Complex Petya-Like Ransomware Outbreak Worse than WannaCry

Posted on June 27, 2017 by Michael Mimoso

Today’s global ransomware attack is spreading via EternalBlue and through local networks using PSEXEC and WMIC. Continue reading Complex Petya-Like Ransomware Outbreak Worse than WannaCry→

Vendetta Brothers Cyber Crooks Adopt Real World Tactics

Posted on September 29, 2016 by Tom Spring

The Vendetta Brothers have mastered the real-world art of organized crime – outsourcing, partnerships, diversification and insulating liability. Continue reading Vendetta Brothers Cyber Crooks Adopt Real World Tactics→