Email campaigns leverage updated DBatLoader to deliver RATs, stealers

IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. Explore the analysis.

The post Email campaigns leverage updated DBatLoader to deliver RATs, stealers appeared first on Security Intelligence.

Continue reading Email campaigns leverage updated DBatLoader to deliver RATs, stealers

Remote access detection in 2023: Unmasking invisible fraud

In the ever-evolving fraud landscape, fraudsters have shifted their tactics from using third-party devices to on-device fraud. Now, users face the rising threat of fraud involving remote access tools (RATs), while banks and fraud detection vendors struggle with new challenges in detecting this invisible threat. Let’s examine the modus operandi of fraudsters, prevalence rates across […]

The post Remote access detection in 2023: Unmasking invisible fraud appeared first on Security Intelligence.

Continue reading Remote access detection in 2023: Unmasking invisible fraud

Hive0117 Continues Fileless Malware Delivery in Eastern Europe

Through continued research into the ongoing cyber activity throughout Eastern Europe, IBM Security X-Force identified a phishing email campaign by Hive0117, likely a financially motivated cybercriminal group, from February 2022, designed to deliver the fileless malware variant dubbed DarkWatchman. The campaign masquerades as official communications from the Russian Government’s Federal Bailiffs Service, the Russian-language emails […]

The post Hive0117 Continues Fileless Malware Delivery in Eastern Europe appeared first on Security Intelligence.

Continue reading Hive0117 Continues Fileless Malware Delivery in Eastern Europe

RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation

In a recent collaboration to investigate a rise in malware infections featuring a commercial remote access trojan (RAT), IBM Security X-Force and Cipher Tech Solutions (CT), a defense and intelligence security firm, investigated malicious activity that spiked in the first quarter of 2021. With over 1,300 malware samples collected, the teams analyzed the delivery of […]

The post RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation appeared first on Security Intelligence.

Continue reading RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation

Attacks on Operational Technology From IBM X-Force and Dragos Data

Operational Technology Threats in 2021: Ransomware, Remote Access Trojans and Targeted Threat Groups Organizations with operational technology (OT) networks face many unique — and often complicated — considerations when it comes to cybersecurity threats. One of the main challenges facing the community is the convergence of an increasingly OT-aware and capable threat landscape with the […]

The post Attacks on Operational Technology From IBM X-Force and Dragos Data appeared first on Security Intelligence.

Continue reading Attacks on Operational Technology From IBM X-Force and Dragos Data

Taking Over the Overlay: Reconstructing a Brazilian Remote Access Trojan (RAT)

IBM X-Force researchers detected, reverse engineered, reconstructed and simulated a Delphi-based Brazilian remote access Trojan.

The post Taking Over the Overlay: Reconstructing a Brazilian Remote Access Trojan (RAT) appeared first on Security Intelligence.

Continue reading Taking Over the Overlay: Reconstructing a Brazilian Remote Access Trojan (RAT)

Taking Over the Overlay: What Triggers the AVLay Remote Access Trojan (RAT)?

IBM X-Force researchers discovered, reverse engineered and reconstructed AVLay, a remote access Trojan that mixes DLL hijacking with a legitimate executable borrowed from various antivirus programs.

The post Taking Over the Overlay: What Triggers the AVLay Remote Access Trojan (RAT)? appeared first on Security Intelligence.

Continue reading Taking Over the Overlay: What Triggers the AVLay Remote Access Trojan (RAT)?

Don’t Let Remote Management Software Contribute to Building Botnets

IT leaders must be vigilant when using remote management software. Attackers can exploit these tools to infect devices with malware and build botnets.

The post Don’t Let Remote Management Software Contribute to Building Botnets appeared first on Security Intelligence.

Continue reading Don’t Let Remote Management Software Contribute to Building Botnets