Locky ransomware returns to the game with two new flavors

We recently observed a fresh malicious spam campaign pushed through the Necurs botnet distributing so far, two new variants of Locky ransomware. In our last Q2 2017 report on tactics and techniques, we mentioned that Locky ransomware had reappeared with a new extension, but went dark again for...

Locky Ransomware Variant Slips Past Some Defenses

A variant of the notorious Locky ransomware is part of a large scale email-based campaign managing to slip past the defenses of some unsuspecting companies. Beginning on Aug. 9, and lasting three days, ransomware called IKARUSdilapidated landed in tens of thousands of inboxes with email that...

Spam Domains Imitating Popular Banks Spreading Trickbot Banking Trojan

Santander Bank customers should be aware of an effective spam campaign spreading the Trickbot banking Trojan that is coming from domains similar to those used by the financial institution. Researchers at My Online Security and the SANS Institute’s Internet Storm Center say that Santander is not t...

Design/Logic Flaw

DISPUTED An issue was discovered in SMA Solar Technology products. An attacker can use Sunny Explorer or the SMAdata2+ network protocol to update the device firmware without ever having to authenticate. If an attacker is able to create a custom firmware version that is accepted by the inverter, t...

PT-2017-19226 · Sma Solar Technology · Sunny Boy Tlst-21 +3

Name of the Vulnerable Software and Affected Versions: SMA Solar Technology products, specifically Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 Description: An issue allows an attacker to update device firmware without authentication using Sunny Explorer or the SMAdata2+ network...

Hacker Sentenced to 46 Months in Prison for Spreading Linux Malware

A Russian man accused of infecting tens of thousands of computer servers worldwide to generate millions in fraudulent payments has been imprisoned for 46 months nearly four years in a United States' federal prison. 41-year-old Maxim Senakh, of Velikii Novgorod, was arrested by Finnish police in...

Suspended Sentence for Mirai Botmaster Daniel Kaye

Last month, KrebsOnSecurity identified U.K. citizen Daniel Kaye as the likely real-life identity behind a hacker responsible for clumsily wielding a powerful botnet built on Mirai, a malware strain that enslaves poorly secured Internet of Things IoT devices for use in large-scale online attacks...

British Hacker Admits Using Mirai Botnet to DDoS Deutsche Telekom

An unnamed 29-year-old man, named by authorities as "Daniel K.," pleaded guilty in a German court on Friday to charges related to the hijacking of more than one Million Deutsche Telekom routers. According to reports in the German press, the British man, who was using online monikers "Peter Parker...

Trickbot Trojan Malware Morphs, Now Targets U.S. Banks

The Trickbot banking Trojan is now targeting U.S. banks in new spam campaigns fueled by the prolific Necurs botnet. The malware has grown more potent with the introduction of a customized redirection method as part of its attacks. IBM X-Force and Flashpoint both recently spotted new Trickbot...

Botnet Tweeting, Spamming Porn Shut Down

An adult-themed botnet was found by researchers and dismantled by Twitter last month. The Twitter-based botnet consisted of 86,262 bot accounts, and over the past six months blasted out 8.6 million tweets that attempted to lure males to pornographic, dating, hookup and cheating-spouse websites...

Porn Spam Botnet Has Evil Twitter Twin

Last month KrebsOnSecurity published research into a large distributed network of apparently compromised systems being used to relay huge blasts of junk email promoting "online dating" programs -- affiliate-driven schemes traditionally overrun with automated accounts posing as women. New research...

New Point-of-Sale Malware LockPoS Hitches Ride with FlokiBot

Botnets distributing FlokiBot point-of-sale malware have awoken from months of slumber and are back in business spewing a new malware dubbed LockPoS. Researchers say the malware is still flying under the radar of many antivirus and intrusion detection systems because it’s so new. Currently, LockP...

IoT Malware Activity Already More Than Doubled 2016 Numbers

The number of new malware samples in the wild this year targeting connected internet-of-things IoT devices has already more than doubled last year’s total. Honeypots laid out by Kaspersky Lab researchers mimicking a number of connected devices running Linux have attracted more than 7,200 differen...

Honeypots and the Internet of Things

There were a number of incidents in 2016 that triggered increased interest in the security of so-called IoT or 'smart' devices. They included, among others, the record-breaking DDoS attacks against the French hosting provider OVH and the US DNS provider Dyn. These attacks are known to have been...

Inside a Porn-Pimping Spam Botnet

For several months I've been poking at a decent-sized spam botnet that appears to be used mainly for promoting adult dating sites. Having hit a wall in my research, I decided it might be good to publish what I've unearthed so far to see if this dovetails with any other research out there. In late...

Jaff Ransomware Decryption Tool Released – Don't Pay, Unlock Files for Free

Hit by Jaff Ransomware? Don't pay the Ransom. You can unlock your files for Free! Kaspersky Labs has released an updated version 1.21.2.1 of its free ransomware decryption tool, RakhniDecryptor, which can now also decrypt files locked by the Jaff ransomware. Security researchers at Kaspersky Labs...

Decryption Utility Unlocks Files Encrypted by Jaff Ransomware

A weakness discovered in Jaff ransomware by researchers has led to the creation of decryption keys to unlock files locked by the malware. “We have found a vulnerability in Jaff’s code for all the variants to date. Thanks to this, it is now possible to recover users’ files encrypted with the .jaff...

DHS, FBI Warn of North Korea 'Hidden Cobra' Strikes Against US Assets

United States top cybersecurity cops warned Tuesday that North Korean government threat actors are targeting U.S. businesses with malware and botnet-related attacks that are part of concerted effort dubbed “Hidden Cobra.” According to a United States Computer Emergency Readiness Team US-CERT...

US Warns of 'DeltaCharlie' – A North Korean DDoS Botnet Malware

The United States government has released a rare alert about an ongoing, eight-year-long North Korean state-sponsored hacking operation. The joint report from the FBI and U.S. Department of Homeland Security DHS provided details on "DeltaCharlie," a malware variant used by "Hidden Cobra" hacking...

Jaff Malware Probe Uncovers Link to Cybercrime Marketplace

An investigation into a new strain of Jaff ransomware uncovered a shared backend infrastructure between the malware and a black market bazaar selling stolen bank and credit card account information. Researchers at Heimdal Security said the cybercrime marketplace they found appeared mature, offeri...