OlympicDestroyer is here to trick the industry

A couple of days after the opening ceremony of the Winter Olympics in Pyeongchang, South Korea, we received information from several partners, on the condition of non-disclosure TLP:Red, about a devastating malware attack on the Olympic infrastructure. A quick peek inside the malware revealed a...

2017 in Snort Signatures.

This post was written by Martin Lee and Vanja Svajcer. 2017 was an eventful year for cyber security with high profile vulnerabilities that allowed self-replicating worm attacks such as WannaCry and BadRabbit to impact organizations throughout the world. In 2017, Talos researchers discovered many...

Infographic: Cyberattacks by the Numbers

As the calendar shifted from December 2016 to January 2017, the prospect of a large-scale cyberattack loomed. Questions over the possible hacking of the 2016 U.S. presidential election swirled and businesses faced a growing attack vector in ransomware. In 2016, ransomware was estimated to be an...

Infographic: Cyberattacks by the Numbers

As the calendar shifted from December 2016 to January 2017, the prospect of a large-scale cyberattack loomed. Questions over the possible hacking of the 2016 U.S. presidential election swirled and businesses faced a growing attack vector in ransomware. In 2016, ransomware was estimated to be an...

Carbon Black 2017 Threat Report: Non-Malware Attacks and Ransomware Continue to Own the Spotlight

As the calendar shifted from December 2016 to January 2017, the prospect of a large-scale cyberattack loomed. Questions over the possible hacking of the 2016 U.S. presidential election swirled and businesses faced a growing attack vector in ransomware. In 2016, ransomware was estimated to be an...

Kaspersky Security Bulletin: Review of the Year 2017

Introduction The end of the year is a good time to take stock of the main cyberthreat incidents that took place over the preceding 12 months or so. To reflect on the impact these events had on organizations and individuals, and consider what they could mean for the overall evolution of the threat...

Carbon Black TAU Threat Analysis: A Deeper Look at BadRabbit Shows Overlapping Similarities to NotPetya

BadRabbit was a ransomware variant initially detected in the wild on October 24, 2017. On that day, Carbon Black and several other research organizations conducted triage analysis of the sample and provided write ups. Carbon Black also provided an internal post in the User Exchange documenting IO...

A week in security (October 23 – October 29)

Welcome back to "A week in security." Last week, we took a look at how deleted files can be recovered, explored the BadRabbit ransomware plague attacking Eastern Europe including a deep dive into the code, and talked about what it takes to work in security. One of our researchers, who is a PhD...

Bad Rabbit Ransomware – What is it and how to stay safe

Trend Micro is tracking multiple reports of ransomware infections, known as Bad Rabbit, in many countries around the world. A suspected variant of Petya, Bad Rabbit is ransomware—malicious software that infects a computer and restricts user access to the infected machine until a ransom is paid to...

October 27, 2017 – Morning Cyber Coffee Headlines – “Stranger Things” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! October 27, 2017 - Headlines Carbon Black in the News: The push toward...

BACKSWING - Pulling a BADRABBIT Out of a Hat

Executive Summary On Oct. 24, 2017, coordinated strategic web compromises started to distribute BADRABBIT ransomware to unwitting users. FireEye appliances detected the download attempts and blocked our user base from infection. During our investigation into the activity, FireEye identified a...

BACKSWING - Pulling a BADRABBIT Out of a Hat

Executive Summary On Oct. 24, 2017, coordinated strategic web compromises started to distribute BADRABBIT ransomware to unwitting users. FireEye appliances detected the download attempts and blocked our user base from infection. During our investigation into the activity, FireEye identified a...

BadRabbit: a closer look at the new version of Petya/NotPetya

Petya/NotPetya aka EternalPetya, made headlines in June, due to it's massive attack on Ukraine. Today, we noted an outbreak of a similar-looking malware, called BadRabbit, probably prepared by the same authors. Just like the previous edition, BadRabbit has an infector allowing for lateral...

BadRabbit ransomware strikes Eastern Europe

A new strain of ransomware called BadRabbit is spreading through Eastern Europe. Likely created by the same authors as the Petya/Not Petya ransomware outbreak in June, BadRabbit ransomware uses a website to drop a fake Flash update and then drops its payload. Click to view slideshow. Countries we...

BadRabbit Ransomware Attacks Hitting Russia, Ukraine

A ransomware attack has put a halt to business inside a handful of Russian media outlets and a number of major organizations in the Ukraine, including Kiev’s public transportation system and the country’s Odessa airport. The attacks are known as Bad Rabbit and harken back to the ExPetr/NotPetya...

‘BadRabbit’ Ransomware Burrows Into Russia, Ukraine

ARCHIVED STORY ‘BadRabbit’ Ransomware Burrows Into Russia, Ukraine By Raj Samani · October 24, 2017 This post was researched and written by Tim Hux, David Marcus, Charles McFarland, Douglas McKee, and Raj Samani. McAfee is currently investigating a ransomware campaign known as BadRabbit, which...

‘BadRabbit’ Ransomware Burrows Into Russia, Ukraine

ARCHIVED STORY ‘BadRabbit’ Ransomware Burrows Into Russia, Ukraine By Raj Samani · October 24, 2017 This post was researched and written by Tim Hux, David Marcus, Charles McFarland, Douglas McKee, and Raj Samani. McAfee is currently investigating a ransomware campaign known as BadRabbit, which...

Immunity Canvas: MS17_010

Name| ms17010 ---|--- CVE| CVE-2017-0143, CVE-2017-0146 Exploit Pack| CANVAS Description| MS17-010 Notes| CVE Name: CVE-2017-0143, CVE-2017-0146 VENDOR: Microsoft NOTES: https://github.com/worawit/MS17-010 https://www.crowdstrike.com/blog/badrabbit-ms17-010-exploitation-part-one-leak-and-control/...

Suspected Ransomware Dropzone

A remote attacker could send spam e-mails including a downloader and manipulate users to manually enable them. This would allow the malicious code to run and infect the target system. This behavior has been used, among others, by ransomwares such as BadRabbit...