Lucene search
K
SecurelistMost viewed

1025 matches found

Securelist
Securelist
added 2023/08/30 10:0 a.m.34 views

IT threat evolution in Q2 2023. Mobile statistics

IT threat evolution in Q2 2023 IT threat evolution in Q2 2023. Non-mobile statistics IT threat evolution in Q2 2023. Mobile statistics These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Quarterly figures Accordin...

7AI score
Exploits0
Securelist
Securelist
added 2021/08/24 10:0 a.m.34 views

Triada Trojan in WhatsApp mod

WhatsApp users sometimes feel the official app is lacking a useful feature of one sort or another, be it animated themes, self-destructing messages which automatically delete themselves, the option of hiding certain conversations from the main list, automatic translation of messages, or the optio...

7.2AI score
Exploits0
Securelist
Securelist
added 2020/12/15 10:0 a.m.34 views

Kaspersky Security Bulletin 2020. Statistics

All statistics in this report are from the global cloud service Kaspersky Security Network KSN, which receives information from components in our security solutions. The data was obtained from users who have given their consent to it being sent to KSN. Millions of Kaspersky users around the globe...

2.8AI score
Exploits0
Securelist
Securelist
added 2018/11/28 10:0 a.m.34 views

Kaspersky Security Bulletin 2018. Story of the year: miners

Kaspersky Security Bulletin 2018. Statistics Kaspersky Security Bulletin 2018. Top security stories Kaspersky Security Bulletin 2018. Threat Predictions for 2019 Cryptocurrency miners that infect the computers of unsuspecting users essentially operate according to the same business model as...

7.1AI score
Exploits0
Securelist
Securelist
added 2023/07/28 10:0 a.m.33 views

Anomaly detection in certificate-based TGT requests

One of the most complex yet effective methods of gaining unauthorized access to corporate network resources is an attack using forged certificates. Attackers create such certificates to fool the Key Distribution Center KDC into granting access to the target companys network. An example of such an...

7.4AI score
Exploits0
Securelist
Securelist
added 2023/06/27 6:0 a.m.33 views

How cybercrime is impacting SMBs in 2023

According to the United Nations, small and medium-sized businesses SMBs constitute 90 percent of all companies and contribute 60 to 70 percent of all jobs in the world. They generate 50 percent of global gross domestic product and form the backbone of most countries economies. Hit hardest by the...

7.5AI score
Exploits0
Securelist
Securelist
added 2022/12/08 10:0 a.m.33 views

DeathStalker targets legal entities with new Janicab variant

Just to clarify, the above subheading isnt a normal quote, but a message that Janicab malware attempted to decode in its newest use of YouTube dead-drop resolvers DDRs. While hunting for less common Deathstalker intrusions that use the Janicab malware family, we identified a new Janicab variant...

0.1AI score
Exploits0
Securelist
Securelist
added 2022/11/10 8:0 a.m.33 views

The state of cryptojacking in the first three quarters of 2022

Cryptocurrency prices were dropping from the end of 2021 and throughout the first half of 2022. Although finance experts and retail investors estimate crypto to have a solid chance of recovery in the long term, at the time of writing this report the prices remain low. However, cybercriminals are...

Exploits0
Securelist
Securelist
added 2022/07/25 10:0 a.m.33 views

CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit

Introduction Rootkits are malware implants which burrow themselves in the deepest corners of the operating system. Although on paper they may seem attractive to attackers, creating them poses significant technical challenges and the slightest programming error has the potential to completely cras...

0.8AI score
Exploits0
Securelist
Securelist
added 2022/02/01 10:0 a.m.33 views

Telehealth: a new frontier in medicine—and security

Telehealth today doesnt just involve chatting with a doctor via a video-conferencing application. Its become an entire collection of rapidly developing technologies and products that includes specialized applications, wearable devices, implantable sensors, and cloud databases, many of which have...

0.3AI score
Exploits0
Securelist
Securelist
added 2020/10/19 10:0 a.m.33 views

GravityRAT: The spy returns

In 2018, researchers at Cisco Talos published a post on the spyware GravityRAT, used to target the Indian armed forces. The Indian Computer Emergency Response Team CERT-IN first discovered the Trojan in 2017. Its creators are believed to be Pakistani hacker groups. According to our information, t...

0.2AI score
Exploits0
Securelist
Securelist
added 2018/05/18 10:0 a.m.33 views

Roaming Mantis dabbles in mining and phishing multilingually

In April 2018, Kaspersky Lab published a blogpost titled 'Roaming Mantis uses DNS hijacking to infect Android smartphones'. Roaming Mantis uses Android malware which is designed to spread via DNS hijacking and targets Android devices. This activity is located mostly in Asia South Korea, Banglades...

6.9AI score
Exploits0
Securelist
Securelist
added 2024/11/14 9:0 a.m.32 views

Сrimeware and financial cyberthreats in 2025

Kaspersky's Global Research and Analysis Team constantly monitors known and emerging cyberthreats directed at the financial industry, with banks and fintech companies being the most targeted. We also closely follow threats that aim to infiltrate a wider range of industries, namely ransomware...

7.5AI score
Exploits0
Securelist
Securelist
added 2024/07/08 7:0 a.m.32 views

CloudSorcerer – A new APT targeting Russian government entities

In May 2024, we discovered a new advanced persistent threat APT targeting Russian government entities that we dubbed CloudSorcerer. Its a sophisticated cyberespionage tool used for stealth monitoring, data collection, and exfiltration via Microsoft Graph, Yandex Cloud, and Dropbox cloud...

7.2AI score
Exploits0
Securelist
Securelist
added 2024/06/10 10:0 a.m.32 views

Bypassing 2FA with phishing and OTP bots

Introduction Two-factor authentication 2FA is a security feature we have come to expect as standard by 2024. Most of todays websites offer some form of it, and some of them wont even let you use their service until you enable 2FA. Individual countries have adopted laws that require certain types ...

7.2AI score
Exploits0
Securelist
Securelist
added 2024/06/03 10:0 a.m.32 views

IT threat evolution in Q1 2024. Mobile statistics

IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics Quarterly figures According to Kaspersky Security Network, in Q1 2024: 10.1 million attacks using malware, adware, or unwanted mobile software were blocked. The most commo...

7.9AI score
Exploits0
Securelist
Securelist
added 2023/06/20 10:0 a.m.32 views

A bowl full of security problems: Examining the vulnerabilities of smart pet feeders

Introduction In todays interconnected world, more and more devices are being connected to the internet, including everyday household items like pet feeders that are becoming smart by virtue of this simple fact. However, as these devices become more sophisticated, they also become more vulnerable ...

8.7AI score
Exploits0
Securelist
Securelist
added 2022/12/14 10:0 a.m.32 views

Reassessing cyberwarfare. Lessons learned in 2022

At this point, it has become cliché to say that nothing in 2022 turned out the way we expected. We left the COVID-19 crisis behind hoping for a long-awaited return to normality and were immediately plunged into the chaos and uncertainty of a twentieth-century-style military conflict that posed...

0.1AI score
Exploits0
Securelist
Securelist
added 2020/12/02 12:0 p.m.32 views

Healthcare security in 2021

The pandemic has turned 2020 into a year of medicine and information technology. The remarkable surge in the criticality level of medical infrastructure, coupled with feasible across-the-board digitalization, led to many of our last years predictions coming true much sooner than expected. As we...

6.8AI score
Exploits0
Securelist
Securelist
added 2020/11/09 10:0 a.m.32 views

Ghimob: a Tétrade threat actor moves to infect mobile devices

Guildma, a threat actor that is part of the Tétrade family of banking trojans, has been working on bringing in new techniques, creating new malware and targeting new victims. Recently, their new creation, the Ghimob banking trojan, has been a move toward infecting mobile devices, targeting...

0.8AI score
Exploits0
Securelist
Securelist
added 2020/09/03 11:0 a.m.32 views

IT threat evolution Q2 2020. Mobile statistics

IT threat evolution Q2 2020. Review IT threat evolution Q2 2020. PC statistics These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data. Quarterly figures According to Kaspersky Security Network, the second quarter saw:...

0.9AI score
Exploits0
Securelist
Securelist
added 2020/05/19 4:50 p.m.32 views

Verizon’s 2020 DBIR

Verizon's 2020 DBIR is out, you can download a copy or peruse their publication online. Kaspersky was a contributor once again, and we are happy to provide generalized incident data from our unique and objective research. We have contributed to this project and others like it for years now. This...

1.4AI score
Exploits0
Securelist
Securelist
added 2018/11/26 10:0 a.m.32 views

Cryptocurrency threat predictions for 2019

Kaspersky Security Bulletin: Threat Predictions for 2019 Threat predictions for industrial security in 2019 Cyberthreats to financial institutions 2019: overview and predictions Introduction – key events in 2018 2018 saw cryptocurrency become an established part of many people's lives, and a more...

0.3AI score
Exploits0
Securelist
Securelist
added 2018/08/21 10:0 a.m.32 views

Dark Tequila Añejo

Dark Tequila is a complex malicious campaign targeting Mexican users, with the primary purpose of stealing financial information, as well as login credentials to popular websites that range from code versioning repositories to public file storage accounts and domain registrars. A multi-stage...

0.5AI score
Exploits0
Securelist
Securelist
added 2026/07/03 10:0 a.m.31 views

Armored Likho digging a snake pit: inside the covert BusySnake Stealer campaign

Introduction During our routine threat monitoring, we uncovered a new phishing campaign tied to a previously unknown APT group that we dubbed Armored Likho also known as Eagle Werewolf based on circumstantial evidence. This targeted campaign focuses heavily on government agencies and the electric...

6.5AI score
Exploits0
Securelist
Securelist
added 2026/06/30 10:0 a.m.31 views

ToddyCat: your hidden email assistant. Part 2

Introduction We continue to share details on the malicious techniques and toolsets used by the ToddyCat APT group. In the first part of this report, we examined the group's attacks aimed at stealing data from browsers, as well as from local and cloud email services. The methods used in that...

5.9AI score
Exploits0
Securelist
Securelist
added 2024/02/27 3:0 p.m.31 views

An educational robot security research

In the modern world, we are surrounded by a multitude of smart devices that simplify our daily lives: smart speakers, robotic vacuum cleaners, automatic pet feeders and even entire smart homes. Toy manufacturers are striving to keep up with these trends, releasing more and more models that can al...

8.1AI score
Exploits0
Securelist
Securelist
added 2023/11/22 10:0 a.m.31 views

HrServ – Previously unknown web shell used in APT attack

Introduction In the course of our routine investigation, we discovered a DLL file, identified as hrserv.dll, which is a previously unknown web shell exhibiting sophisticated features such as custom encoding methods for client communication and in-memory execution. Our analysis of the sample led t...

8.1AI score
Exploits0
Securelist
Securelist
added 2022/12/02 8:0 a.m.31 views

Indicators of compromise (IOCs): how we collect and use them

It would hardly be an exaggeration to say that the phrase "indicators of compromise" or IOCs can be found in every report published on the Securelist. Usually after the phrase there are MD5 hashes1, IP addresses and other technical data that should help information security specialists to counter...

7AI score
Exploits0
Securelist
Securelist
added 2021/09/27 10:0 a.m.31 views

BloodyStealer and gaming assets for sale

Earlier this year, we covered the threats related to gaming, and looked at the changes from 2020 and the first half of 2021 in mobile and PC games as well as various phishing schemes that capitalize on video games. Many of the threats faced by gamers are associated with loss of personal data, and...

6.9AI score
Exploits0
Securelist
Securelist
added 2020/06/17 10:0 a.m.31 views

Do cybercriminals play cyber games during quarantine?

Thanks to the coronavirus pandemic, the role of the Internet in our lives has undergone changes, including irreversible ones. Some of these changes are definitely for the better, some are not very good, but almost all of them in some way affect digital security issues. We decided to take a closer...

0.1AI score
Exploits0
Securelist
Securelist
added 2018/08/28 10:0 a.m.31 views

The rise of mobile banker Asacub

We encountered the Trojan-Banker.AndroidOS.Asacub family for the first time in 2015, when the first versions of the malware were detected, analyzed, and found to be more adept at spying than stealing funds. The Trojan has evolved since then, aided by a large-scale distribution campaign by its...

7.6AI score
Exploits0
Securelist
Securelist
added 2017/11/15 10:2 a.m.31 views

Threat Predictions for Financial Services and Fraud in 2018

The landscape in 2017 In 2017 we've seen fraud attacks in financial services become increasingly account-centric. Customer data is a key enabler for large-scale fraud attacks and the frequency of data breaches among other successful attack types has provided cybercriminals with valuable sources o...

6.9AI score
Exploits0
Securelist
Securelist
added 2026/06/03 9:0 a.m.30 views

Argamal: Malware hidden in hentai games

In April 2026, we discovered a new malware campaign targeting players of "hentai" games. Once launched, the infected games install a previously unknown malicious implant on the user's machine. After a few days, the implant downloads and executes a Trojan, resulting in full system compromise and...

6.1AI score
Exploits0
Securelist
Securelist
added 2025/03/13 10:0 a.m.30 views

Head Mare and Twelve join forces to attack Russian entities

Introduction In September 2024, a series of attacks targeted Russian companies, revealing indicators of compromise and tactics associated with two hacktivist groups: Head Mare and Twelve. Our investigation showed that Head Mare relied heavily on tools previously associated with Twelve...

9.1CVSS8.6AI score0.99999EPSS
Exploits112
Securelist
Securelist
added 2024/12/19 12:0 p.m.30 views

Attackers exploiting a patched FortiClient EMS vulnerability in the wild

Introduction During a recent incident response, Kaspersky's GERT team identified a set of TTPs and indicators linked to an attacker that infiltrated a company's networks by targeting a Fortinet vulnerability for which a patch was already available. This vulnerability is an improper filtering of S...

9.8CVSS10AI score0.97591EPSS
Exploits4
Securelist
Securelist
added 2024/06/13 10:0 a.m.30 views

Cinterion EHS5 3G UMTS/HSPA Module Research

Modems play an important role in enabling connectivity for a wide range of devices. This includes not only traditional mobile devices and household appliances, but also telecommunication systems in vehicles, ATMs and Automated Process Control Systems APCS. When integrating the modem, many product...

6.4CVSS8.2AI score0.00786EPSS
Exploits0
Securelist
Securelist
added 2024/05/06 10:0 a.m.30 views

Financial cyberthreats in 2023

Money is what always attracts cybercriminals. A significant share of scam, phishing and malware attacks is about money. With trillions of dollars of digital payments made every year, it is no wonder that attackers target electronic wallets, online shopping accounts and other financial assets,...

7.3AI score
Exploits0
Securelist
Securelist
added 2023/10/26 10:30 a.m.30 views

How to catch a wild triangle

In the beginning of 2023, thanks to our Kaspersky Unified Monitoring and Analysis Platform KUMA SIEM system, we noticed suspicious network activity that turned out to be an ongoing attack targeting the iPhones and iPads of our colleagues. The moment we understood that there was a clear pattern in...

7.3AI score
Exploits0
Securelist
Securelist
added 2023/10/19 10:0 a.m.30 views

Money-making scripts attack organizations

In April of this year, the FBI published an advisory on attacks targeting government, law enforcement, and non-profit organizations. Attackers download scripts onto victims devices, delivering several types of malware all at once. The main aim is to utilize company resources for mining, steal dat...

7.2AI score
Exploits0
Securelist
Securelist
added 2023/05/17 10:0 a.m.30 views

Minas – on the way to complexity

Sometimes when investigating an infection and focusing on a targeted attack, we come across something we were not expecting. The case described below is one such occurrence. In June 2022, we found a suspicious shellcode running in the memory of a system process. We decided to dig deeper and...

7.3AI score
Exploits0
Securelist
Securelist
added 2023/03/28 10:0 a.m.30 views

Copy-paste heist or clipboard-injector attacks on cryptousers

It is often the case that something new is just a reincarnation of something old. We have come across a series of clipboard injection attacks on cryptocurrency users, which emerged starting from September 2022. Although we have written about a similar malware attack in 2017 in one of our blogpost...

6.7AI score
Exploits0
Securelist
Securelist
added 2022/07/20 8:0 a.m.30 views

Luna and Black Basta — new ransomware for Windows, Linux and ESXi

Introduction In our crimeware reporting service, we analyze the latest crime-related trends we come across. If we look back at what we covered last month, we will see that ransomware surprise, surprise! definitely stands out. In this blog post, we provide several excerpts from last months reports...

Exploits0
Securelist
Securelist
added 2022/07/11 8:0 a.m.30 views

Text-based fraud: from 419 scams to vishing

E-mail scammers typically combine social engineering with technical skills to bypass spam filters and persuade the recipient to reply. But there is a specific class of attacks that is technically stuck somewhere in the late 90s/early 00s, in the era of CRT monitors and sluggish internet: we are...

0.3AI score
Exploits0
Securelist
Securelist
added 2022/05/27 8:0 a.m.30 views

IT threat evolution in Q1 2022. Mobile statistics

IT threat evolution in Q1 2022 IT threat evolution in Q1 2022. Non-mobile statistics IT threat evolution in Q1 2022. Mobile statistics These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Quarterly figures Accordin...

7.4AI score
Exploits0
Securelist
Securelist
added 2021/10/12 9:0 a.m.30 views

SAS 2021: Operation Software Concepts

During the Operation Software Concepts: A Beautiful Envelope for Wrapping Weapon talk on SAS-at-Home 2021, Rintaro Koike, Shogo Hayashi and Ryuichi Tanabe from NTT Security Japan will cover a new APT campaign named Operation Software Concepts. They will share details about this multi-stage attack...

1.2AI score
Exploits0
Securelist
Securelist
added 2021/06/28 11:15 a.m.30 views

Detecting unknown threats: a honeypot how-to

Catching threats is tricky business, especially in todays threat landscape. To tackle this problem, for many years сybersecurity researchers have been using honeypots – a well-known deception technique in the industry. Dan Demeter, Senior Security Researcher with Kasperskys Global Research and...

0.2AI score
Exploits0
Securelist
Securelist
added 2020/06/22 10:0 a.m.30 views

Web skimming with Google Analytics

Web skimming is a common class of attacks generally aimed at online shoppers. The principle is quite simple: malicious code is injected into the compromised site, which collects and sends user-entered data to a cybercriminal resource. If the attack is successful, the cybercriminals gain access to...

0.5AI score
Exploits0
Securelist
Securelist
added 2020/06/19 10:0 a.m.30 views

Microcin is here

In February 2020, we observed a Trojan injected into the system process memory on a particular host. The target turned out to be a diplomatic entity. What initially attracted our attention was the enterprise-grade API-like application programming interface programming style. Such an approach is n...

7.4AI score
Exploits0
Securelist
Securelist
added 2018/07/25 10:0 a.m.30 views

A study of car sharing apps

The growing popularity of car sharing services has led some experts to predict an end to private car ownership in big cities. The statistics appear to back up this claim: for example, in 2017 Moscow saw the car sharing fleet, the number of active users and the number of trips they made almost...

Exploits0
Total number of security vulnerabilities1025