1025 matches found
Gaming-related cyberthreats in 2020 and 2021
The video game industry is soaring, not in the least thanks to the lockdowns, which forced people to look for new ways to entertain themselves and socialize. Even with things going back to normal, gaming is expected to have a very bright future. Newzoo estimates the industry to gross 175.8 billio...
IT threat evolution Q2 2021
Targeted attacks The leap of a Cycldek-related threat actor It is quite common for Chinese-speaking threat actors to share tools and methodologies: one such example is the infamous "DLL side-loading triad": a legitimate executable, a malicious DLL to be side-loaded by it and an encoded payload,...
IT threat evolution in Q2 2021. Mobile statistics
These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Quarterly figures In Q2 2021, according to data from Kaspersky Security Network: 14,465,672 malware, adware and riskware attacks were prevented. The largest shar...
IT threat evolution in Q2 2021. PC statistics
These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q2 2021: Kaspersky solutions blocked 1,686,025,551 attacks from online resources across the globe...
Spam and phishing in Q2 2021
Quarterly highlights The corporate sector In Q2 2021, corporate accounts continued to be one of the most tempting targets for cybercriminals. To add to the credibility of links in emails, scammers imitated mailings from popular cloud services. This technique has been used many times before. A fak...
APT trends report Q2 2021
For more than four years, the Global Research and Analysis Team GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat APT activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and...
DDoS attacks in Q2 2021
News overview In terms of big news, Q2 2021 was relatively calm, but not completely eventless. For example, April saw the active distribution of a new DDoS botnet called Simps — the name under which it introduced itself to owners of infected devices. The malware creators promoted their brainchild...
Managed Detection and Response in Q4 2020
Download full report PDF As cyberattacks become more sophisticated, and security solutions require more resources to analyze the huge amount of data gathered every day, many organizations feel the need for advanced security services that can deal with this growing complexity in real time, 24/7...
Arrests of members of Tetrade seed groups Grandoreiro and Melcoz
Spains Ministry of the Interior has announced the arrest of 16 individuals connected to the Grandoreiro and Melcoz also known as Mekotio cybercrime groups. Both are originally from Brazil and form part of the Tetrade umbrella, operating for a few years now in Latin America and Western Europe...
LuminousMoth APT: Sweeping attacks for the chosen few
APT actors are known for the frequently targeted nature of their attacks. Typically, they will handpick a set of targets that in turn are handled with almost surgical precision, with infection vectors, malicious implants and payloads being tailored to the victims identities or environment. Its no...
Quick look at CVE-2021-1675 & CVE-2021-34527 (aka PrintNightmare)
Summary Last week Microsoft warned Windows users about vulnerabilities in the Windows Print Spooler service – CVE-2021-1675 and CVE-2021-34527 also known as PrintNightmare. Both vulnerabilities can be used by an attacker with a regular user account to take control of a vulnerable server or client...
WildPressure targets the macOS platform
New findings Our previous story regarding WildPressure was dedicated to their campaign against industrial-related targets in the Middle East. By keeping track of their malware in spring 2021, we were able to find a newer version. It contains the C++ Milum Trojan, a corresponding VBScript variant...
REvil ransomware attack against MSPs and its clients around the world
An attack perpetrated by REvil aka Sodinokibi ransomware gang against Managed Service Providers MSPs and their clients was discovered on July 2. Some of the victims have reportedly been compromised through a popular MSP software which led to encryption of their customers. The total number of...
Do cybercriminals play cyber games in quarantine? A look one year later
Last year, we decided to take a look at how the pandemic influenced the gaming industry and what new threats gamers could be facing. What we found was that, with the transition to remote work and remote learning, the number of blocked attempts to visit malicious game-related websites or follow...
Remote dating: How do the apps safeguard our data?
The pandemic and the restrictions that came with it have led to an increase in the popularity of dating apps. For example, the total number of swipes on Tinder increased by 11% last year, with the daily number of swipes surpassing the 3 billion mark for the first time as early as March 2020. This...
Detecting unknown threats: a honeypot how-to
Catching threats is tricky business, especially in todays threat landscape. To tackle this problem, for many years сybersecurity researchers have been using honeypots – a well-known deception technique in the industry. Dan Demeter, Senior Security Researcher with Kasperskys Global Research and...
Malicious spam campaigns delivering banking Trojans
In mid-March 2021, we observed two new spam campaigns. The messages in both cases were written in English and contained ZIP attachments or links to ZIP files. Further research revealed that both campaigns ultimately aimed to distribute banking Trojans. The payload in most cases was IcedID...
How to confuse antimalware neural networks. Adversarial attacks and protection
Introduction Nowadays, cybersecurity companies implement a variety of methods to discover new, previously unknown malware files. Machine learning ML is a powerful and widely used approach for this task. At Kaspersky we have a number of complex ML models based on different file features, including...
Behind the scenes with the head of Kaspersky’s GReAT
Costin Raiu has been with Kaspersky since 2000, initially as the Chief Security Expert overseeing research efforts in the EEMEA region. In 2010, he became Director of our Global Research and Analysis Team GReAT. During his tenure at Kaspersky, he has spearheaded the companys research on some of t...
Black Kingdom ransomware
Black Kingdom ransomware appeared on the scene back in 2019, but we observed some activity again in 2021. The ransomware was used by an unknown adversary for exploiting a Microsoft Exchange vulnerability CVE-2021-27065. The complexity and sophistication of the Black Kingdom family cannot bear a...
Ferocious Kitten: 6 years of covert surveillance in Iran
Ferocious Kitten is an APT group that since at least 2015 has been targeting Persian-speaking individuals who appear to be based in Iran. Although it has been active for a long time, the group has mostly operated under the radar and has not been covered by security researchers to the best of our...
Andariel evolves to target South Korea with ransomware
Executive summary In April 2021, we observed a suspicious Word document with a Korean file name and decoy. It revealed a novel infection scheme and an unfamiliar payload. While we were doing our research into these findings, Malwarebytes published a nice report with technical details about the sa...
PuzzleMaker attacks with Chrome zero-day exploit chain
On April 14-15, 2021, Kaspersky technologies detected a wave of highly targeted attacks against multiple companies. Closer analysis revealed that all these attacks exploited a chain of Google Chrome and Microsoft Windows zero-day exploits. While we were not able to retrieve the exploit used for...
Gootkit: the cautious Trojan
Gootkit is complex multi-stage banking malware that was discovered for the first time by Doctor Web in 2014. Initially it was distributed via spam and exploits kits such as Spelevo and RIG. In conjunction with spam campaigns, the adversaries later switched to compromised websites where the visito...
Email spoofing: how attackers impersonate legitimate senders
Introduction In a nutshell, email spoofing is the creation of fake emails that seem legitimate. This article analyzes the spoofing of email addresses through changing the From header, which provides information about the senders name and address. SMTP Simple Mail Transfer Protocol, the main email...
Kids on the Web in 2021: Infinite creativity
For over a year weve been living in a world gripped by the COVID-19 pandemic. Not only has the pandemic affected peoples lifestyles, it has also accelerated the development and implementation of technologies that make it easier for us to complete everyday and work-related tasks. We no longer need...
IT threat evolution Q1 2021
Targeted attacks Putting the A into APT In December, SolarWinds, a well-known IT managed services provider, fell victim to a sophisticated supply-chain attack. The companys Orion IT, a solution for monitoring and managing customers IT infrastructure, was compromised by threat actors. This resulte...
IT threat evolution Q1 2021. Mobile statistics
The statistics presented here draw on detection verdicts returned by Kaspersky products as provided by users who consented to share statistical data. Quarterly figures According to Kaspersky Security Network, in the first quarter: we detected 1,451,660 mobile installation packages, of which: 25,3...
IT threat evolution Q1 2021. Non-mobile statistics
These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data. Quarterly figures According to Kaspersky Security Network, in Q1 2021: Kaspersky solutions blocked 2,023,556,082 attacks launched from online resources across the...
Kaspersky Security Bulletin 2020-2021. EU statistics
All statistics in this report are from the global cloud service Kaspersky Security Network KSN, which receives information from components in our security solutions. The data was obtained from users who have given their consent to it being sent to KSN. Millions of Kaspersky users around the globe...
Evolution of JSWorm ransomware
Introduction Over the past few years, the ransomware threat landscape has been gradually changing. We have been witness to a paradigm shift. From the massive outbreaks of 2017, such as WannaCry, NotPetya, and Bad Rabbit, a lot of ransomware actors have moved to the covert but highly profitable...
Bizarro banking Trojan expands its attacks to Europe
Bizarro is yet another banking Trojan family originating from Brazil that is now found in other regions of the world. We have seen users being targeted in Spain, Portugal, France and Italy. Attempts have now been made to steal credentials from customers of 70 banks from different European and Sou...
Ransomware world in 2021: who, how and why
As the world marks the second Anti-Ransomware Day, theres no way to deny it: ransomware has become the buzzword in the security community. And not without good reason. The threat may have been around a long time, but its changed. Year after year, the attackers have grown bolder, methodologies hav...
DDoS attacks in Q1 2021
News overview Q1 2021 saw the appearance of two new botnets. News broke in January of the FreakOut malware, which attacks Linux devices. Cybercriminals exploited several critical vulnerabilities in programs installed on victim devices, including the newly discovered CVE-2021-3007. Botnet operator...
Operation TunnelSnake
Windows rootkits, especially those operating in kernel space, are pieces of malware infamous for their near absolute power in the operating system. Usually deployed as drivers, such implants have high privileges in the system, allowing them to intercept and potentially tamper with core I/O...
Spam and phishing in Q1 2021
Quarterly highlights Banking phishing: new version of an old scheme In Q1 2021, new banking scams appeared alongside ones that are more traditional. Clients of several Dutch banks faced a phishing attack using QR codes. The fraudsters invited the victim to scan a QR code in an email, ostensibly t...
APT trends report Q1 2021
For four years, the Global Research and Analysis Team GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat APT activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in...
Ransomware by the numbers: Reassessing the threat’s global impact
Kaspersky has been following the ransomware landscape for years. In the past, weve published yearly reports on the subject: PC ransomware in 2014-2016, Ransomware in 2016-2017, and Ransomware and malicious crypto miners in 2016-2018. In fact, in 2019, we chose ransomware as the story of the year,...
Targeted Malware Reverse Engineering Workshop follow-up. Part 2
If you have read our previous blogpost "Targeted Malware Reverse Engineering Workshop follow-up. Part 1", you probably know about the webinar we conducted on April 8, 2021, with Kaspersky GReATs Ivan Kwiatkowski and Denis Legezo, to share best practices in reverse engineering and demonstrate...
Targeted Malware Reverse Engineering Workshop follow-up. Part 1
On April 8, 2021, we conducted a webinar with Ivan Kwiatkowski and Denis Legezo, Senior Security Researchers from our Global Research & Analysis Team GReAT, who gave live workshops on practical disassembling, decrypting and deobfuscating authentic malware cases, moderated by GReATs own Dan Demete...
Zero-day vulnerability in Desktop Window Manager (CVE-2021-28310) used in the wild
While analyzing the CVE-2021-1732 exploit originally discovered by the DBAPPSecurity Threat Intelligence Center and used by the BITTER APT group, we discovered another zero-day exploit we believe is linked to the same actor. We reported this new exploit to Microsoft in February and after...
Malicious code in APKPure app
Recently, weve found malicious code in version 3.17.18 of the official client of the APKPure app store. The app is not on Google Play, but it is itself a quite a popular app store around the world. Most likely, its infection is a repeat of the CamScanner incident, when the developer implemented a...
The leap of a Cycldek-related threat actor
Introduction In the nebula of Chinese-speaking threat actors, it is quite common to see tools and methodologies being shared. One such example of this is the infamous "DLL side-loading triad": a legitimate executable, a malicious DLL to be sideloaded by it, and an encoded payload, generally dropp...
Browser lockers: extortion disguised as a fine
Browser lockers aka browlocks are a class of online threats that prevent the victim from using the browser and demand a ransom. A locker is a fake page that dupes the user, under a fictitious pretext loss of data, legal liability, etc., into making a call or a money transfer, or giving out paymen...
Financial Cyberthreats in 2020
2020 was challenging for everyone: companies, regulators, individuals. Due to the limitations imposed by the epidemiological situation, particular categories of users and businesses were increasingly targeted by cybercriminals. While we were adjusting to remote work and the rest of the new...
APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign
Why is the campaign called A41APT? In 2019, we observed an APT campaign targeting multiple industries, including the Japanese manufacturing industry and its overseas operations, that was designed to steal information. We named the campaign A41APT not APT41 which is derived from the host name...
Doxing in the corporate sector
Introduction Doxing refers to the collection of confidential information about a person without their consent for the purpose of inflicting harm on that person or to otherwise gain some benefit from gathering or disclosing such information. Normally, doxing involves a threat to specific people,...
Threat landscape for industrial automation systems. Statistics for H2 2020
Figures Indicator | H1 2020 | H2 2020 | 2020 ---|---|---|--- Global percentage of attacked ICS computers | 32.6% | 33.42% | 38.55% Percentage of attacked ICS computers by region Northern Europe | 10.1% | 11.5% | 12.3% Western Europe | 15.1% | 14.8% | 17.6% Australia | 16.3% | 17.0% | 18.9% United...
Convuster: macOS adware now in Rust
Introduction Traditionally, most malicious objects detected on the macOS platform are adware: besides the already familiar Shlayer family, the TOP 10 includes Bnodlero, Cimpli, Adload and Pirrit adware. As a rule, most tend to be written in C, Objective-C or Swift. Recently, however, cybercrimina...
COVID-19: Examining the threat landscape a year later
A year ago — everything changed. In an effort to stem the tide of a rapidly spreading pandemic, the world shut down. Shops were forced to shut their doors, and whole countries were placed on stringent lockdowns. Schools were closed around the world, with more than one billion children affected, a...