1025 matches found
An overview of targeted attacks and APTs on Linux
Perhaps unsurprisingly, a lot has been written about targeted attacks on Windows systems. Windows is, due to its popularity, the platform for which we discover most APT attack tools. At the same time, theres a widely held opinion that Linux is a secure-by-default operating system that isnt...
Digital Education: The cyberrisks of the online classroom
This past spring, as the COVID-19 pandemic took hold, online learning became the new norm as universities and classrooms around the world were forced to close their doors. By April 29, 2020, more than 1.2 billion children across 186 countries were impacted by school closures. Shortly after school...
IT threat evolution Q2 2020. Mobile statistics
IT threat evolution Q2 2020. Review IT threat evolution Q2 2020. PC statistics These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data. Quarterly figures According to Kaspersky Security Network, the second quarter saw:...
IT threat evolution Q2 2020. PC statistics
IT threat evolution Q2 2020. Review IT threat evolution Q2 2020. Mobile statistics These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data. Quarterly figures According to Kaspersky Security Network, in Q2: Kaspersky...
IT threat evolution Q2 2020
IT threat evolution Q2 2020. PC statistics IT threat evolution Q2 2020. Mobile statistics Targeted attacks PhantomLance: hiding in plain sight In April, we reported the results of our investigation into a mobile spyware campaign that we call PhantomLance. The campaign involved a backdoor Trojan...
Operation PowerFall: CVE-2020-0986 and variants
In August 2020, we published a blog post about Operation PowerFall. This targeted attack consisted of two zero-day exploits: a remote code execution exploit for Internet Explorer 11 and an elevation of privilege exploit targeting the latest builds of Windows 10. While we already described the...
Transparent Tribe: Evolution analysis, part 2
Background + Key findings Transparent Tribe, also known as PROJECTM or MYTHIC LEOPARD, is a highly prolific group whose activities can be traced as far back as 2013. In the last four years, this APT group has never taken time off. They continue to hit their targets, which typically are Indian...
Lifting the veil on DeathStalker, a mercenary triumvirate
State-sponsored threat actors and sophisticated attacks are often in the spotlight. Indeed, their innovative techniques, advanced malware platforms and 0-day exploit chains capture our collective imagination. Yet these groups still arent likely to be a part of the risk model at most companies, no...
Transparent Tribe: Evolution analysis,part 1
Background and key findings Transparent Tribe, also known as PROJECTM and MYTHIC LEOPARD, is a highly prolific group whose activities can be traced as far back as 2013. Proofpoint published a very good article about them in 2016, and since that day, we have kept an eye on the group. We have...
CactusPete APT group’s updated Bisonal backdoor
CactusPete also known as Karma Panda or Tonto Team is an APT group that has been publicly known since at least 2013. Some of the groups activities have been previously described in public by multiple sources. We have been investigating and privately reporting on this groups activity for years as...
Internet Explorer and Windows zero-day exploits used in Operation PowerFall
Executive summary In May 2020, Kaspersky technologies prevented an attack on a South Korean company by a malicious script for Internet Explorer. Closer analysis revealed that the attack used a previously unknown full chain that consisted of two zero-day exploits: a remote code execution exploit f...
DDoS attacks in Q2 2020
News overview Not just one but two new DDoS amplification methods were discovered last quarter. In mid-May, Israeli researchers reported a new DNS server vulnerability that lurks in the DNS delegation process. The vulnerability exploitation scheme was dubbed "NXNSAttack". The hacker sends to a...
Spam and phishing in Q2 2020
Quarterly highlights Targeted attacks The second quarter often saw phishers resort to targeted attacks, especially against fairly small companies. To attract attention, scammers imitated email messages and websites of companies whose products or services their potential victims could be using. Th...
Incident Response Analyst Report 2019
Download full report PDF As an incident response service provider, Kaspersky delivers a global service that results in global visibility of adversaries cyber-incident tactics and techniques used in the wild. In this report, we share our teams conclusions and analysis based on incident responses a...
WastedLocker: technical analysis
The use of crypto-ransomware in targeted attacks has become an ordinary occurrence lately: new incidents are being reported every month, sometimes even more often. On July 23, Garmin, a major manufacturer of navigation equipment and smart devices, including smart watches and bracelets, experience...
APT trends report Q2 2020
For more than three years, the Global Research and Analysis Team GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat APT activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and...
Lazarus on the hunt for big game
We may only be six months in, but theres little doubt that 2020 will go down in history as a rather unpleasant year. In the field of cybersecurity, the collective hurt mostly crystallized around the increasing prevalence of targeted ransomware attacks. By investigating a number of these incidents...
MATA: Multi-platform targeted malware framework
As the IT and OT environment becomes more complex, adversaries are quick to adapt their attack strategy. For example, as users work environments diversify, adversaries are busy acquiring the TTPs to infiltrate systems. Recently, we reported to our Threat Intelligence Portal customers a similar...
GReAT thoughts: Awesome IDA Pro plugins
The Global Research & Analysis Team here at Kaspersky has a tradition of meeting up once a month and sharing cutting-edge research, interesting techniques and useful tools. We recently took the unprecedented decision to make our internal meetings public for a few months and present them as a seri...
The Streaming Wars: A Cybercriminal’s Perspective
Cyberthreats are not relegated to the world of big businesses and large-scale campaigns. The most frequent attacks are not APTs and massive data breaches: they are the daily encounters with malware and spam by common users. And, one of the areas where we are most vulnerable is...
GReAT Ideas follow-up
On June 17, we hosted our first "GReAT Ideas. Powered by SAS" session, in which several experts from our Global Research and Analysis Team shared insights into APTs and threat actors, attribution, and hunting IoT threats. Here is a brief summary of the agenda from that webinar: Linking attacks to...
The Tetrade: Brazilian banking malware goes global
Introduction Brazil is a well-known country with plenty of banking trojans developed by local crooks. The Brazilian criminal underground is home to some of the worlds busiest and most creative perpetrators of cybercrime. Like their counterparts in China and Russia, their cyberattacks have a stron...
Redirect auction
Weve already looked at links under old YouTube videos or in Wikipedia articles which at some point turned bad and began pointing to partner program pages, phishing sites, or even malware. It was as if the attackers were purposely buying up domains, but such a scenario always seemed to us too...
Pig in a poke: smartphone adware
Our support team continues to receive more and more requests from users complaining about intrusive ads on their smartphones from unknown sources. In some cases, the solution is quite simple. In others, the task is far harder: the adware plants itself in the system partition, and trying to get ri...
Magnitude exploit kit – evolution
Exploit kits are not as widespread as they used to be. In the past, they relied on the use of already patched vulnerabilities. Newer and more secure web browsers with automatic updates simply do not allow known vulnerabilities to be exploited. It was very different back in the heyday of Adobe Fla...
Oh, what a boot-iful mornin’
In mid-April, our threat monitoring systems detected malicious files being distributed under the name "on the new initiative of the World Bank in connection with the coronavirus pandemic" in Russian with the extension EXE or RAR. Inside the files was the well-known Rovnix bootkit. There is nothin...
Web skimming with Google Analytics
Web skimming is a common class of attacks generally aimed at online shoppers. The principle is quite simple: malicious code is injected into the compromised site, which collects and sends user-entered data to a cybercriminal resource. If the attack is successful, the cybercriminals gain access to...
Microcin is here
In February 2020, we observed a Trojan injected into the system process memory on a particular host. The target turned out to be a diplomatic entity. What initially attracted our attention was the enterprise-grade API-like application programming interface programming style. Such an approach is n...
Do cybercriminals play cyber games during quarantine?
Thanks to the coronavirus pandemic, the role of the Internet in our lives has undergone changes, including irreversible ones. Some of these changes are definitely for the better, some are not very good, but almost all of them in some way affect digital security issues. We decided to take a closer...
Explicit content and cyberthreats: 2019 report
'Stay at home' is the new motto for 2020 and it has entailed many changes to our daily lives, most importantly, in terms of our digital content consumption. With users opting to entertain themselves online, malicious activity has grown. Over the past two years we have reviewed how adult content h...
Looking at Big Threats Using Code Similarity. Part 1
Today, we are announcing the release of KTAE, the Kaspersky Threat Attribution Engine. This code attribution technology, developed initially for internal use by the Kaspersky Global Research and Analysis Team, is now being made available to a wider audience. You can read more about KTAE in our...
Cycldek: Bridging the (air) gap
Key findings While investigating attacks related to a group named Cycldek post 2018, we were able to uncover various pieces of information on its activities that were not known thus far. In this blog post we aim to bridge the knowledge gap on this group and provide a more thorough insight into it...
Kids on the Web in 2020
Technology is what is saving us from a complete change in the way of life in a world of a raging pandemic. It keeps the educational process going, relieves the shortage of human communication and helps us to live life as fully as possible given the isolation and social distancing. Many adults, an...
The zero-day exploits of Operation WizardOpium
Back in October 2019 we detected a classic watering-hole attack on a North Korea-related news site that exploited a chain of Google Chrome and Microsoft Windows zero-days. While we've already published blog posts briefly describing this operation available here and here, in this blog post we'd li...
Spam and phishing in Q1 2020
Quarterly highlights Don't get burned Burning Man is one of the most eagerly awaited events among fans of spectacular performance and installation art. The main obstacle to attending is the price of admission: a standard ticket will set you back $475, the number is limited, and the buying process...
Aggressive in-app advertising in Android
Recently, we've been noticing ever more dubious advertising libraries in popular apps on Google Play. The monetization methods used in such SDKs can pose a threat to users, yet they pull in more revenue for developers than whitelisted ad modules due to the greater number of views. In this post we...
IT threat evolution Q1 2020
Targeted attacks and malware campaigns Operation AppleJeus: the sequel In 2018, we published a report on Operation AppleJeus, one of the more notable campaigns of the threat actor Lazarus, currently one of the most active and prolific APT groups. One notable feature of this campaign was that it...
IT threat evolution Q1 2020. Statistics
These statistics are based on detection verdicts for Kaspersky products received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, Kaspersky solutions blocked 726,536,269 attacks launched from online resources in 203 countries acros...
Verizon’s 2020 DBIR
Verizon's 2020 DBIR is out, you can download a copy or peruse their publication online. Kaspersky was a contributor once again, and we are happy to provide generalized incident data from our unique and objective research. We have contributed to this project and others like it for years now. This...
Cyberthreats on lockdown
Every year, our anti-malware research team releases a series of reports on various cyberthreats: financial malware, web attacks, exploits, etc. As we monitor the increase, or decrease, in the number of certain threats, we do not usually associate these changes with concurrent world events – unles...
COMpfun authors spoof visa application with HTTP status-based Trojan
You may remember that in autumn 2019 we published a story about how a COMpfun successor known as Reductor infected files on the fly to compromise TLS traffic. If you're wondering whether the actor behind the malware is still developing new features, the answer is yes. Later in November 2019 our...
Naikon’s Aria
Our colleagues at Checkpoint put together a fine research writeup on some Naikon resources and activity related to "aria-body" that we detected in 2017 and similarly reported in 2018. To supplement their research findings, we are summarizing and publishing portions of the findings reported in our...
DDoS attacks in Q1 2020
News overview Since the beginning of 2020, due to the COVID-2019 pandemic, life has shifted almost entirely to the Web — people worldwide are now working, studying, shopping, and having fun online like never before. This is reflected in the goals of recent DDoS attacks, with the most targeted...
APT trends report Q1 2020
For more than two years, the Global Research and Analysis Team GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat APT activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and...
Remote spring: the rise of RDP bruteforce attacks
With the spread of COVID-19, organizations worldwide have introduced remote working, which is having a direct impact on cybersecurity and the threat landscape. Alongside the higher volume of corporate traffic, the use of third-party services for data exchange, and employees working on home...
Hiding in plain sight: PhantomLance walks into a market
In July 2019, Dr. Web reported about a backdoor trojan in Google Play, which appeared to be sophisticated and unlike common malware often uploaded for stealing victims' money or displaying ads. So, we conducted an inquiry of our own, discovering a long-term campaign, which we dubbed "PhantomLance...
A look at the ATM/PoS malware landscape from 2017-2019
From remote administration and jackpotting, to malware sold on the Darknet, attacks against ATMs have a long and storied history. And, much like other areas of cybercrime, attackers only refine and grow their skillset for infecting ATM systems from year-to-year. So what does the ATM landscape loo...
What does it take to become a good reverse engineer?
How much money and effort does it take to become a good reverse engineer? Do you even need to be one? There are no universally acceptable answers to these questions. Software reverse engineering RE is not a science but a skillset combined with specific knowledge and backed by a lot of experience...
SAS, sweet SAS
As you may already know from our social network posts, we have rescheduled the SAS 2020 conference for November 18-21 due to the COVID-19 pandemic and to ensure your safety. Though we still think that Barcelona is a great place to meet and it will not be a "real" SAS if we cannot hug, shake hands...
Financial Cyberthreats in 2019
Methodology Financial cyberthreats are malicious programs that target users of services such as online banking, e-money, and cryptocurrency, or that attempt to gain access to financial organizations and their infrastructure. These threats are usually accompanied by spam and phishing activities,...