Lucene search
K
SecurelistRecent

1025 matches found

Securelist
Securelist
added 2020/09/10 10:0 a.m.354 views

An overview of targeted attacks and APTs on Linux

Perhaps unsurprisingly, a lot has been written about targeted attacks on Windows systems. Windows is, due to its popularity, the platform for which we discover most APT attack tools. At the same time, theres a widely held opinion that Linux is a secure-by-default operating system that isnt...

10CVSS0.99344EPSS
Exploits6
Securelist
Securelist
added 2020/09/04 10:0 a.m.72 views

Digital Education: The cyberrisks of the online classroom

This past spring, as the COVID-19 pandemic took hold, online learning became the new norm as universities and classrooms around the world were forced to close their doors. By April 29, 2020, more than 1.2 billion children across 186 countries were impacted by school closures. Shortly after school...

7.7AI score
Exploits0
Securelist
Securelist
added 2020/09/03 11:0 a.m.32 views

IT threat evolution Q2 2020. Mobile statistics

IT threat evolution Q2 2020. Review IT threat evolution Q2 2020. PC statistics These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data. Quarterly figures According to Kaspersky Security Network, the second quarter saw:...

0.9AI score
Exploits0
Securelist
Securelist
added 2020/09/03 10:30 a.m.1393 views

IT threat evolution Q2 2020. PC statistics

IT threat evolution Q2 2020. Review IT threat evolution Q2 2020. Mobile statistics These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data. Quarterly figures According to Kaspersky Security Network, in Q2: Kaspersky...

9.3CVSS9.2AI score0.99945EPSS
Exploits215
Securelist
Securelist
added 2020/09/03 10:0 a.m.152 views

IT threat evolution Q2 2020

IT threat evolution Q2 2020. PC statistics IT threat evolution Q2 2020. Mobile statistics Targeted attacks PhantomLance: hiding in plain sight In April, we reported the results of our investigation into a mobile spyware campaign that we call PhantomLance. The campaign involved a backdoor Trojan...

7.6CVSS0.87814EPSS
Exploits29
Securelist
Securelist
added 2020/09/02 10:0 a.m.306 views

Operation PowerFall: CVE-2020-0986 and variants

In August 2020, we published a blog post about Operation PowerFall. This targeted attack consisted of two zero-day exploits: a remote code execution exploit for Internet Explorer 11 and an elevation of privilege exploit targeting the latest builds of Windows 10. While we already described the...

7.2CVSS8.7AI score0.15932EPSS
Exploits0
Securelist
Securelist
added 2020/08/26 10:0 a.m.18 views

Transparent Tribe: Evolution analysis, part 2

Background + Key findings Transparent Tribe, also known as PROJECTM or MYTHIC LEOPARD, is a highly prolific group whose activities can be traced as far back as 2013. In the last four years, this APT group has never taken time off. They continue to hit their targets, which typically are Indian...

7.3AI score
Exploits0
Securelist
Securelist
added 2020/08/24 10:0 a.m.54 views

Lifting the veil on DeathStalker, a mercenary triumvirate

State-sponsored threat actors and sophisticated attacks are often in the spotlight. Indeed, their innovative techniques, advanced malware platforms and 0-day exploit chains capture our collective imagination. Yet these groups still arent likely to be a part of the risk model at most companies, no...

0.1AI score
Exploits0
Securelist
Securelist
added 2020/08/20 10:0 a.m.38 views

Transparent Tribe: Evolution analysis,part 1

Background and key findings Transparent Tribe, also known as PROJECTM and MYTHIC LEOPARD, is a highly prolific group whose activities can be traced as far back as 2013. Proofpoint published a very good article about them in 2016, and since that day, we have kept an eye on the group. We have...

0.3AI score
Exploits0
Securelist
Securelist
added 2020/08/13 10:0 a.m.656 views

CactusPete APT group’s updated Bisonal backdoor

CactusPete also known as Karma Panda or Tonto Team is an APT group that has been publicly known since at least 2013. Some of the groups activities have been previously described in public by multiple sources. We have been investigating and privately reporting on this groups activity for years as...

7.6CVSS0.87814EPSS
Exploits9
Securelist
Securelist
added 2020/08/12 7:0 a.m.866 views

Internet Explorer and Windows zero-day exploits used in Operation PowerFall

Executive summary In May 2020, Kaspersky technologies prevented an attack on a South Korean company by a malicious script for Internet Explorer. Closer analysis revealed that the attack used a previously unknown full chain that consisted of two zero-day exploits: a remote code execution exploit f...

7.6CVSS8.5AI score0.86863EPSS
Exploits20
Securelist
Securelist
added 2020/08/10 10:0 a.m.50 views

DDoS attacks in Q2 2020

News overview Not just one but two new DDoS amplification methods were discovered last quarter. In mid-May, Israeli researchers reported a new DNS server vulnerability that lurks in the DNS delegation process. The vulnerability exploitation scheme was dubbed "NXNSAttack". The hacker sends to a...

6.8AI score
Exploits0
Securelist
Securelist
added 2020/08/07 10:0 a.m.119 views

Spam and phishing in Q2 2020

Quarterly highlights Targeted attacks The second quarter often saw phishers resort to targeted attacks, especially against fairly small companies. To attract attention, scammers imitated email messages and websites of companies whose products or services their potential victims could be using. Th...

9.3CVSS8.5AI score0.99945EPSS
Exploits33
Securelist
Securelist
added 2020/08/06 10:0 a.m.133 views

Incident Response Analyst Report 2019

Download full report PDF As an incident response service provider, Kaspersky delivers a global service that results in global visibility of adversaries cyber-incident tactics and techniques used in the wild. In this report, we share our teams conclusions and analysis based on incident responses a...

10CVSS1.1AI score0.99999EPSS
Exploits265
Securelist
Securelist
added 2020/07/31 11:0 a.m.165 views

WastedLocker: technical analysis

The use of crypto-ransomware in targeted attacks has become an ordinary occurrence lately: new incidents are being reported every month, sometimes even more often. On July 23, Garmin, a major manufacturer of navigation equipment and smart devices, including smart watches and bracelets, experience...

Exploits0
Securelist
Securelist
added 2020/07/29 10:0 a.m.1281 views

APT trends report Q2 2020

For more than three years, the Global Research and Analysis Team GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat APT activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and...

9CVSS0.99965EPSS
Exploits65
Securelist
Securelist
added 2020/07/28 10:0 a.m.36 views

Lazarus on the hunt for big game

We may only be six months in, but theres little doubt that 2020 will go down in history as a rather unpleasant year. In the field of cybersecurity, the collective hurt mostly crystallized around the increasing prevalence of targeted ransomware attacks. By investigating a number of these incidents...

7.2AI score
Exploits0
Securelist
Securelist
added 2020/07/22 10:0 a.m.1018 views

MATA: Multi-platform targeted malware framework

As the IT and OT environment becomes more complex, adversaries are quick to adapt their attack strategy. For example, as users work environments diversify, adversaries are busy acquiring the TTPs to infiltrate systems. Recently, we reported to our Threat Intelligence Portal customers a similar...

10CVSS9.4AI score0.99913EPSS
Exploits20
Securelist
Securelist
added 2020/07/21 10:0 a.m.24 views

GReAT thoughts: Awesome IDA Pro plugins

The Global Research & Analysis Team here at Kaspersky has a tradition of meeting up once a month and sharing cutting-edge research, interesting techniques and useful tools. We recently took the unprecedented decision to make our internal meetings public for a few months and present them as a seri...

7.1AI score
Exploits0
Securelist
Securelist
added 2020/07/16 10:0 a.m.46 views

The Streaming Wars: A Cybercriminal’s Perspective

Cyberthreats are not relegated to the world of big businesses and large-scale campaigns. The most frequent attacks are not APTs and massive data breaches: they are the daily encounters with malware and spam by common users. And, one of the areas where we are most vulnerable is...

6.8AI score
Exploits0
Securelist
Securelist
added 2020/07/15 10:0 a.m.96 views

GReAT Ideas follow-up

On June 17, we hosted our first "GReAT Ideas. Powered by SAS" session, in which several experts from our Global Research and Analysis Team shared insights into APTs and threat actors, attribution, and hunting IoT threats. Here is a brief summary of the agenda from that webinar: Linking attacks to...

9CVSS8.9AI score0.99965EPSS
Exploits30
Securelist
Securelist
added 2020/07/14 10:0 a.m.55 views

The Tetrade: Brazilian banking malware goes global

Introduction Brazil is a well-known country with plenty of banking trojans developed by local crooks. The Brazilian criminal underground is home to some of the worlds busiest and most creative perpetrators of cybercrime. Like their counterparts in China and Russia, their cyberattacks have a stron...

7.4AI score
Exploits0
Securelist
Securelist
added 2020/07/08 12:0 p.m.29 views

Redirect auction

Weve already looked at links under old YouTube videos or in Wikipedia articles which at some point turned bad and began pointing to partner program pages, phishing sites, or even malware. It was as if the attackers were purposely buying up domains, but such a scenario always seemed to us too...

7.3AI score
Exploits0
Securelist
Securelist
added 2020/07/06 10:0 a.m.59 views

Pig in a poke: smartphone adware

Our support team continues to receive more and more requests from users complaining about intrusive ads on their smartphones from unknown sources. In some cases, the solution is quite simple. In others, the task is far harder: the adware plants itself in the system partition, and trying to get ri...

0.3AI score
Exploits0
Securelist
Securelist
added 2020/06/24 10:0 a.m.878 views

Magnitude exploit kit – evolution

Exploit kits are not as widespread as they used to be. In the past, they relied on the use of already patched vulnerabilities. Newer and more secure web browsers with automatic updates simply do not allow known vulnerabilities to be exploited. It was very different back in the heyday of Adobe Fla...

7.6CVSS8.7AI score0.87814EPSS
Exploits31
Securelist
Securelist
added 2020/06/23 10:0 a.m.22 views

Oh, what a boot-iful mornin’

In mid-April, our threat monitoring systems detected malicious files being distributed under the name "on the new initiative of the World Bank in connection with the coronavirus pandemic" in Russian with the extension EXE or RAR. Inside the files was the well-known Rovnix bootkit. There is nothin...

7.7AI score
Exploits0
Securelist
Securelist
added 2020/06/22 10:0 a.m.30 views

Web skimming with Google Analytics

Web skimming is a common class of attacks generally aimed at online shoppers. The principle is quite simple: malicious code is injected into the compromised site, which collects and sends user-entered data to a cybercriminal resource. If the attack is successful, the cybercriminals gain access to...

0.5AI score
Exploits0
Securelist
Securelist
added 2020/06/19 10:0 a.m.30 views

Microcin is here

In February 2020, we observed a Trojan injected into the system process memory on a particular host. The target turned out to be a diplomatic entity. What initially attracted our attention was the enterprise-grade API-like application programming interface programming style. Such an approach is n...

7.4AI score
Exploits0
Securelist
Securelist
added 2020/06/17 10:0 a.m.31 views

Do cybercriminals play cyber games during quarantine?

Thanks to the coronavirus pandemic, the role of the Internet in our lives has undergone changes, including irreversible ones. Some of these changes are definitely for the better, some are not very good, but almost all of them in some way affect digital security issues. We decided to take a closer...

0.1AI score
Exploits0
Securelist
Securelist
added 2020/06/15 10:0 a.m.48 views

Explicit content and cyberthreats: 2019 report

'Stay at home' is the new motto for 2020 and it has entailed many changes to our daily lives, most importantly, in terms of our digital content consumption. With users opting to entertain themselves online, malicious activity has grown. Over the past two years we have reviewed how adult content h...

7.2AI score
Exploits0
Securelist
Securelist
added 2020/06/09 10:0 a.m.73 views

Looking at Big Threats Using Code Similarity. Part 1

Today, we are announcing the release of KTAE, the Kaspersky Threat Attribution Engine. This code attribution technology, developed initially for internal use by the Kaspersky Global Research and Analysis Team, is now being made available to a wider audience. You can read more about KTAE in our...

6.9AI score
Exploits0
Securelist
Securelist
added 2020/06/03 10:0 a.m.957 views

Cycldek: Bridging the (air) gap

Key findings While investigating attacks related to a group named Cycldek post 2018, we were able to uncover various pieces of information on its activities that were not known thus far. In this blog post we aim to bridge the knowledge gap on this group and provide a more thorough insight into it...

9.3CVSS0.99966EPSS
Exploits48
Securelist
Securelist
added 2020/06/03 10:0 a.m.58 views

Kids on the Web in 2020

Technology is what is saving us from a complete change in the way of life in a world of a raging pandemic. It keeps the educational process going, relieves the shortage of human communication and helps us to live life as fully as possible given the isolation and social distancing. Many adults, an...

0.7AI score
Exploits0
Securelist
Securelist
added 2020/05/28 10:0 a.m.1798 views

The zero-day exploits of Operation WizardOpium

Back in October 2019 we detected a classic watering-hole attack on a North Korea-related news site that exploited a chain of Google Chrome and Microsoft Windows zero-days. While we've already published blog posts briefly describing this operation available here and here, in this blog post we'd li...

7.2CVSS8.8AI score0.80968EPSS
Exploits43
Securelist
Securelist
added 2020/05/26 10:0 a.m.110 views

Spam and phishing in Q1 2020

Quarterly highlights Don't get burned Burning Man is one of the most eagerly awaited events among fans of spectacular performance and installation art. The main obstacle to attending is the price of admission: a standard ticket will set you back $475, the number is limited, and the buying process...

9.3CVSS0.2AI score0.99945EPSS
Exploits33
Securelist
Securelist
added 2020/05/25 10:0 a.m.57 views

Aggressive in-app advertising in Android

Recently, we've been noticing ever more dubious advertising libraries in popular apps on Google Play. The monetization methods used in such SDKs can pose a threat to users, yet they pull in more revenue for developers than whitelisted ad modules due to the greater number of views. In this post we...

7.1AI score
Exploits0
Securelist
Securelist
added 2020/05/20 10:0 a.m.134 views

IT threat evolution Q1 2020

Targeted attacks and malware campaigns Operation AppleJeus: the sequel In 2018, we published a report on Operation AppleJeus, one of the more notable campaigns of the threat actor Lazarus, currently one of the most active and prolific APT groups. One notable feature of this campaign was that it...

6.9AI score
Exploits0
Securelist
Securelist
added 2020/05/20 10:0 a.m.1332 views

IT threat evolution Q1 2020. Statistics

These statistics are based on detection verdicts for Kaspersky products received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, Kaspersky solutions blocked 726,536,269 attacks launched from online resources in 203 countries acros...

10CVSS0.5AI score0.99965EPSS
Exploits267
Securelist
Securelist
added 2020/05/19 4:50 p.m.32 views

Verizon’s 2020 DBIR

Verizon's 2020 DBIR is out, you can download a copy or peruse their publication online. Kaspersky was a contributor once again, and we are happy to provide generalized incident data from our unique and objective research. We have contributed to this project and others like it for years now. This...

1.4AI score
Exploits0
Securelist
Securelist
added 2020/05/14 12:0 p.m.41 views

Cyberthreats on lockdown

Every year, our anti-malware research team releases a series of reports on various cyberthreats: financial malware, web attacks, exploits, etc. As we monitor the increase, or decrease, in the number of certain threats, we do not usually associate these changes with concurrent world events – unles...

7.3AI score
Exploits0
Securelist
Securelist
added 2020/05/14 10:0 a.m.74 views

COMpfun authors spoof visa application with HTTP status-based Trojan

You may remember that in autumn 2019 we published a story about how a COMpfun successor known as Reductor infected files on the fly to compromise TLS traffic. If you're wondering whether the actor behind the malware is still developing new features, the answer is yes. Later in November 2019 our...

7.2AI score
Exploits0
Securelist
Securelist
added 2020/05/08 3:0 p.m.175 views

Naikon’s Aria

Our colleagues at Checkpoint put together a fine research writeup on some Naikon resources and activity related to "aria-body" that we detected in 2017 and similarly reported in 2018. To supplement their research findings, we are summarizing and publishing portions of the findings reported in our...

7AI score
Exploits0
Securelist
Securelist
added 2020/05/06 10:0 a.m.80 views

DDoS attacks in Q1 2020

News overview Since the beginning of 2020, due to the COVID-2019 pandemic, life has shifted almost entirely to the Web — people worldwide are now working, studying, shopping, and having fun online like never before. This is reflected in the goals of recent DDoS attacks, with the most targeted...

7.4AI score
Exploits0
Securelist
Securelist
added 2020/04/30 11:0 a.m.136 views

APT trends report Q1 2020

For more than two years, the Global Research and Analysis Team GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat APT activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and...

7.6CVSS9AI score0.52729EPSS
Exploits0
Securelist
Securelist
added 2020/04/29 10:0 a.m.71 views

Remote spring: the rise of RDP bruteforce attacks

With the spread of COVID-19, organizations worldwide have introduced remote working, which is having a direct impact on cybersecurity and the threat landscape. Alongside the higher volume of corporate traffic, the use of third-party services for data exchange, and employees working on home...

0.5AI score
Exploits0
Securelist
Securelist
added 2020/04/28 3:0 p.m.75 views

Hiding in plain sight: PhantomLance walks into a market

In July 2019, Dr. Web reported about a backdoor trojan in Google Play, which appeared to be sophisticated and unlike common malware often uploaded for stealing victims' money or displaying ads. So, we conducted an inquiry of our own, discovering a long-term campaign, which we dubbed "PhantomLance...

7AI score
Exploits0
Securelist
Securelist
added 2020/04/23 10:0 a.m.62 views

A look at the ATM/PoS malware landscape from 2017-2019

From remote administration and jackpotting, to malware sold on the Darknet, attacks against ATMs have a long and storied history. And, much like other areas of cybercrime, attackers only refine and grow their skillset for infecting ATM systems from year-to-year. So what does the ATM landscape loo...

0.9AI score
Exploits0
Securelist
Securelist
added 2020/04/22 10:0 a.m.39 views

What does it take to become a good reverse engineer?

How much money and effort does it take to become a good reverse engineer? Do you even need to be one? There are no universally acceptable answers to these questions. Software reverse engineering RE is not a science but a skillset combined with specific knowledge and backed by a lot of experience...

1AI score
Exploits0
Securelist
Securelist
added 2020/04/22 8:0 a.m.44 views

SAS, sweet SAS

As you may already know from our social network posts, we have rescheduled the SAS 2020 conference for November 18-21 due to the COVID-19 pandemic and to ensure your safety. Though we still think that Barcelona is a great place to meet and it will not be a "real" SAS if we cannot hug, shake hands...

7.1AI score
Exploits0
Securelist
Securelist
added 2020/04/16 10:0 a.m.50 views

Financial Cyberthreats in 2019

Methodology Financial cyberthreats are malicious programs that target users of services such as online banking, e-money, and cryptocurrency, or that attempt to gain access to financial organizations and their infrastructure. These threats are usually accompanied by spam and phishing activities,...

0.9AI score
Exploits0
Total number of security vulnerabilities1025