1025 matches found
A glimpse into the present state of security in robotics
Download full report PDF The world of today continues its progress toward higher digitalization and mobility. From developments in the Internet of Things IoT through augmented reality to Industry 4.0, whichrely on stronger automation and use of robots, all of these bring more efficiency to...
Managed Detection and Response analytics report, H1 2019
Download full report PDF Introduction This report contains the results of the Managed Detection and Response MDR service brand name - Kaspersky Managed Protection. The MDR service provides managed threat hunting and initial incident response. Threat hunting is the practice of iteratively searchin...
COMpfun successor Reductor infects files on the fly to compromise TLS traffic
In April 2019, we discovered new malware that compromises encrypted web communications in an impressive way. Analysis of the malware allowed us to confirm that the operators have some control over the target's network channel and could replace legitimate installers with infected ones on the fly...
HQWar: the higher it flies, the harder it drops
Mobile dropper Trojans are one of today's most rapidly growing classes of malware. In Q1 2019, droppers are in the 2nd or 3rd position in terms of share of total detected threats, while holding nearly half of all Top 20 places in 2018. Since the droppers' main task is to deliver payload while...
The State of Stalkerware in 2019
Introduction and methodology Six months ago, we created a special alert that notifies users about commercial spyware stalkerware products installed on their phones. This report examines the use of stalkerware and the number of users affected by this software in the first eight months of 2019...
Ransomware: two pieces of good news
"All your files have been encrypted." How many times has this suddenly popped up on your screen? We hope never, because it's one of the most common indicators that you've lost access to your files. And if there are no publicly available decryptors or you don't have any backup copies, you're in...
Hello! My name is Dtrack
Our investigation into the Dtrack RAT actually began with a different activity. In the late summer of 2018, we discovered ATMDtrack, a piece of banking malware targeting Indian banks. Further analysis showed that the malware was designed to be planted on the victim's ATMs, where it could read and...
Threat landscape for smart buildings
The Kaspersky Industrial Cybersecurity Conference 2019 takes place this week in Sochi, the seventh such conference dedicated to the problems of industrial cybersecurity. Among other things, the conference will address the security of automation systems in buildings — industrial versions of the no...
Assessing the impact of protection from web miners
Brief summary: We present the results of evaluating the positive economic and environmental impact of blocking web miners with Kaspersky products. The total power saving can be calculated with known accuracy using the formula w·N, where w is the average value of the increase in power consumption ...
Threats to macOS users
Introduction The belief that there are no threats for the macOS operating system or at least no serious threats has been bandied about for decades. The owners of MacBooks and iMacs are only rivaled by Linux users in terms of the level of confidence in their own security, and we must admit that th...
This is what our summer’s like
For the second summer straight, we cover the children's interests during the period when they have enough leisure to give themselves full time to their hobbies. Modern children are active users of the internet, so most of their interests find reflection in their online activities, which are the...
Fully equipped Spying Android RAT from Brazil: BRATA
"BRATA" is a new Android remote access tool malware family. We used this code name based on its description - "Brazilian RAT Android". It exclusively targets victims in Brazil: however, theoretically it could also be used to attack any other Android user if the cybercriminals behind it want to. I...
Incident Response report 2018
Download full report PDF Introduction This report covers our team's incident response practices for the year 2018. We have thoroughly analyzed all the service requests, customer conversations and incident response deliverables to provide you an overview in numbers. The report includes statistics ...
Spam and phishing in Q2 2019
Quarterly highlights Spam through Google services In the second quarter of 2019, scammers were making active use of cloud-based data storage services such as Google Drive and Google Storage to hide their illegal content. The reasoning behind this is simple: a link from a legitimate domain is seen...
An advertising dropper in Google Play
Recently, the popular CamScanner – Phone PDF creator app caught our attention. According to Google Play, it has been installed more than 100 million times. The developers position it as a solution for scanning and managing digitized documents, but negative user reviews that have been left over th...
Agent 1433: remote attack on Microsoft SQL Server
All over the world companies large and small use Microsoft SQL Server for database management. Highly popular yet insufficiently protected, this DBMS is a target of choice for hacking. One of the most common attack on Microsoft SQL Server — the remote attack based on malicious jobs — has been...
IT threat evolution Q2 2019
Targeted attacks and malware campaigns More about ShadowHammer In March, we published the results of our investigation into a sophisticated supply-chain attack involving the ASUS Live Update Utility, used to deliver BIOS, UEFI and software updates to ASUS laptops and desktops. The attackers added...
IT threat evolution Q2 2019. Statistics
These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data. Quarterly figures According to Kaspersky Security Network, Kaspersky solutions blocked 717,057,912 attacks launched from online resources in 203 countries across t...
Recent Cloud Atlas activity
Also known as Inception, Cloud Atlas is an actor that has a long history of cyber-espionage operations targeting industries and governmental entities. We first reported Cloud Atlas in 2014 and we've been following its activities ever since. From the beginning of 2019 until July, we have been able...
DDoS attacks in Q2 2019
News overview The second quarter of 2019 turned out to be richer than the first in terms of high-profile DDoS attacks. True, most of the campaigns that attracted media attention appeared to be politically, rather than commercially, motivated — and that despite the fact that some security experts...
APT trends report Q2 2019
For two years, the Global Research and Analysis Team GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat APT activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in...
Financial threats in H1 2019
Introduction and methodology Financial cyberthreats are malicious programs that attack users of online banking services, electronic money, cryptocurrency and other similar services, as well as threats aimed at gaining access to financial organizations and their infrastructure. Kaspersky experts...
How to steal a million (of your data)
Any user data — from passwords for entertainment services to electronic copies of documents — is highly prized by intruders. The reason is simply that almost any information can be monetized. For instance, stolen data can be used to transfer funds to cybercriminal accounts, order goods or service...
On the IoT road: perks, benefits and security of moving smartly
Kaspersky has repeatedly investigated security issues related to IoT technologies for instance, here, or here. Earlier this year our experts have even gained foothold in the security of biomechanical prosthetic devices. The same implies to smart car security: our own research has indicated that...
Turla renews its arsenal with Topinambour
Turla, also known as Venomous Bear, Waterbug, and Uroboros, is a Russian speaking threat actor known since 2014, but with roots that go back to 2004 and earlier. It is a complex cyberattack platform focused predominantly on diplomatic and government-related targets, particularly in the Middle Eas...
New FinSpy iOS and Android implants revealed ITW
Updated: 23.07.2019 After publication of this article, we received a letter from a representative of Gamma Group International Ltd. stating that they disposed of all interests in FinFisher FinSpy in 2013. This article has been corrected in accordance with this new information. According to...
‘Twas the night before
Recently, the United States Cyber Command USCYBERCOM Malware Alert @CNMFVirusAlert highlighted several VirusTotal uploads of theirs - and the executable objects relating to 2016 – 2017 NewsBeef/APT33 activity are interesting for a variety of reasons. Before continuing, it's important to restate y...
Sodin ransomware exploits Windows vulnerability and processor architecture
When Sodin also known as Sodinokibi and REvil appeared in the first half of 2019, it immediately caught our attention for distributing itself through an Oracle Weblogic vulnerability and carrying out attacks on MSP providers. In a detailed analysis, we discovered that it also exploits the...
How we hacked our colleague’s smart home
In this article, we publish the results of our study of the Fibaro Home Center smart home. We identified vulnerabilities in Fibaro Home Center 2 and Fibaro Home Center Lite version 4.540, as well as vulnerabilities in the online API. An offer you cannot refuse The backbone of any technology compa...
Criminals, ATMs and a cup of coffee
In spring 2019, we discovered a new ATM malware sample written in Java that was uploaded to a multiscanner service from Mexico and later from Colombia. After a brief analysis, it became clear that the malware, which we call ATMJaDi, can cash out ATMs. However, it doesn't use the standard XFS, JXF...
ViceLeaker Operation: mobile espionage targeting Middle East
In May 2018, we discovered a campaign targeting dozens of mobile Android devices belonging to Israeli citizens. Kaspersky spyware sensors caught the signal of an attack from the device of one of the victims; and a hash of the APK involved Android application was tagged in our sample feed for...
Riltok mobile Trojan: A banker with global reach
Riltok is one of numerous families of mobile banking Trojans with standard for such malware functions and distribution methods. Originally intended to target the Russian audience, the banker was later adapted, with minimal modifications, for the European "market." The bulk of its victims more tha...
Not-so-dear subscribers
Many people have had a run-in with subscriptions to mobile content providers. They appear out of the blue, and get discovered only when account funds run dry. It might seem that the obvious solution is not to visit dubious sites and not to install apps from third-party sources. But, alas, these...
Plurox: Modular backdoor
In February this year, a curious backdoor passed across our virtual desk. The analysis showed the malware to have a few quite unpleasant features. It can spread itself over a local network via an exploit, provide access to the attacked network, and install miners and other malicious software on...
What kids get up to online
Today's children navigate the Internet better than adults. They are not afraid to try out new technology, and are quick to grasp new trends and sometimes invent their own. New social networks, mobile games, music, and gadgets are all part and parcel of their daily lives. But just because they fee...
Platinum is back
In June 2018, we came across an unusual set of samples spreading throughout South and Southeast Asian countries targeting diplomatic, government and military entities. The campaign, which may have started as far back as 2012, featured a multi-stage approach and was dubbed EasternRoppels. The acto...
Zebrocy’s Multilanguage Malware Salad
Zebrocy is Russian speaking APT that presents a strange set of stripes. To keep things simple, there are three things to know about Zebrocy Zebrocy is an active sub-group of victim profiling and access specialists Zebrocy maintains a lineage back through 2013, sharing malware artefacts and...
IT threat evolution Q1 2019. Statistics
These statistics are based on detection verdicts of Kaspersky Lab products received from users who consented to provide statistical data. Quarterly figures According to Kaspersky Security Network, Kaspersky Lab solutions blocked 843,096,461 attacks launched from online resources in 203 countries...
IT threat evolution Q1 2019
Targeted attacks and malware campaigns Go Zebrocy Zebrocy was first observed being used as a Sofacy backdoor in 2015. However, the collection of cases where this tool has been used mean that we consider it a subset of activity in its own right. On the basis of this threat actor's past behaviour, ...
DDoS attacks in Q1 2019
News overview The start of the year saw the appearance of various new tools in the arsenal of DDoS-attack masterminds. In early February, for instance, the new botnet Cayosin, assembled from elements of Qbot, Mirai, and other publicly available malware, swam into view. Cybersecurity experts were...
Spam and phishing in Q1 2019
Quarterly highlights Valentine's Day As per tradition, phishing timed to coincide with lovey-dovey day was aimed at swindling valuable confidential information out of starry-eyed users, such as bank card details. The topics exploited by cybercriminals ranged from online flower shops to dating...
ScarCruft continues to evolve, introduces Bluetooth harvester
Executive summary After publishing our initial series of blogposts back in 2016, we have continued to track the ScarCruft threat actor. ScarCruft is a Korean-speaking and allegedly state-sponsored threat actor that usually targets organizations and companies with links to the Korean peninsula. Th...
The 2019 DBIR is out
Once again, we are happy to support a large, voluntary, collaborative effort like the 2019 Data Breach Investigations Report. While our data contribution is completely anonymous, it is based in some of the 2018 data set that our private report customers receive from our efforts to protect all of...
FIN7.5: the infamous cybercrime rig “FIN7” continues its activities
On August 1, 2018, the US Department of Justice announced that it had arrested several individuals suspected of having ties to the FIN7 cybercrime rig. FIN7 operations are linked to numerous intrusion attempts having targeted hundreds of companies since at least as early as 2015. Interestingly,...
APT trends report Q1 2019
For just under two years, the Global Research and Analysis Team GReAT at Kaspersky Lab has been publishing quarterly summaries of advanced persistent threat APT activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published an...
I know what you did last summer, MuddyWater blending in the crowd
Introduction MuddyWater is an APT with a focus on governmental and telco targets in the Middle East Iraq, Saudi Arabia, Bahrain, Jordan, Turkey and Lebanon and also a few other countries in nearby regions Azerbaijan, Pakistan and Afghanistan. MuddyWater first surfaced in 2017 and has been active...
Operation ShadowHammer: a high-profile supply chain attack
In late March 2019, we briefly highlighted our research on ShadowHammer attacks, a sophisticated supply chain attack involving ASUS Live Update Utility, which was featured in a Kim Zetter article on Motherboard. The topic was also one of the research announcements made at the SAS conference, whic...
New zero-day vulnerability CVE-2019-0859 in win32k.sys
In March 2019, our automatic Exploit Prevention EP systems detected an attempt to exploit a vulnerability in the Microsoft Windows operating system. Further analysis of this event led to us discovering a zero-day vulnerability in win32k.sys. It was the fifth consecutive exploited Local Privilege...
Large-scale SIM swap fraud
Introduction SIM swap fraud is a type of account takeover fraud that generally targets a weakness in two-factor authentication and two-step verification, where the second factor or step is an SMS or a call placed to a mobile telephone. The fraud centers around exploiting a mobile phone operator's...
Gaza Cybergang Group1, operation SneakyPastes
Gaza Cybergangs is a politically motivated Arabic-language cyberthreat actor, actively targeting the MENA Middle East North Africa region, especially the Palestinian Territories. The confusion surrounding Gaza Cybergang's activities, separation of roles and campaigns has been prevalent in the cyb...