1025 matches found
Project TajMahal – a sophisticated new APT framework
Executive summary 'TajMahal' is a previously unknown and technically sophisticated APT framework discovered by Kaspersky Lab in the autumn of 2018. This full-blown spying framework consists of two packages named 'Tokyo' and 'Yokohama'. It includes backdoors, loaders, orchestrators, C2...
Digital Doppelgangers
Carding exists for over 20 years. And it is not dead yet. It is alive, and even more – it is being actively developed by cybercriminals. The "good" old method of entering stolen credit card information into online store forms to buy goods and services or using online payment system accounts for t...
BasBanke: Trend-setting Brazilian banking Trojan
BasBanke is a new Android malware family targeting Brazilian users. It is a banking Trojan built to steal financial data such as credentials and credit/debit card numbers, but not limited to this functionality. The propagation of this threat began during the 2018 Brazilian elections, registering...
Roaming Mantis, part IV
One year has passed since we published the first blogpost about the Roaming Mantis campaign on securelist.com, and this February we detected new activities by the group. This blogpost is follow up on our earlier reporting about the group with updates on their tools and tactics. Mobile config for...
Beware of stalkerware
Spyware might sound like a concept from a Hollywood movie, yet commercial versions of such programs – known in the cybersecurity industry as 'stalkerware' – are a daily reality for many people. For the price of just a few dollars, consumer spyware programs allow users to spy on their current or...
Game of Threats
Introduction While the way we consume TV content is rapidly changing, the content itself remains in high demand, and users resort to any means available to get at it – including illegal and non-ethical ones like the use of pirated stuff. The world is embracing the idea of paying for entertainment...
Bots and botnets in 2018
Due to the wide media coverage of incidents involving Mirai and other specialized botnets, their activities have become largely associated with DDoS attacks. Yet this is merely the tip of the iceberg, and botnets are used widely not only to carry out DDoS attacks, but to steal various user...
The return of the BOM
There's nothing new in Brazilian cybercriminals trying out new ways to stay under the radar. It's just that this time around the bad guys have started using a method that was reported in the wild years ago. Russian gangs used this technique to distribute malware capable of modifying the hosts fil...
Threat Landscape for Industrial Automation Systems in H2 2018
H2 2018 in figures All statistical data used in this report was collected using the Kaspersky Security Network KSN, a distributed antivirus network. The data was received from those KSN users who gave their consent to have data anonymously transferred from their computers. We do not identify the...
Cryptocurrency businesses still being targeted by Lazarus
It's hardly news to anyone who follows cyberthreat intelligence that the Lazarus APT group targets financial entities, especially cryptocurrency exchanges. Financial gain remains one of the main goals for Lazarus, with its tactics, techniques, and procedures constantly evolving to avoid detection...
Operation ShadowHammer
Earlier today, Motherboard published a story by Kim Zetter on Operation ShadowHammer, a newly discovered supply chain attack that leveraged ASUS Live Update software. While the investigation is still in progress and full results and technical paper will be published during SAS 2019 conference in...
AZORult++: Rewriting history
The AZORult Trojan is one of the most commonly bought and sold stealers in Russian forums. Despite the relatively high price tag $100, buyers like AZORult for its broad functionality for example, the use of .bit domains as C&C servers to ensure owner anonymity and to make it difficult to block th...
Hacking microcontroller firmware through a USB
In this article, I want to demonstrate extracting the firmware from a secure USB device running on the Cortex M0. Who hacks video game consoles? The manufacture of counterfeit and unlicensed products is widespread in the world of video game consoles. It's a multi-billion dollar industry in which...
The fourth horseman: CVE-2019-0797 vulnerability
In February 2019, our Automatic Exploit Prevention AEP systems detected an attempt to exploit a vulnerability in the Microsoft Windows operating system. Further analysis of this event led to us discovering a zero-day vulnerability in win32k.sys. We reported it to Microsoft on February 22, 2019. T...
Spam and phishing in 2018
Numbers of the year The share of spam in mail traffic was 52.48%, which is 4.15 p.p. less than in 2017. The biggest source of spam this year was China 11.69%. 74.15% of spam emails were less than 2 KB in size. Malicious spam was detected most commonly with the Win32.CVE-2017-11882 verdict. The...
A predatory tale: Who’s afraid of the thief?
In mid-February, Kaspersky Lab received a request for incident response from one of its clients. The individual who initially reported the issue to our client refused to disclose the origin of the indicator that they shared. What we do know is that it was a screenshot from one of the client's...
Financial Cyberthreats in 2018
Introduction and Key Findings The world of finance has been a great source of income cybercriminals across the world due to an obvious reason – money. While governments and organizations have been investing in new methods to protect financial services, malicious users have been investing in how t...
Pirate matryoshka
The use of torrent trackers to spread malware is a well-known practice; cybercriminals disguise it as popular software, computer games, media files, and other sought-after content. We detected one such campaign early this year, when The Pirate Bay TPB tracker filled up with harmful files used to...
Mobile malware evolution 2018
The statistical data for this report came from all Kaspersky Lab mobile security solutions, not just Kaspersky Mobile Antivirus for Android. Consequently, the comparative data for 2017 may differ from the data for the same period published in the previous report. The analytical scope was expanded...
How to Attack and Defend a Prosthetic Arm
The IoT world has long since grown beyond the now-ubiquitous smartwatches, smartphones, smart coffee machines, cars capable of sending tweets and Facebook posts and other stuff like fridges that send spam. Today's IoT world now boasts state-of-the-art solutions that quite literally help people...
Threats to users of adult websites in 2018
More graphs and statistics in full PDF version Introduction 2018 was a year that saw campaigns to decrease online pornographic content and traffic. For example, one of the most adult-content friendly platforms – Tumblr – announced it was banning erotic content even though almost a quarter of its...
ATM robber WinPot: a slot machine instead of cutlets
Automation of all kinds is there to help people with their routine work, make it faster and simpler. Although ATM fraud is a very peculiar sort of work, some cybercriminals spend a lot of effort to automate it. In March 2018, we came across a fairly simple but effective piece of malware named...
DNS Manipulation in Venezuela in regards to the Humanitarian Aid Campaign
Venezuela is a country facing an uncertain moment in its history. Reports suggests it is in significant need of humanitarian aid. On February 10th, Mr. Juan Guaidó made a public call asking for volunteers to join a new movement called "Voluntarios por Venezuela" Volunteers for Venezuela. Accordin...
DDoS Attacks in Q4 2018
News overview In Q4 2018, security researchers detected a number of new botnets, which included not only Mirai clones for a change. The fall saw increased activity on the part of the Chalubo bot, whose first attacks were registered in late August. Although the new malware employs snippets of Mira...
Chafer used Remexi malware to spy on Iran-based foreign diplomatic entities
Executive Summary Throughout the autumn of 2018 we analyzed a long-standing and still active at that time cyber-espionage campaign that was primarily targeting foreign diplomatic entities based in Iran. The attackers were using an improved version of Remexi in what the victimology suggests might ...
Razy in search of cryptocurrency
Last year, we discovered malware that installs a malicious browser extension on its victim's computer or infects an already installed extension. To do so, it disables the integrity check for installed extensions and automatic updates for the targeted browser. Kaspersky Lab products detect the...
GreyEnergy’s overlap with Zebrocy
In October 2018, ESET published a report describing a set of activity they called GreyEnergy, which is believed to be a successor to BlackEnergy group. BlackEnergy a.k.a. Sandworm is best known, among other things, for having been involved in attacks against Ukrainian energy facilities in 2015,...
A Zebrocy Go Downloader
Last year at SAS2018 in Cancun, Mexico, "Masha and these Bears" included discussion of a subset of Sofacy activity and malware that we call "Zebrocy", and predictions for the decline of SPLM/XAgent Sofacy activity coinciding with the acceleration of Zebrocy activity and innovation. Zebrocy was...
The world’s southernmost security conference
When asked about his best race, Ayrton Senna replied that it was when he raced karting cars. For him it was the best because it was only for the sake of sports and free from commercial sponsoring and commercial interests. I have this same feeling about computer security conferences, because they...
Remotely controlled EV home chargers – the threats and vulnerabilities
We are now seeing signs of a possible shift in the field of personal transport. Recent events such as the 'dieselgate' scandal undermine customer and government confidence in combustion engines and their environmental safety. At the same time there has been a big step forward in the development o...
Zero-day in Windows Kernel Transaction Manager (CVE-2018-8611)
Executive summary In October 2018, our AEP Automatic Exploit Prevention systems detected an attempt to exploit a vulnerability in the Microsoft Windows operating system. Further analysis led us to uncover a zero-day vulnerability in ntoskrnl.exe. We reported it to Microsoft on October 29, 2018. T...
DarkVishnya: Banks attacked through direct connection to local network
While novice attackers, imitating the protagonists of the U.S. drama Mr. Robot, leave USB flash drives lying around parking lots in the hope that an employee from the target company picks one up and plugs it in at the workplace, more experienced cybercriminals prefer not to rely on chance. In...
APT review of the year
What were the most interesting developments in terms of APT activity throughout the year and what can we learn from them? Not an easy question to answer; everybody has partial visibility and it's never possible to really understand the motivations of some attacks or the developments behind them...
KoffeyMaker: notebook vs. ATM
Despite CCTV and the risk of being caught by security staff, attacks on ATMs using a direct connection — so-called black box attacks — are still popular with cybercriminals. The main reason is the low "entry requirements" for would-be cyber-robbers: specialized sites offer both the necessary tool...
Kaspersky Security Bulletin 2018. Statistics
Kaspersky Security Bulletin 2018. Top security stories Kaspersky Security Bulletin 2018. Story of the year: miners Kaspersky Security Bulletin 2018. Threat Predictions for 2019 All the statistics used in this report were obtained using Kaspersky Security Network KSN, a distributed antivirus netwo...
Kaspersky Security Bulletin 2018. Top security stories
Kaspersky Security Bulletin 2018. Statistics Kaspersky Security Bulletin 2018. Story of the year: miners Kaspersky Security Bulletin 2018. Threat Predictions for 2019 Introduction The internet is now woven into the fabric of our lives. Many people routinely bank, shop and socialize online and the...
First Annual Cyberwarcon
Cyberwarcon is a brand new event organized yesterday in Arlington, Virginia, and delivered eight hours of fantastic content. "CyberwarCon is a one-day conference in the Washington D.C. area focused on the specter of destruction, disruption, and malicious influence on our society through cyber...
Kaspersky Security Bulletin 2018. Story of the year: miners
Kaspersky Security Bulletin 2018. Statistics Kaspersky Security Bulletin 2018. Top security stories Kaspersky Security Bulletin 2018. Threat Predictions for 2019 Cryptocurrency miners that infect the computers of unsuspecting users essentially operate according to the same business model as...
Threat predictions for industrial security in 2019
Kaspersky Security Bulletin: Threat Predictions for 2019 Cryptocurrency threat predictions for 2019 Cyberthreats to financial institutions 2019: overview and predictions The past few years have been very intense and eventful when it comes to incidents affecting the information security of...
Cryptocurrency threat predictions for 2019
Kaspersky Security Bulletin: Threat Predictions for 2019 Threat predictions for industrial security in 2019 Cyberthreats to financial institutions 2019: overview and predictions Introduction – key events in 2018 2018 saw cryptocurrency become an established part of many people's lives, and a more...
Cyberthreats to financial institutions 2019: overview and predictions
Kaspersky Security Bulletin: Threat Predictions for 2019 Threat predictions for industrial security in 2019 Cryptocurrency threat predictions for 2019 Introduction – key events in 2018 The past year has been extremely eventful in terms of the digital threats faced by financial institutions:...
The Rotexy mobile Trojan – banker and ransomware
On the back of a surge in Trojan activity, we decided to carry out an in-depth analysis and track the evolution of some other popular malware families besides Asacub. One of the most interesting and active specimens to date was a mobile Trojan from the Rotexy family. In a three-month period from...
Kaspersky Security Bulletin 2018. Threat Predictions for 2019
Cryptocurrency threat predictions for 2019 Threat predictions for industrial security in 2019 Cyberthreats to financial institutions 2019: overview and predictions There's nothing more difficult than predicting. So, instead of gazing into a crystal ball, the idea here is to make educated guesses...
Black Friday alert
Banking Trojans traditionally target users of online financial services; looking for financial data to steal or building botnets out of hacked devices for future attacks. However, over time, several of these banking Trojans have enhanced their functionality, launching new variants and extending...
A new exploit for zero-day vulnerability CVE-2018-8589
Yesterday, Microsoft published its security bulletin, which patches a vulnerability discovered by our technologies. We reported it to Microsoft on October 17, 2018. The company confirmed the vulnerability and assigned it CVE-2018-8589. In October 2018, our Automatic Exploit Prevention AEP systems...
IT threat evolution Q3 2018. Statistics
These statistics are based on detection verdicts of Kaspersky Lab products received from users who consented to provide statistical data. Q3 figures According to Kaspersky Security Network: Kaspersky Lab solutions blocked 947,027,517 attacks launched from online resources located in 203 countries...
IT threat evolution Q3 2018
Targeted attacks and malware campaigns Lazarus targets cryptocurrency exchange Lazarus is a well-established threat actor that has conducted cyber-espionage and cybersabotage campaigns since at least 2009. In recent years, the group has launched campaigns against financial organizations around th...
Spam and phishing in Q3 2018
Quarterly highlights Personal data in spam We have often said that personal data is candy on a stick to fraudsters and must be kept safe that is, not given out on dubious websites. It can be used to gain access to accounts and in targeted attacks and ransomware campaigns. In Q3, we registered a...
Hey there! How much are you worth?
Have you ever stopped to think just how much your life is worth? I mean really think about it. For instance, let's say you wanted to sell everything you have – your house, your car, your job, your private life, photos and home movies from your childhood, your accounts on various social media, you...
DDoS Attacks in Q3 2018
News Overview The third quarter 2018 turned out relatively quiet in terms of DDoS attacks. "Relatively" because there were not very many high-level multi-day DDoS onslaughts on major resources. However, the capacities employed by cybercriminals keep growing year after year, while the total number...