Lucene search
K
SecurelistRecent

1025 matches found

Securelist
Securelist
added 2018/05/24 6:0 p.m.63 views

VPNFilter EXIF to C2 mechanism analysed

On May 23 2018, our colleagues from Cisco Talos published their excellent analysis of VPNFilter, an IoT / router malware which exhibits some worrying characteristics. Some of the things which stand out about VPNFilter are: It has a redundant, multi-stage command and control mechanism which uses...

0.4AI score
Exploits0
Securelist
Securelist
added 2018/05/23 10:0 a.m.26 views

Spam and phishing in Q1 2018

Quarterly highlights Data leaks Early 2018 will be remembered for a series of data leak scandals. The most high-profile saw Facebook CEO Mark Zuckerberg grilled by US Congress, with many public figures supporting the Delete Facebook campaign. As a result, Zuckerberg promised to get tough and make...

0.1AI score
Exploits0
Securelist
Securelist
added 2018/05/23 10:0 a.m.57 views

Backdoors in D-Link’s backyard

"If you want to change the world, start with yourself." In the case of security research this can be rephrased to: "If you want to make the world safer, start with the smart things in your home." Or, to be more specific, start with your router – the core of any home network as well as an...

0.9AI score0.05768EPSS
Exploits3
Securelist
Securelist
added 2018/05/22 10:0 a.m.40 views

I know where your pet is

Kaspersky Lab's many years of cyberthreat research would suggest that any device with access to the Internet will inevitably be hacked. In recent years, we have seen hacked toys, kettles, cameras, and irons. It would seem that no gadget has escaped the attention of hackers, yet there is one last...

0.3AI score0.01093EPSS
Exploits0
Securelist
Securelist
added 2018/05/18 10:0 a.m.33 views

Roaming Mantis dabbles in mining and phishing multilingually

In April 2018, Kaspersky Lab published a blogpost titled 'Roaming Mantis uses DNS hijacking to infect Android smartphones'. Roaming Mantis uses Android malware which is designed to spread via DNS hijacking and targets Android devices. This activity is located mostly in Asia South Korea, Banglades...

6.9AI score
Exploits0
Securelist
Securelist
added 2018/05/14 10:0 a.m.497 views

IT threat evolution Q1 2018. Statistics

Q1 figures According to KSN: Kaspersky Lab solutions blocked 796,806,112 attacks launched from online resources located in 194 countries across the globe. 282,807,433 unique URLs were recognized as malicious by Web Anti-Virus components. Attempted infections by malware designed to steal money via...

9.3CVSS0.99945EPSS
Exploits103
Securelist
Securelist
added 2018/05/14 10:0 a.m.277 views

IT threat evolution Q1 2018

Targeted attacks and malware campaigns Skygofree: sophisticated mobile surveillance In January, we uncovered a sophisticated mobile implant that provides attackers with remote control of infected Android devices. The malware, called Skygofree after one of the domains it uses, is a targeted...

4.7CVSS7.2AI score0.93838EPSS
Exploits13
Securelist
Securelist
added 2018/05/10 10:0 a.m.152 views

OPC UA security analysis

This paper discusses our project that involved searching for vulnerabilities in implementations of the OPC UA protocol. In publishing this material, we hope to draw the attention of vendors that develop software for industrial automation systems and the industrial internet of things to problems...

6.4CVSS0.7AI score0.02904EPSS
Exploits0
Securelist
Securelist
added 2018/05/09 6:0 a.m.3177 views

The King is dead. Long live the King!

In late April 2018, a new zero-day vulnerability for Internet Explorer IE was found using our sandbox; more than two years since the last in the wild example CVE-2016-0189. This particular vulnerability and subsequent exploit are interesting for many reasons. The following article will examine th...

9.3CVSS8.4AI score0.99933EPSS
Exploits106
Securelist
Securelist
added 2018/05/07 10:0 a.m.97 views

SynAck targeted ransomware uses the Doppelgänging technique

The Process Doppelgänging technique was first presented in December 2017 at the BlackHat conference. Since the presentation several threat actors have started using this sophisticated technique in an attempt to bypass modern security solutions. In April 2018, we spotted the first ransomware...

7.2AI score
Exploits0
Securelist
Securelist
added 2018/05/03 10:0 a.m.17 views

Who’s who in the Zoo

ZooPark is a cyberespionage operation that has been focusing on Middle Eastern targets since at least June 2015. The threat actors behind the operation infect Android devices using several generations of malware, with the attackers including new features in each iteration. We label them from v1-v...

0.5AI score
Exploits0
Securelist
Securelist
added 2018/04/26 10:0 a.m.78 views

DDoS attacks in Q1 2018

News overview In early January, it was reported that an amateur hacker had come close to pulling off a botnet attack using "improvised" materials. Armed with information gleaned from hacker forums, the DIYer created a Trojan using a zero-day exploit in Huawei routers and released it online. The...

7.6AI score
Exploits0
Securelist
Securelist
added 2018/04/23 10:0 a.m.299 views

Energetic Bear/Crouching Yeti: attacks on servers

Energetic Bear/Crouching Yeti is a widely known APT group active since at least 2010. The group tends to attack different companies with a strong focus on the energy and industrial sectors. Companies attacked by Energetic Bear/Crouching Yeti are geographically distributed worldwide with a more...

8.5AI score
Exploits0
Securelist
Securelist
added 2018/04/19 10:0 a.m.65 views

Tens of thousands per Gram

Looking at Instagram one morning, I spotted several posts from some fairly well-known people in certain circles who had invested in an ICO held by Telegram. Interesting, I thought to myself. I fancy a piece of that. Only I was pretty sure that if Telegram was indeed holding an ICO, it would be a...

6.8AI score
Exploits0
Securelist
Securelist
added 2018/04/17 9:15 p.m.61 views

Leaking ads

When we use popular apps with good ratings from official app stores we assume they are safe. This is partially true – usually these apps have been developed with security in mind and have been reviewed by the app store's security team. However, we found that because of third-party SDKs many popul...

0.1AI score
Exploits0
Securelist
Securelist
added 2018/04/16 8:30 a.m.45 views

Roaming Mantis uses DNS hijacking to infect Android smartphones

In March 2018, Japanese media reported the hijacking of DNS settings on routers located in Japan, redirecting users to malicious IP addresses. The redirection led to the installation of Trojanized applications named facebook.apk and chrome.apk that contained Android Trojan-Banker. According to ou...

7.1AI score
Exploits0
Securelist
Securelist
added 2018/04/12 10:0 a.m.1162 views

APT Trends report Q1 2018

In the second quarter of 2017, Kaspersky's Global Research and Analysis Team GReAT began publishing summaries of the quarter's private threat intelligence reports in an effort to make the public aware of the research we have been conducting. This report serves as the next installment, focusing on...

10CVSS0.4AI score0.99945EPSS
Exploits58
Securelist
Securelist
added 2018/04/12 7:0 a.m.36 views

Operation Parliament, who is doing what?

Summary Kaspersky Lab has been tracking a series of attacks utilizing unknown malware since early 2017. The attacks appear to be geopolitically motivated and target high profile organizations. The objective of the attacks is clearly espionage – they involve gaining access to top legislative,...

1.4AI score
Exploits0
Securelist
Securelist
added 2018/04/04 10:0 a.m.39 views

Pocket cryptofarms

In recent months, the topic of cryptocurrency has been a permanent news fixture — the value of digital money has been see-sawing spectacularly. Such pyrotechnics could hardly have escaped the attention of scammers, which is why cryptocurrency fluctuations have gone hand in hand with all kinds of...

6.7AI score
Exploits0
Securelist
Securelist
added 2018/03/28 10:0 a.m.28 views

Your new friend, KLara

While doing threat research, teams need a lot of tools and systems to aid their hunting efforts – from systems storing Passive DNS data and automated malware classification to systems allowing researchers to pattern-match a large volume of data in a relatively short period of time. These tools ar...

6.9AI score
Exploits0
Securelist
Securelist
added 2018/03/26 10:0 a.m.599 views

Threat Landscape for Industrial Automation Systems in H2 2017

For many years, Kaspersky Lab experts have been uncovering and researching cyberthreats that target a variety of information systems – those of commercial and government organizations, banks, telecoms operators, industrial enterprises, and individual users. In this report, Kaspersky Lab Industria...

10CVSS9.6AI score0.99975EPSS
Exploits20
Securelist
Securelist
added 2018/03/15 10:0 a.m.84 views

Goodfellas, the Brazilian carding scene is after you

There are three ways of doing things in the malware business: the right way, the wrong way and the way Brazilians do it. From the early beginnings, using skimmers on ATMs, compromising point of sales systems, or even modifying the hardware of processing devices, Latin America has been a fertile...

7.4AI score
Exploits0
Securelist
Securelist
added 2018/03/13 3:0 p.m.57 views

Time of death? A therapeutic postmortem of connected medicine

TheSAS2017 presentation: Smart Medicine Breaches Its "First Do No Harm" Principle At last year's Security Analyst Summit 2017 we predicted that medical networks would be a titbit for cybercriminals. Unfortunately, we were right. The numbers of medical data breaches and leaks are increasing...

6.9AI score
Exploits0
Securelist
Securelist
added 2018/03/12 10:0 a.m.217 views

Somebody’s watching! When cameras are more than just ‘smart’

Every year the number of smart devices grows. Coffee machines, bracelets, fridges, cars and loads of other useful gadgets have now gone smart. We are now seeing the emergence of smart streets, roads and even cities. Devices such as smart cameras have long been part of everyday life for many, as...

10CVSS9.6AI score0.03699EPSS
Exploits0
Securelist
Securelist
added 2018/03/09 5:0 p.m.53 views

Masha and these Bears

Sofacy, also known as APT28, Fancy Bear, and Tsar Team, is a prolific, well resourced, and persistent adversary. They are sometimes portrayed as wild and reckless, but as seen under our visibility, the group can be pragmatic, measured, and agile. Our previous post on their 2017 activity stepped...

7.9AI score
Exploits0
Securelist
Securelist
added 2018/03/09 3:20 p.m.346 views

The Slingshot APT FAQ

While analysing an incident which involved a suspected keylogger, we identified a malicious library able to interact with a virtual file system, which is usually the sign of an advanced APT actor. This turned out to be a malicious loader internally named 'Slingshot', part of a new, and highly...

7.2CVSS8.8AI score0.00935EPSS
Exploits3
Securelist
Securelist
added 2018/03/08 5:0 p.m.79 views

The devil’s in the Rich header

In our previous blog, we detailed our findings on the attack against the Pyeongchang 2018 Winter Olympics. For this investigation, our analysts were provided with administrative access to one of the affected servers, located in a hotel based in Pyeongchang county, South Korea. In addition, we...

6.7AI score
Exploits0
Securelist
Securelist
added 2018/03/08 5:0 p.m.176 views

OlympicDestroyer is here to trick the industry

A couple of days after the opening ceremony of the Winter Olympics in Pyeongchang, South Korea, we received information from several partners, on the condition of non-disclosure TLP:Red, about a devastating malware attack on the Olympic infrastructure. A quick peek inside the malware revealed a...

7.3AI score
Exploits0
Securelist
Securelist
added 2018/03/07 10:0 a.m.40 views

Mobile malware evolution 2017

The year in figures In 2017, Kaspersky Lab detected the following: 5,730,916 malicious installation packages 94,368 mobile banking Trojans 544,107 mobile ransomware Trojans Trends of the year Rooting malware: no surrender For the last few years, rooting malware has been the biggest threat to...

7.2AI score
Exploits0
Securelist
Securelist
added 2018/03/05 10:0 a.m.56 views

Mining is the new black

UPDATED March 5th, 15.00 Last year we published a story revealing the rise of miners across the globe. At the time we had discovered botnets earning millions of USD. We knew this was just the beginning of the story, which turned out to develop rapidly. Together with the rest of the world, we have...

7AI score
Exploits0
Securelist
Securelist
added 2018/02/28 10:0 a.m.48 views

Financial Cyberthreats in 2017

In 2017, we saw a number of changes to the world of financial threats and new actors emerging. As we have previously noted, fraud attacks in financial services have become increasingly account-centric. User data is a key enabler for large-scale fraud attacks, and frequent data breaches - among...

7.2AI score
Exploits0
Securelist
Securelist
added 2018/02/27 10:0 a.m.51 views

IoT hack: how to break a smart home… again

There can never be too many IoT gadgets – that's what people usually think when buying yet another connected device with advanced functionality. From our perspective, we also think there can't be too many IoT investigations. So, we have continued our experiments into checking and uncovering how...

7.7AI score
Exploits0
Securelist
Securelist
added 2018/02/22 10:0 a.m.87 views

Tax refund, or How to lose your remaining cash

Every year, vast numbers of people around the globe relish the delightful prospect of filling out tax returns, applying for tax refunds, etc. Given that tax authorities and their taxpayers are moving online, it's no surprise to find cybercriminals hard on their heels. By spoofing trusted governme...

6.7AI score
Exploits0
Securelist
Securelist
added 2018/02/21 2:0 p.m.50 views

Disappearing bytes: Reverse engineering the MS Office RTF parser

Microsoft Office was a prime target for attacks in 2017. As well as the large number of vulnerabilities discovered and proof-of-concept exploits published, malware authors felt it necessary to prevent detection of 'one-day' and 'old-day' exploits by antivirus software. It also became clear that...

7AI score
Exploits0
Securelist
Securelist
added 2018/02/20 2:0 p.m.622 views

A Slice of 2017 Sofacy Activity

Sofacy, also known as APT28, Fancy Bear, and Tsar Team, is a highly active and prolific APT. From their high volume 0day deployment to their innovative and broad malware set, Sofacy is one of the top groups that we monitor, report, and protect against. 2017 was not any different in this regard. O...

9.3CVSS8.4AI score0.80734EPSS
Exploits4
Securelist
Securelist
added 2018/02/15 10:0 a.m.112 views

Spam and phishing in 2017

Figures of the year The share of spam in mail traffic came to 56.63%, down 1.68% against 2016. The biggest source of spam remains the US 13.21%. 40% of spam emails were less than 2 KB in size. The most common malware family found in mail traffic was Trojan-Downloader.JS.Sload The Anti-Phishing...

6.5AI score
Exploits0
Securelist
Securelist
added 2018/02/14 10:0 a.m.17 views

Bingo, Amigo! Jackpotting: ATM malware from Latin America to the World

Introduction Of all the forms of attack against financial institutions around the world, the one that brings traditional crime and cybercrime together the most is the malicious ecosystem that exists around ATM malware. Criminals from different backgrounds work together with a single goal in mind:...

7.5AI score
Exploits0
Securelist
Securelist
added 2018/02/13 9:0 a.m.42 views

Zero-day vulnerability in Telegram

In October 2017, we learned of a vulnerability in Telegram Messenger's Windows client that was being exploited in the wild. It involves the use of a classic right-to-left override attack when a user sends files over the messenger service. Right-to-left override in a nutshell The special nonprinti...

7.1AI score
Exploits0
Securelist
Securelist
added 2018/02/08 10:0 a.m.29 views

A vulnerable driver: lesson almost learned

Recently, we started receiving suspicious events from our internal sandbox Exploit Checker plugin. Our heuristics for supervisor mode code execution in the user address space were constantly being triggered, and an executable file was being flagged for further analysis. At first, it looked like...

8.2AI score
Exploits0
Securelist
Securelist
added 2018/02/07 10:0 a.m.64 views

Gas is too expensive? Let’s make it cheap!

A few months ago, while undertaking unrelated research into online connected devices, we uncovered something surprising and realized almost immediately that we could be looking at a critical security threat. What we found was a simple purple web interface that was in fact a link to a real-life ga...

10.4AI score0.07235EPSS
Exploits1
Securelist
Securelist
added 2018/02/06 10:0 a.m.10 views

BSides NYC, a volunteer organized event put on by and for the community

Another edition of BSides NYC has passed, and as first time attendee and presenter, I was genuinely impressed with the impeccable organization, the content shared, and the interesting conversations that took place among enthusiasts and professionals from all over the world. I've been a long time...

6.8AI score
Exploits0
Securelist
Securelist
added 2018/02/06 9:1 a.m.26 views

DDoS attacks in Q4 2017

News overview In terms of news about DDoS attacks, the last quarter of 2017 was livelier than the previous one. Some major botnets were discovered and destroyed. For instance, early December saw the FBI, Microsoft, and Europol team up to knock out the Andromeda botnet, in operation since 2011. In...

7.4AI score
Exploits0
Securelist
Securelist
added 2018/02/01 9:3 a.m.54 views

Every little bitcoin helps

It often happens that inventions and technologies that start out good end up turning into dangerous tools in the hands of criminals. Blockchain is no exception to this rule, especially in its most common cryptocurrency incarnation. Cryptocurrencies crop up in all kinds of spam: from traditional...

6.6AI score
Exploits0
Securelist
Securelist
added 2018/01/31 5:54 p.m.54 views

Cybercriminals target early IRS 2018 refunds now

On Monday, Jan 29th, IRS officially opened its 2018 season. Some taxpayers already filed their taxes and cybercriminals know it too. So, right after two days of the official 2018 season opening, we got phishing messages with a fake refund status Websites: The link in the email leads to a hacked...

6.7AI score
Exploits0
Securelist
Securelist
added 2018/01/25 11:0 a.m.101 views

Denis and Co.

In April 2017, we published a detailed review of a malicious program that used DNS tunneling to communicate to its C&C. That study prompted us to develop a technology to detect similar threats, which allowed us to collect a multitude of malware samples using DNS tunneling. In this article, we wil...

7.2AI score
Exploits0
Securelist
Securelist
added 2018/01/22 3:51 p.m.148 views

A silver bullet for the attacker

In the past years, the problem of vulnerabilities in industrial automation systems has been becoming increasingly important. The fact that industrial control systems have been developing in parallel with IT systems, relatively independently and often without regard for modern secure coding...

7.5CVSS10.5AI score0.04758EPSS
Exploits0
Securelist
Securelist
added 2018/01/16 10:0 a.m.619 views

Skygofree: Following in the footsteps of HackingTeam

At the beginning of October 2017, we discovered new Android spyware with several features previously unseen in the wild. In the course of further research, we found a number of related samples that point to a long-term development process. We believe the initial versions of this malware were...

7.2CVSS0.1AI score0.47709EPSS
Exploits45
Securelist
Securelist
added 2017/12/28 11:56 a.m.54 views

Happy IR in the New Year!

At the end of last year Mr. Jake Williams from aka @MalwareJake asked a very important question about Lack of visibility during detecting APT intrusions in twitter. Results show us that endpoint analysis is the most important part of any research connected with APTs. Also, for sure endpoint...

7.1AI score
Exploits0
Securelist
Securelist
added 2017/12/21 10:0 a.m.21 views

Nhash: petty pranks with big finances

According to our data, cryptocurrency miners are rapidly gaining in popularity. In an earlier publication we noted that cybercriminals were making use of social engineering to install this sort of software on users' computers. This time, we'd like to dwell more on how exactly the computers of...

6.6AI score
Exploits0
Securelist
Securelist
added 2017/12/19 10:0 a.m.14 views

Travle aka PYLOT backdoor hits Russian-speaking targets

At the end of September, Palo Alto released a report on Unit42 activity where they - among other things – talked about PYLOT malware. We have been detecting attacks that have employed the use of this backdoor since at least 2015 and refer to it as Travle. Coincidentally, KL was recently involved ...

7.3AI score
Exploits0
Total number of security vulnerabilities1025