1025 matches found
IT threat evolution Q2 2017. Statistics
Q2 figures According to KSN data, Kaspersky Lab solutions detected and repelled 342, 566, 061 malicious attacks from online resources located in 191 countries all over the world. 33, 006, 783 unique URLs were recognized as malicious by web antivirus components. Attempted infections by malware tha...
The return of Mamba ransomware
At the end of 2016, there was a major attack against San Francisco's Municipal Transportation Agency. The attack was done using Mamba ransomware. This ransomware uses a legitimate utility called DiskCryptor for full disk encryption. This month, we noted that the group behind this ransomware has...
APT Trends report Q2 2017
Introduction Since 2014, Kaspersky Lab's Global Research and Analysis Team GReAT has been providing threat intelligence reports to a wide-range of customers worldwide, leading to the delivery of a full and dedicated private reporting service. Prior to the new service offering, GReAT published...
Steganography in contemporary cyberattacks
Steganography is the practice of sending data in a concealed format so the very fact of sending the data is disguised. The word steganography is a combination of the Greek words στεγανός steganos, meaning "covered, concealed, or protected", and γράφειν graphein meaning "writing". Unlike...
DDoS attacks in Q2 2017
News Overview The second quarter of 2017 saw DDoS attacks being more and more frequently used as a tool for political struggle. The Qatar crisis was accompanied by an attack on the website of Al Jazeera, the largest news network in the area, Le Monde and Le Figaro websites were targeted in the he...
A new era in mobile banking Trojans
In mid-July 2017, we found a new modification of the well-known mobile banking malware family Svpeng – Trojan-Banker.AndroidOS.Svpeng.ae. In this modification, the cybercriminals have added new functionality: it now also works as a keylogger, stealing entered text through the use of accessibility...
CowerSnail, from the creators of SambaCry
We recently reported about SambaCry, a new family of Linux Trojans exploiting a vulnerability in the Samba protocol. A week later, Kaspersky Lab analysts managed to detect a malicious program for Windows that was apparently created by the same group responsible for SambaCry. It was the common C&C...
Spring Dragon – Updated Activity
Spring Dragon is a long running APT actor that operates on a massive scale. The group has been running campaigns, mostly in countries and territories around the South China Sea, since as early as 2012. The main targets of Spring Dragon attacks are high profile governmental organizations and...
A King’s Ransom It is Not
The first half of 2017 began with two intriguing ransomware events, both partly enabled by wormable exploit technology dumped by a group calling themselves "The ShadowBrokers". These WannaCry and ExPetr ransomware events are the biggest in the sense that they spread the quickest and most...
The NukeBot banking Trojan: from rough drafts to real threats
This spring, the author of the NukeBot banking Trojan published the source code of his creation. He most probably did so to restore his reputation on a number of hacker forums: earlier, he had been promoting his development so aggressively and behaving so erratically that he was eventually...
No Free Pass for ExPetr
Recently, there have been discussions around the topic that if our product is installed, ExPetr malware won't write the special malicious code which encrypts the MFT to MBR. Some have even speculated that some kind of conspiracy might be ongoing. Others have pointed out it's plain and simple...
The Magala Trojan Clicker: A Hidden Advertising Threat
One large group will slowly conquer another large group, reduce its numbers, and thus lessen its chance of further variation and improvement. … Small and broken groups and sub-groups will finally tend to disappear. Charles Darwin. 'On the Origin of Species' The golden age of Trojans and viruses h...
Bitscout – The Free Remote Digital Forensics Tool Builder
Being a malware researcher means you are always busy with the struggle against mountains of malware and cyberattacks around the world. Over the past decade, the number of daily new malware findings raised up to unimaginable heights: with hundreds of thousands of malware samples per day! However,...
In ExPetr/Petya’s shadow, FakeCry ransomware wave hits Ukraine
While the cyber-world was still shaking under the destructive ExPetr/Petya attack that hit on June 27, another ransomware attack targeting Ukraine at the same time went almost unnoticed. So far, all theories regarding the spread of ExPetr/Petya point into two directions: Distribution via trojaniz...
From BlackEnergy to ExPetr
Much has been written about the recent ExPetr/NotPetya/Nyetya/Petya outbreak - you can read our findings here:Schroedinger's Petya and ExPetr is a wiper, not ransomware. As in the case of Wannacry, attribution is very difficult and finding links with previously known malware is challenging. In th...
ExPetr/Petya/NotPetya is a Wiper, Not Ransomware
After an analysis of the encryption routine of the malware used in the Petya/ExPetr attacks, we have thought that the threat actor cannot decrypt victims' disk, even if a payment was made. This supports the theory that this malware campaign was not designed as a ransomware attack for financial...
Schroedinger’s Pet(ya)
UPDATE June 28th, 2017: After an analysis of the encryption routine of the malware used in the Petya/ExPetr attacks, we have thought that the threat actor cannot decrypt victims' disk, even if a payment was made. It appears this malware campaign was designed as a wiper pretending to be ransomware...
Neutrino modification for POS-terminals
From time to time authors of effective and long-lived Trojans and viruses create new modifications and forks of them, like any other software authors. One of the brightest examples amongst them is Zeus Trojan-Spy.Win32.Zbot, based on classification of "Kaspersky Lab", which continues to spawn new...
KSN Report: Ransomware in 2016-2017
This report has been prepared using depersonalized data processed by Kaspersky Security Network KSN. The metrics are based on the number of distinct users of Kaspersky Lab products with the KSN feature enabled, who encountered ransomware at least once in a given period, as well as research into t...
Ztorg: from rooting to SMS
I've been monitoring Google Play Store for new Ztorg Trojans since September 2016, and have so far found several dozen new malicious apps. All of them were rooting malware that used exploits to gain root rights on the infected device. Then, in the second half of May 2017 I found one that wasn't...
Honeypots and the Internet of Things
There were a number of incidents in 2016 that triggered increased interest in the security of so-called IoT or 'smart' devices. They included, among others, the record-breaking DDoS attacks against the French hosting provider OVH and the US DNS provider Dyn. These attacks are known to have been...
Nigerian phishing: Industrial companies under attack
In late 2016, the Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team Kaspersky Lab ICS CERT reported on phishing attacks that were primarily targeting industrial companies from the metallurgy, electric power, construction, engineering and other sectors. As further research...
Two Tickets as Bait
Over the previous weekend, social networks were hit with a wave of posts that falsely claimed that major airlines were giving away tickets for free. Users from all over the world became involved in this: they published posts that mentioned Emirates, Air France, Aeroflot, S7 Airline, Eva Air,...
SambaCry is coming
Not long ago, news appeared online of a younger sibling for the sensational vulnerability EternalBlue. The story was about a new vulnerability for nix-based systems – EternalRed aka SambaCry. This vulnerability CVE-2017-7494 relates to all versions of Samba, starting from 3.5.0, which was release...
Dvmap: the first Android malware with code injection
In April 2017 we started observing new rooting malware being distributed through the Google Play Store. Unlike other rooting malware, this Trojan not only installs its modules into the system, it also injects malicious code into the system runtime libraries. Kaspersky Lab products detect it as...