Lucene search
K
SecurelistRecent

1025 matches found

Securelist
Securelist
added 2017/08/15 9:0 a.m.658 views

IT threat evolution Q2 2017. Statistics

Q2 figures According to KSN data, Kaspersky Lab solutions detected and repelled 342, 566, 061 malicious attacks from online resources located in 191 countries all over the world. 33, 006, 783 unique URLs were recognized as malicious by web antivirus components. Attempted infections by malware tha...

9.3CVSS0.4AI score0.99933EPSS
Exploits30
Securelist
Securelist
added 2017/08/09 2:0 p.m.66 views

The return of Mamba ransomware

At the end of 2016, there was a major attack against San Francisco's Municipal Transportation Agency. The attack was done using Mamba ransomware. This ransomware uses a legitimate utility called DiskCryptor for full disk encryption. This month, we noted that the group behind this ransomware has...

7.3AI score
Exploits0
Securelist
Securelist
added 2017/08/08 2:0 p.m.1269 views

APT Trends report Q2 2017

Introduction Since 2014, Kaspersky Lab's Global Research and Analysis Team GReAT has been providing threat intelligence reports to a wide-range of customers worldwide, leading to the delivery of a full and dedicated private reporting service. Prior to the new service offering, GReAT published...

10CVSS9.3AI score0.99933EPSS
Exploits47
Securelist
Securelist
added 2017/08/03 9:0 a.m.110 views

Steganography in contemporary cyberattacks

Steganography is the practice of sending data in a concealed format so the very fact of sending the data is disguised. The word steganography is a combination of the Greek words στεγανός steganos, meaning "covered, concealed, or protected", and γράφειν graphein meaning "writing". Unlike...

6.6AI score
Exploits0
Securelist
Securelist
added 2017/08/01 9:0 a.m.104 views

DDoS attacks in Q2 2017

News Overview The second quarter of 2017 saw DDoS attacks being more and more frequently used as a tool for political struggle. The Qatar crisis was accompanied by an attack on the website of Al Jazeera, the largest news network in the area, Le Monde and Le Figaro websites were targeted in the he...

7.9AI score
Exploits0
Securelist
Securelist
added 2017/07/31 9:0 a.m.885 views

A new era in mobile banking Trojans

In mid-July 2017, we found a new modification of the well-known mobile banking malware family Svpeng – Trojan-Banker.AndroidOS.Svpeng.ae. In this modification, the cybercriminals have added new functionality: it now also works as a keylogger, stealing entered text through the use of accessibility...

6.7AI score
Exploits0
Securelist
Securelist
added 2017/07/25 1:32 p.m.66 views

CowerSnail, from the creators of SambaCry

We recently reported about SambaCry, a new family of Linux Trojans exploiting a vulnerability in the Samba protocol. A week later, Kaspersky Lab analysts managed to detect a malicious program for Windows that was apparently created by the same group responsible for SambaCry. It was the common C&C...

6.9AI score
Exploits0
Securelist
Securelist
added 2017/07/24 9:5 a.m.56 views

Spring Dragon – Updated Activity

Spring Dragon is a long running APT actor that operates on a massive scale. The group has been running campaigns, mostly in countries and territories around the South China Sea, since as early as 2012. The main targets of Spring Dragon attacks are high profile governmental organizations and...

7.1AI score
Exploits0
Securelist
Securelist
added 2017/07/20 9:0 a.m.55 views

A King’s Ransom It is Not

The first half of 2017 began with two intriguing ransomware events, both partly enabled by wormable exploit technology dumped by a group calling themselves "The ShadowBrokers". These WannaCry and ExPetr ransomware events are the biggest in the sense that they spread the quickest and most...

6.9AI score
Exploits0
Securelist
Securelist
added 2017/07/19 9:20 a.m.104 views

The NukeBot banking Trojan: from rough drafts to real threats

This spring, the author of the NukeBot banking Trojan published the source code of his creation. He most probably did so to restore his reputation on a number of hacker forums: earlier, he had been promoting his development so aggressively and behaving so erratically that he was eventually...

7.1AI score
Exploits0
Securelist
Securelist
added 2017/07/13 7:55 p.m.58 views

No Free Pass for ExPetr

Recently, there have been discussions around the topic that if our product is installed, ExPetr malware won't write the special malicious code which encrypts the MFT to MBR. Some have even speculated that some kind of conspiracy might be ongoing. Others have pointed out it's plain and simple...

7.2AI score
Exploits0
Securelist
Securelist
added 2017/07/12 9:29 a.m.46 views

The Magala Trojan Clicker: A Hidden Advertising Threat

One large group will slowly conquer another large group, reduce its numbers, and thus lessen its chance of further variation and improvement. … Small and broken groups and sub-groups will finally tend to disappear. Charles Darwin. 'On the Origin of Species' The golden age of Trojans and viruses h...

6.8AI score
Exploits0
Securelist
Securelist
added 2017/07/06 9:0 a.m.68 views

Bitscout – The Free Remote Digital Forensics Tool Builder

Being a malware researcher means you are always busy with the struggle against mountains of malware and cyberattacks around the world. Over the past decade, the number of daily new malware findings raised up to unimaginable heights: with hundreds of thousands of malware samples per day! However,...

6.5AI score
Exploits0
Securelist
Securelist
added 2017/07/04 6:22 p.m.113 views

In ExPetr/Petya’s shadow, FakeCry ransomware wave hits Ukraine

While the cyber-world was still shaking under the destructive ExPetr/Petya attack that hit on June 27, another ransomware attack targeting Ukraine at the same time went almost unnoticed. So far, all theories regarding the spread of ExPetr/Petya point into two directions: Distribution via trojaniz...

6.8AI score
Exploits0
Securelist
Securelist
added 2017/06/30 9:39 p.m.113 views

From BlackEnergy to ExPetr

Much has been written about the recent ExPetr/NotPetya/Nyetya/Petya outbreak - you can read our findings here:Schroedinger's Petya and ExPetr is a wiper, not ransomware. As in the case of Wannacry, attribution is very difficult and finding links with previously known malware is challenging. In th...

6.6AI score
Exploits0
Securelist
Securelist
added 2017/06/28 6:51 p.m.52 views

ExPetr/Petya/NotPetya is a Wiper, Not Ransomware

After an analysis of the encryption routine of the malware used in the Petya/ExPetr attacks, we have thought that the threat actor cannot decrypt victims' disk, even if a payment was made. This supports the theory that this malware campaign was not designed as a ransomware attack for financial...

6.7AI score
Exploits0
Securelist
Securelist
added 2017/06/27 6:57 p.m.20 views

Schroedinger’s Pet(ya)

UPDATE June 28th, 2017: After an analysis of the encryption routine of the malware used in the Petya/ExPetr attacks, we have thought that the threat actor cannot decrypt victims' disk, even if a payment was made. It appears this malware campaign was designed as a wiper pretending to be ransomware...

7.4AI score
Exploits0
Securelist
Securelist
added 2017/06/27 11:1 a.m.29 views

Neutrino modification for POS-terminals

From time to time authors of effective and long-lived Trojans and viruses create new modifications and forks of them, like any other software authors. One of the brightest examples amongst them is Zeus Trojan-Spy.Win32.Zbot, based on classification of "Kaspersky Lab", which continues to spawn new...

6.9AI score
Exploits0
Securelist
Securelist
added 2017/06/26 9:0 a.m.28 views

KSN Report: Ransomware in 2016-2017

This report has been prepared using depersonalized data processed by Kaspersky Security Network KSN. The metrics are based on the number of distinct users of Kaspersky Lab products with the KSN feature enabled, who encountered ransomware at least once in a given period, as well as research into t...

7.2AI score
Exploits0
Securelist
Securelist
added 2017/06/20 9:1 a.m.19 views

Ztorg: from rooting to SMS

I've been monitoring Google Play Store for new Ztorg Trojans since September 2016, and have so far found several dozen new malicious apps. All of them were rooting malware that used exploits to gain root rights on the infected device. Then, in the second half of May 2017 I found one that wasn't...

7.8AI score
Exploits0
Securelist
Securelist
added 2017/06/19 9:8 a.m.672 views

Honeypots and the Internet of Things

There were a number of incidents in 2016 that triggered increased interest in the security of so-called IoT or 'smart' devices. They included, among others, the record-breaking DDoS attacks against the French hosting provider OVH and the US DNS provider Dyn. These attacks are known to have been...

10CVSS0.2AI score0.99999EPSS
Exploits139
Securelist
Securelist
added 2017/06/15 9:0 a.m.170 views

Nigerian phishing: Industrial companies under attack

In late 2016, the Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team Kaspersky Lab ICS CERT reported on phishing attacks that were primarily targeting industrial companies from the metallurgy, electric power, construction, engineering and other sectors. As further research...

9.3CVSS9.7AI score0.9679EPSS
Exploits1
Securelist
Securelist
added 2017/06/10 1:21 p.m.13 views

Two Tickets as Bait

Over the previous weekend, social networks were hit with a wave of posts that falsely claimed that major airlines were giving away tickets for free. Users from all over the world became involved in this: they published posts that mentioned Emirates, Air France, Aeroflot, S7 Airline, Eva Air,...

6.6AI score
Exploits0
Securelist
Securelist
added 2017/06/09 10:7 p.m.208 views

SambaCry is coming

Not long ago, news appeared online of a younger sibling for the sensational vulnerability EternalBlue. The story was about a new vulnerability for nix-based systems – EternalRed aka SambaCry. This vulnerability CVE-2017-7494 relates to all versions of Samba, starting from 3.5.0, which was release...

10CVSS0.9AI score0.99448EPSS
Exploits24
Securelist
Securelist
added 2017/06/08 8:58 a.m.23 views

Dvmap: the first Android malware with code injection

In April 2017 we started observing new rooting malware being distributed through the Google Play Store. Unlike other rooting malware, this Trojan not only installs its modules into the system, it also injects malicious code into the system runtime libraries. Kaspersky Lab products detect it as...

7.5AI score
Exploits0
Total number of security vulnerabilities1025