Lucene search
K
SecurelistRecent

1025 matches found

Securelist
Securelist
added 2023/12/01 10:0 a.m.37 views

IT threat evolution in Q3 2023. Mobile statistics

IT threat evolution in Q3 2023 IT threat evolution in Q3 2023. Non-mobile statistics IT threat evolution in Q3 2023. Mobile statistics These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Quarterly figures Accordin...

7.6AI score
Exploits0
Securelist
Securelist
added 2023/12/01 10:0 a.m.203 views

IT threat evolution Q3 2023

IT threat evolution in Q3 2023 IT threat evolution in Q3 2023. Non-mobile statistics IT threat evolution in Q3 2023. Mobile statistics Targeted attacks Unknown threat actor targets power generator with DroxiDat and Cobalt Strike Earlier this year, we reported on a new variant of SystemBC called...

9.3CVSS8.3AI score0.99945EPSS
Exploits80
Securelist
Securelist
added 2023/12/01 10:0 a.m.65 views

IT threat evolution in Q3 2023. Non-mobile statistics

IT threat evolution in Q3 2023 IT threat evolution in Q3 2023. Non-mobile statistics IT threat evolution in Q3 2023. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly...

9.3CVSS9.3AI score0.99999EPSS
Exploits527
Securelist
Securelist
added 2023/11/23 10:0 a.m.25 views

Consumer cyberthreats: predictions for 2024

In our previous summary of consumer predictions, we delved into tactics that we expected scammers and cybercriminals to use in 2023. As anticipated, they capitalized on major events and cultural crazes, using tricks that ranged from fake Barbie doll deals to exploiting the buzz around long-awaite...

7.3AI score
Exploits0
Securelist
Securelist
added 2023/11/22 10:0 a.m.31 views

HrServ – Previously unknown web shell used in APT attack

Introduction In the course of our routine investigation, we discovered a DLL file, identified as hrserv.dll, which is a previously unknown web shell exhibiting sophisticated features such as custom encoding methods for client communication and in-memory execution. Our analysis of the sample led t...

8.1AI score
Exploits0
Securelist
Securelist
added 2023/11/21 10:0 a.m.15 views

Crimeware and financial cyberthreats in 2024

At Kaspersky, we constantly monitor the financial cyberthreat landscape, which includes threats to financial institutions, such as banks, and financially motivated threats, such as ransomware, that target a broader range of industries. As part of our Kaspersky Security Bulletin, we try to predict...

7.8AI score
Exploits0
Securelist
Securelist
added 2023/11/20 10:0 a.m.35 views

The dark side of Black Friday: decoding cyberthreats around the year’s biggest shopping season

As the annual Black Friday approaches, the digital landscape experiences an unprecedented surge in e-commerce and online shopping activity. Major sales aside, e-commerce is still a huge market. In 2022, global e-commerce retail revenue was estimated to reach $5.7 trillion worldwide, marking nearl...

7.1AI score
Exploits0
Securelist
Securelist
added 2023/11/14 10:0 a.m.85 views

Advanced threat predictions for 2024

Advanced persistent threats APTs are the most dangerous threats, as they employ complex tools and techniques, and often are highly targeted and hard to detect. Amid the global crisis and escalating geopolitical confrontations, these sophisticated cyberattacks are even more dangerous, as there is...

7.5CVSS8.7AI score0.86956EPSS
Exploits5
Securelist
Securelist
added 2023/11/10 8:0 a.m.57 views

Ducktail fashion week

Ducktail is a malware family that has been active since the second half of 2021 and aims to steal Facebook business accounts. WithSecure and GridinSoft have covered Ducktail attacks: the infostealer spread under the guise of documents relating to well-known companies and brands projects and...

7AI score
Exploits0
Securelist
Securelist
added 2023/11/09 8:0 a.m.52 views

Modern Asian APT groups’ tactics, techniques and procedures (TTPs)

Almost every quarter, someone publishes major research focusing on campaigns or incidents that involve Asian APT groups. These campaigns and incidents target various organizations from a multitude of industries. Likewise, the geographic location of victims is not limited to just one region. This...

7AI score
Exploits0
Securelist
Securelist
added 2023/11/06 10:0 a.m.36 views

Gaming-related cyberthreats in 2023: Minecrafters targeted the most

Introduction and trends The gaming industry continues growing. The Newzoo report for 2023 reveals that two in five — more than three billion — across the globe are gamers, which is 6.3 percent more than last year. Globally, gaming revenue amounts to an estimated US$242.39 billion, with almost hal...

6.4AI score
Exploits0
Securelist
Securelist
added 2023/11/02 10:0 a.m.219 views

WhatsApp spy mod spreads through Telegram, attacks Arabic-speaking users

It is not rare that users of popular instant messaging services find the official client apps to be lacking in functionality. To address that problem, third-party developers come up with mods that offer sought-after features besides aesthetic upgrades. Unfortunately, some of these mods contain...

8AI score
Exploits0
Securelist
Securelist
added 2023/10/27 6:0 a.m.40 views

A cascade of compromise: unveiling Lazarus’ new campaign

Earlier this year, a software vendor was compromised by the Lazarus malware delivered through unpatched legitimate software. Whats remarkable is that these software vulnerabilities were not new, and despite warnings and patches from the vendor, many of the vendors systems continued to use the...

7.5AI score
Exploits0
Securelist
Securelist
added 2023/10/26 10:30 a.m.30 views

How to catch a wild triangle

In the beginning of 2023, thanks to our Kaspersky Unified Monitoring and Analysis Platform KUMA SIEM system, we noticed suspicious network activity that turned out to be an ongoing attack targeting the iPhones and iPads of our colleagues. The moment we understood that there was a clear pattern in...

7.3AI score
Exploits0
Securelist
Securelist
added 2023/10/26 4:0 a.m.67 views

StripedFly: Perennially flying under the radar

Introduction Its just another cryptocurrency miner… Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. It comes equipped with a built-in TOR network tunnel for communication with command servers,...

7.5AI score
Exploits0
Securelist
Securelist
added 2023/10/24 10:0 a.m.37 views

Stealer for PIX payment system, new Lumar stealer and Rhysida ransomware

Introduction As a cybersecurity company, Kaspersky is constantly dealing with known and brand-new malware samples. As part of our crimeware reporting service, we provide our customers with technical reports on the evolution of existing crimeware families, as well as newly emerging ones. In this...

7AI score
Exploits0
Securelist
Securelist
added 2023/10/23 11:0 a.m.37 views

The outstanding stealth of Operation Triangulation

Introduction In our previous blogpost on Triangulation, we discussed the details of TriangleDB, the main implant used in this campaign, its C2 protocol and the commands it can receive. We mentioned, among other things, that it is able to execute additional modules. We also mentioned that this...

7.4AI score
Exploits0
Securelist
Securelist
added 2023/10/19 10:0 a.m.30 views

Money-making scripts attack organizations

In April of this year, the FBI published an advisory on attacks targeting government, law enforcement, and non-profit organizations. Attackers download scripts onto victims devices, delivering several types of malware all at once. The main aim is to utilize company resources for mining, steal dat...

7.2AI score
Exploits0
Securelist
Securelist
added 2023/10/18 10:0 a.m.90 views

Updated MATA attacks industrial companies in Eastern Europe

In early September 2022, we discovered several new malware samples belonging to the MATA cluster. As we were collecting and analyzing the relevant telemetry data, we realized the campaign had been launched in mid-August 2022 and targeted over a dozen corporations in Eastern Europe from the oil an...

5.1CVSS7.4AI score0.81103EPSS
Exploits11
Securelist
Securelist
added 2023/10/17 10:0 a.m.42 views

APT trends report Q3 2023

For more than six years, the Global Research and Analysis Team GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat APT activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published...

7.7AI score
Exploits0
Securelist
Securelist
added 2023/10/16 4:0 p.m.19 views

A hack in hand is worth two in the bush

The ongoing conflict between Israel and Hamas has also extended into the digital domain. The involvement of hackers highlights the evolving nature of warfare in the 21st century, where traditional military operations are complemented by sophisticated cyber tactics, and where the boundaries betwee...

7.5AI score
Exploits0
Securelist
Securelist
added 2023/10/13 12:0 p.m.34 views

ChatGPT at work: how chatbots help employees, but threaten business

Workhorse Only a few months ago, ChatGPT and other chatbots based on large language models LLMs were still a novelty. Users enjoyed using them to compose poems and lyrics in the style of famous artists which left Nick Cave, for example, decidedly unimpressed, researchers debated blowing up data...

6.8AI score
Exploits0
Securelist
Securelist
added 2023/10/12 10:0 a.m.59 views

ToddyCat: Keep calm and check logs

ToddyCat is an advanced APT actor that we described in a previous publication last year. The group started its activities in December 2020 and has been responsible for multiple sets of attacks against high-profile entities in Europe and Asia. Our first publication was focused on their main tools,...

7.5AI score
Exploits0
Securelist
Securelist
added 2023/09/28 8:0 a.m.48 views

A cryptor, a stealer and a banking trojan

Introduction As long as cybercriminals want to make money, theyll keep making malware, and as long as they keep making malware, well keep analyzing it, publishing reports and providing protection. Last month we covered a wide range of cybercrime topics. For example, we published a private report ...

7.1AI score
Exploits0
Securelist
Securelist
added 2023/09/27 10:0 a.m.22 views

QR codes in email phishing

QR codes are everywhere: you can see them on posters and leaflets, ATM screens, price tags and merchandise, historical buildings and monuments. People use them to share information, promote various online resources, pay for their goodies, and pass verification. And yet you dont see lots of QR cod...

7.1AI score
Exploits0
Securelist
Securelist
added 2023/09/21 10:0 a.m.40 views

Overview of IoT threats in 2023

IoT devices routers, cameras, NAS boxes, and smart home components multiply every year. Statista portal predicts their number will exceed 29 billion by 2030. As connected device numbers increase, so does the need for protection against various threats. The first-ever large-scale malware attacks o...

6.4CVSS8.1AI score0.87908EPSS
Exploits0
Securelist
Securelist
added 2023/09/13 9:0 a.m.18 views

Threat landscape for industrial automation systems. Statistics for H1 2023

Global threat statistics In the first half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased from H2 2022 by just 0.3 pp to 34%. Percentage of ICS computers on which malicious objects were blocked, by half year That said, he percentage of attacked ICS...

7AI score
Exploits0
Securelist
Securelist
added 2023/09/12 8:0 a.m.58 views

Free Download Manager backdoored – a possible supply chain attack on Linux machines

UPDATE 13.09.2023. Free Download Manager team issued an official statement regarding this incident. Over the last few years, Linux machines have become a more and more prominent target for all sorts of threat actors. According to our telemetry, 260,000 unique Linux samples appeared in the first...

7.2AI score
Exploits0
Securelist
Securelist
added 2023/09/11 10:0 a.m.324 views

From Caribbean shores to your devices: analyzing Cuba ransomware

Introduction Knowledge is our best weapon in the fight against cybercrime. An understanding of how various gangs operate and what tools they use helps build competent defenses and investigate incidents. This report takes a close look at the history of the Cuba group, and their attack tactics,...

10CVSS10.5AI score0.99999EPSS
Exploits174
Securelist
Securelist
added 2023/09/08 10:0 a.m.28 views

Evil Telegram doppelganger attacks Chinese users

UPDATE 11.09.2023. Google has informed us that all the apps were deleted from the Google Play store A while ago we discovered a bunch of Telegram mods on Google Play with descriptions in traditional Chinese, simplified Chinese and Uighur. The vendor says these are the fastest apps which use a...

7AI score
Exploits0
Securelist
Securelist
added 2023/08/30 10:0 a.m.80 views

IT threat evolution in Q2 2023. Non-mobile statistics

IT threat evolution in Q2 2023 IT threat evolution in Q2 2023. Non-mobile statistics IT threat evolution in Q2 2023. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly...

9.3CVSS10.4AI score0.99999EPSS
Exploits481
Securelist
Securelist
added 2023/08/30 10:0 a.m.34 views

IT threat evolution in Q2 2023. Mobile statistics

IT threat evolution in Q2 2023 IT threat evolution in Q2 2023. Non-mobile statistics IT threat evolution in Q2 2023. Mobile statistics These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Quarterly figures Accordin...

7AI score
Exploits0
Securelist
Securelist
added 2023/08/30 10:0 a.m.101 views

IT threat evolution in Q2 2023

IT threat evolution in Q2 2023 IT threat evolution in Q2 2023. Non-mobile statistics IT threat evolution in Q2 2023. Mobile statistics Targeted attacks Gopuram backdoor deployed through 3CX supply-chain attack Earlier this year, a Trojanized version of the 3CXDesktopApp, a popular VoIP program, w...

7.5CVSS10AI score0.99999EPSS
Exploits73
Securelist
Securelist
added 2023/08/25 10:0 a.m.22 views

Lockbit leak, research opportunities on tools leaked from TAs

Lockbit is one of the most prevalent ransomware strains. It comes with an affiliate ransomware-as-a-service RaaS program offering up to 80% of the ransom demand to participants, and includes a bug bounty program for those who detect and report vulnerabilities that allow files to be decrypted...

7.3AI score
Exploits0
Securelist
Securelist
added 2023/08/14 10:0 a.m.18 views

Phishing with hacked sites

Phishers want their fake pages to cost minimum effort but generate as much income as possible, so they eagerly use various tools and techniques to evade detection, and save time and money. Examples include automation with phishing kits or Telegram bots. Another tactic, popular with scammers big a...

7.6AI score
Exploits0
Securelist
Securelist
added 2023/08/10 10:0 a.m.50 views

Focus on DroxiDat/SystemBC

Recently we pushed a report to our customers about an interesting and common component of the cybercrime malware set - SystemBC. And, in much the same vein as the 2021 Darkside Colonial Pipeline incident, we found a new SystemBC variant deployed to a critical infrastructure target. This time, the...

7.7AI score
Exploits0
Securelist
Securelist
added 2023/08/10 8:0 a.m.23 views

Common TTPs of attacks against industrial organizations

In 2022 we investigated a series of attacks against industrial organizations in Eastern Europe. In the campaigns, the attackers aimed to establish a permanent channel for data exfiltration, including data stored on air-gapped systems. Based on similarities found between these campaigns and...

7.7AI score
Exploits0
Securelist
Securelist
added 2023/08/03 10:0 a.m.268 views

What’s happening in the world of crimeware: Emotet, DarkGate and LokiBot

Introduction The malware landscape keeps evolving. New families are born, while others disappear. Some families are short-lived, while others remain active for quite a long time. In order to follow this evolution, we rely both on samples that we detect and our monitoring efforts, which cover...

9.3CVSS7.1AI score0.99945EPSS
Exploits62
Securelist
Securelist
added 2023/07/28 10:0 a.m.33 views

Anomaly detection in certificate-based TGT requests

One of the most complex yet effective methods of gaining unauthorized access to corporate network resources is an attack using forged certificates. Attackers create such certificates to fool the Key Distribution Center KDC into granting access to the target companys network. An example of such an...

7.4AI score
Exploits0
Securelist
Securelist
added 2023/07/27 10:0 a.m.92 views

APT trends report Q2 2023

For more than six years, the Global Research and Analysis Team GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat APT activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published...

9.3CVSS7.6AI score0.99945EPSS
Exploits33
Securelist
Securelist
added 2023/07/19 12:0 p.m.77 views

Comprehensive analysis of initial attack samples exploiting CVE-2023-23397 vulnerability

On March 14, 2023, Microsoft published a blogpost describing an Outlook Client Elevation of Privilege Vulnerability CVSS: 9.8 CRITICAL. The publication generated a lot of activity among white, grey and black hat researchers, as well as lots of publications and tweets about the vulnerability and i...

7.5CVSS9.2AI score0.97408EPSS
Exploits18
Securelist
Securelist
added 2023/07/05 10:0 a.m.24 views

Email crypto phishing scams: stealing from hot and cold crypto wallets

The higher the global popularity of cryptocurrencies and the more new ways of storing them, the wider the arsenal of tools used by malicious actors who are after digital money. Scammers tailor the complexity of technology they use and the thoroughness of their efforts to imitate legitimate websit...

7.2AI score
Exploits0
Securelist
Securelist
added 2023/06/28 10:0 a.m.23 views

Andariel’s silly mistakes and a new malware family

Introduction Andariel, a part of the notorious Lazarus group, is known for its use of the DTrack malware and Maui ransomware in mid-2022. During the same period, Andariel also actively exploited the Log4j vulnerability as reported by Talos and Ahnlab. Their campaign introduced several new malware...

7.1AI score
Exploits0
Securelist
Securelist
added 2023/06/27 6:0 a.m.33 views

How cybercrime is impacting SMBs in 2023

According to the United Nations, small and medium-sized businesses SMBs constitute 90 percent of all companies and contribute 60 to 70 percent of all jobs in the world. They generate 50 percent of global gross domestic product and form the backbone of most countries economies. Hit hardest by the...

7.5AI score
Exploits0
Securelist
Securelist
added 2023/06/22 10:0 a.m.16 views

LockBit Green and phishing that targets organizations

Introduction In recent months, we published private reports on a broad range of subjects. We wrote about malware targeting Brazil, about CEO fraud attempts, Andariel, LockBit and others. For this post, we selected three private reports, namely those related to LockBit and phishing campaigns...

6.8AI score
Exploits0
Securelist
Securelist
added 2023/06/21 10:0 a.m.35 views

Dissecting TriangleDB, a Triangulation spyware implant

Over the years, there have been multiple cases when iOS devices were infected with targeted spyware such as Pegasus, Predator, Reign and others. Often, the process of infecting a device involves launching a chain of different exploits, e.g. for escaping the iMessage sandbox while processing a...

7AI score
Exploits0
Securelist
Securelist
added 2023/06/20 10:0 a.m.32 views

A bowl full of security problems: Examining the vulnerabilities of smart pet feeders

Introduction In todays interconnected world, more and more devices are being connected to the internet, including everyday household items like pet feeders that are becoming smart by virtue of this simple fact. However, as these devices become more sophisticated, they also become more vulnerable ...

8.7AI score
Exploits0
Securelist
Securelist
added 2023/06/15 10:0 a.m.29 views

Understanding Malware-as-a-Service

Money is the root of all evil, including cybercrime. Thus, it was inevitable that malware creators would one day begin not only to distribute malicious programs themselves, but also to sell them to less technically proficient attackers, thereby lowering the threshold for entering the cybercrimina...

7AI score
Exploits0
Securelist
Securelist
added 2023/06/12 10:0 a.m.29 views

Sneaky DoubleFinger loads GreetingGhoul targeting your cryptocurrency

Introduction Stealing cryptocurrencies is nothing new. For example, the Mt. Gox exchange was robbed of many bitcoins back in the beginning of 2010s. Attackers such as those behind the Coinvault ransomware were after your Bitcoin wallets, too. Since then, stealing cryptocurrencies has continued to...

7.2AI score
Exploits0
Securelist
Securelist
added 2023/06/07 8:0 a.m.157 views

IT threat evolution Q1 2023

IT threat evolution in Q1 2023 IT threat evolution in Q1 2023. Non-mobile statistics IT threat evolution in Q1 2023. Mobile statistics Targeted attacks BlueNoroff introduces new methods bypassing MotW At the close of 2022, we reported the recent activities of BlueNoroff, a financially motivated...

7.3AI score
Exploits0
Total number of security vulnerabilities1025