1025 matches found
IT threat evolution Q1 2023. Mobile statistics
IT threat evolution Q1 2023 IT threat evolution Q1 2023. Non-mobile statistics IT threat evolution Q1 2023. Mobile statistics These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Quarterly figures According to...
IT threat evolution in Q1 2023. Non-mobile statistics
IT threat evolution in Q1 2023 IT threat evolution in Q1 2023. Non-mobile statistics IT threat evolution in Q1 2023. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly...
Satacom delivers browser extension that steals cryptocurrency
Satacom downloader, also known as LegionLoader, is a renowned malware family that emerged in 2019. It is known to use the technique of querying DNS servers to obtain the base64-encoded URL in order to receive the next stage of another malware family currently distributed by Satacom. The Satacom...
In search of the Triangulation: triangle_check utility
In our initial blogpost about "Operation Triangulation", we published a comprehensive guide on how to manually check iOS device backups for possible indicators of compromise using MVT. This process takes time and requires manual search for several types of indicators. To automate this process, we...
Operation Triangulation: iOS devices targeted with previously unknown malware
While monitoring the network traffic of our own corporate Wi-Fi network dedicated for mobile devices using the Kaspersky Unified Monitoring and Analysis Platform KUMA, we noticed suspicious activity that originated from several iOS-based phones. Since it is impossible to inspect modern iOS device...
Meet the GoldenJackal APT group. Don’t expect any howls
GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. Despite the fact that they began their activities years ago, this group is generally unknown and, as far as we know, has not been publicly described. We...
CloudWizard APT: the bad magic story goes on
In March 2023, we uncovered a previously unknown APT campaign in the region of the Russo-Ukrainian conflict that involved the use of PowerMagic and CommonMagic implants. However, at the time it was not clear which threat actor was behind the attack. Since the release of our report about...
Minas – on the way to complexity
Sometimes when investigating an infection and focusing on a targeted attack, we come across something we were not expecting. The case described below is one such occurrence. In June 2022, we found a suspicious shellcode running in the memory of a system process. We decided to dig deeper and...
The nature of cyberincidents in 2022
Kaspersky offers various services to organizations that have been targeted by cyberattackers, such as incident response, digital forensics, and malware analysis. In our annual incident response report, we share information about the attacks that we investigated during the reporting period. Data...
New ransomware trends in 2023
Ransomware keeps making headlines. In a quest for profits, attackers target all types of organizations, from healthcare and educational institutions to service providers and industrial enterprises, affecting almost every aspect of our lives. In 2022, Kaspersky solutions detected over 74.2M...
Not quite an Easter egg: a new family of Trojan subscribers on Google Play
Every once in a while, someone will come across malicious apps on Google Play that seem harmless at first. Some of the trickiest of these are subscription Trojans, which often go unnoticed until the user finds they have been charged for services they never intended to buy. This kind of malware...
Managed Detection and Response in 2022
Kaspersky Managed Detection and Response MDR is a service for 24/7 monitoring and response to detected incidents based on technologies and expertise of Kaspersky Security Operations Center SOC team. MDR allows detecting threats at any stage of the attack – both before anything is compromised and...
What does ChatGPT know about phishing?
Can ChatGPT detect phishing links? Hearing all the buzz about the amazing applications of ChatGPT and other language models, our team could not help but ask this question. We work on applying machine learning technologies to cybersecurity tasks, specifically models that analyze websites to detect...
APT trends report Q1 2023
For more than five years, the Global Research and Analysis Team GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat APT activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have publishe...
Tomiris called, they want their Turla malware back
Introduction We introduced Tomiris to the world in September 2021, following our investigation of a DNS-hijack against a government organization in the Commonwealth of Independent States CIS. Our initial report described links between a Tomiris Golang implant and SUNSHUTTLE which has been...
QBot banker delivered through business correspondence
In early April, we detected a significant increase in attacks that use banking Trojans of the QBot family aka QakBot, QuackBot, and Pinkslipbot. The malware would be delivered through e-mail letters written in different languages — variations of them were coming in English, German, Italian, and...
Uncommon infection methods—part 2
Introduction Although ransomware is still a hot topic on which we will keep on publishing, we also investigate and publish about other threats. Recently we explored the topic of infection methods, including malvertising and malicious downloads. In this blog post, we provide excerpts from the rece...
Following the Lazarus group by tracking DeathNote campaign
The Lazarus group is a high-profile Korean-speaking threat actor with multiple sub-campaigns. We have previously published information about the connections of each cluster of this group. In this blog, well focus on an active cluster that we dubbed DeathNote because the malware responsible for...
Nokoyawa ransomware attacks with Windows zero-day
Updated April 20, 2023 In February 2023, Kaspersky technologies detected a number of attempts to execute similar elevation-of-privilege exploits on Microsoft Windows servers belonging to small and medium-sized businesses in the Middle East, in North America, and previously in Asia regions. These...
Overview of Google Play threats sold on the dark web
In 2022, Kaspersky security solutions detected 1,661,743 malware or unwanted software installers, targeting mobile users. Although the most common way of distributing such installers is through third-party websites and dubious app stores, their authors every now and then manage to upload them to...
The Telegram phishing market
Telegram has been gaining popularity with users around the world year by year. Common users are not the only ones who have recognized the messaging apps handy features — cybercrooks have already made it a branch of the dark web, their Telegram activity soaring since late 2021. The service is...
Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack
On March 29, Crowdstrike published a report about a supply chain attack conducted via 3CXDesktopApp, a popular VoIP program. Since then, the security community has started analyzing the attack and sharing their findings. The following has been discovered so far: The infection is spread via...
Selecting the right MSSP: Guidelines for making an objective decision
Managed Security Service Providers MSSPs have become an increasingly popular choice for organizations nowadays following the trend to outsource security services. Meanwhile, with the growing number of MSSPs in the market, it can be difficult for organizations to determine which provider will fit ...
Financial cyberthreats in 2022
Financial gain remains the key driver of cybercriminal activity. In the past year, weve seen multiple developments in this area – from new attack schemes targeting contactless payments to multiple ransomware groups continuing to emerge and haunt businesses. However, traditional financial threats ...
Copy-paste heist or clipboard-injector attacks on cryptousers
It is often the case that something new is just a reincarnation of something old. We have come across a series of clipboard injection attacks on cryptocurrency users, which emerged starting from September 2022. Although we have written about a similar malware attack in 2017 in one of our blogpost...
How scammers employ IPFS for email phishing
The idea of creating Web 3.0 has been around since the end of 2000s. The new version of the world wide web should repair the weak points of Web 2.0., some of which are: featureless content, prevalence of proprietary solutions, and lack of safety in a centralized user data storage environment, whe...
Understanding metrics to measure SOC effectiveness
The security operations center SOC plays a critical role in protecting an organizations assets and reputation by identifying, analyzing, and responding to cyberthreats in a timely and effective manner. Additionally, SOCs also help to improve overall security posture by providing add-on services...
Developing an incident response playbook
An incident response playbook is a predefined set of actions to address a specific security incident such as malware infection, violation of security policies, DDoS attack, etc. Its main goal is to enable a large enterprise security team to respond to cyberattacks in a timely and effective manner...
Bad magic: new APT found in the area of Russo-Ukrainian conflict
Since the start of the Russo-Ukrainian conflict, Kaspersky researchers and the international community at large have identified a significant number of cyberattacks executed in a political and geopolitical context. We previously published an overview of cyber activities and the threat landscape...
Business on the dark web: deals and regulatory mechanisms
Download the full version of the report PDF Hundreds of deals are struck on the dark web every day: cybercriminals buy and sell data, provide illegal services to one another, hire other individuals to work as "employees" with their groups, and so on. Large sums of money are often on the table. To...
Malvertising through search engines
In recent months, we observed an increase in the number of malicious campaigns that use Google Advertising as a means of distributing and delivering malware. At least two different stealers, Rhadamanthys and RedLine, were abusing the search engine promotion plan in order to deliver malicious...
The state of stalkerware in 2022
The state of stalkerware in 2022 PDF Main findings of 2022 The State of Stalkerware is an annual report by Kaspersky which contributes to a better understanding of how many people in the world are affected by digital stalking. Stalkerware is a commercially available software that can be discretel...
Threat landscape for industrial automation systems for H2 2022
Year 2022 in numbers Parameter | H1 2022 | H2 2022 | 2022 ---|---|---|--- Percentage of attacked ICS computers globally | 31.8% | 34.3% | 40.6% Main threat sources Internet | 16.5% | 19.9% | 24.0% Email clients | 7.0% | 6.4% | 7.9% Removable devices | 3.5% | 3.8% | 5.2% Network folders | 0.6% |...
The mobile malware threat landscape in 2022
These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Figures of the year In 2022, Kaspersky mobile products and technology detected: 1,661,743 malicious installers 196,476 new mobile banking Trojans 10,543 new mobi...
Spam and phishing in 2022
Figures of the year In 2022: 48.63% of all emails around the world and 52.78% of all emails in the Russian segment of the internet were spam As much as 29.82% of all spam emails originated in Russia Kaspersky Mail Anti-Virus blocked 166,187,118 malicious email attachments Our Anti-Phishing system...
IoC detection experiments with ChatGPT
ChatGPT is a groundbreaking chatbot powered by the neural network-based language model text-davinci-003 and trained on a large dataset of text from the Internet. It is capable of generating human-like text in a wide range of styles and formats. ChatGPT can be fine-tuned for specific tasks, such a...
Good, Perfect, Best: how the analyst can enhance penetration testing results
Penetration testing is something that many of those who know what a pentest is see as a search for weak spots and well-known vulnerabilities in clients infrastructure, and a bunch of copied-and-pasted recommendations on how to deal with the security holes thus discovered. In truth, it is not so...
Web beacons on websites and in e-mail
There is a vast number of trackers, which gather information about users activities online. For all intents and purposes, we have grown accustomed to online service providers, marketing agencies, and analytical companies tracking our every mouse click, our social posts, browser and streaming...
Prilex modification now targeting contactless credit card transactions
Prilex is a singular threat actor that has evolved from ATM-focused malware into unique modular PoS malware—actually, the most advanced PoS threat we have seen so far, as described in a previous article. Forget about those old memory scrapers seen in PoS attacks. Prilex goes beyond these, and it...
Come to the dark side: hunting IT professionals on the dark web
The dark web is a collective name for a variety of websites and marketplaces that bring together individuals willing to engage in illicit or shady activities. Dark web forums contain ads for selling and buying stolen data, offers to code malware and hack websites, posts seeking like-minded...
What your SOC will be facing in 2023
As the role of cybersecurity in large businesses increases remarkably year over year, the importance of Security Operations Centers SOCs is becoming paramount. This years Kaspersky Security Bulletin ends with tailored predictions for SOCs – from external and internal points of view. The first par...
Roaming Mantis implements new DNS changer in its malicious mobile app in 2022
Roaming Mantis a.k.a Shaoye is well-known as a long-term cyberattack campaign that uses malicious Android package APK files to control infected Android devices and steal device information; it also uses phishing pages to steal user credentials, with a strong financial motivation. Kaspersky has be...
What threatens corporations in 2023: media blackmail, fake leaks and cloud attacks
Kaspersky detects an average of 400,000 malicious files every day. These add up to 144 million annually. The threat landscape is constantly updated through new malware and spyware, advanced phishing methods, and new social engineering techniques. The media routinely report incidents and leaks of...
How much security is enough?
According to a prominent Soviet science fiction writer, beauty is a fine line, a razors edge between two opposites locked in a never-ending battle. Today, we would put it less poetically as an ideal compromise between contradictions. An elegant, or beautiful, design is one that allows reaching th...
BlueNoroff introduces new methods bypassing MoTW
BlueNoroff group is a financially motivated threat actor eager to profit from its cyberattack capabilities. We have published technical details of how this notorious group steals cryptocurrency before. We continue to track the groups activities and this October we observed the adoption of new...
Ransomware and wiper signed with stolen certificates
Introduction On July 17, 2022, Albanian news outlets reported a massive cyberattack that affected Albanian government e-services. A few weeks later, it was revealed that the cyberattacks were part of a coordinated effort likely intended to cripple the countrys computer systems. On September 10,...
CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange
Summary At the end of September, GTSC reported an attack on critical infrastructure that took place in August. During the investigation, experts found that two 0-day vulnerabilities in Microsoft Exchange Server were used in the attack. The first one, later identified as CVE-2022-41040, is a...
Reassessing cyberwarfare. Lessons learned in 2022
At this point, it has become cliché to say that nothing in 2022 turned out the way we expected. We left the COVID-19 crisis behind hoping for a long-awaited return to normality and were immediately plunged into the chaos and uncertainty of a twentieth-century-style military conflict that posed...
How to train your Ghidra
Getting started with Ghidra For about two decades, being a reverse engineer meant that you had to master the ultimate disassembly tool, IDA Pro. Over the years, many other tools were created to complement or directly replace it, but only a few succeeded. Then came the era of decompilation, adding...
DeathStalker targets legal entities with new Janicab variant
Just to clarify, the above subheading isnt a normal quote, but a message that Janicab malware attempted to decode in its newest use of YouTube dead-drop resolvers DDRs. While hunting for less common Deathstalker intrusions that use the Janicab malware family, we identified a new Janicab variant...