Understanding the Wormable RDP Vulnerability CVE-2019-0708

ARCHIVED STORY RDP Stands for "Really Do Patch!" - Understanding the Wormable RDP Vulnerability CVE-2019-0708 By Eoin Carroll · May 21, 2019 During Microsoft’s May Patch Tuesday cycle, a security advisory was released for a vulnerability in the Remote Desktop Protocol RDP. What was unique in this...

Understanding the Wormable RDP Vulnerability CVE-2019-0708

ARCHIVED STORY RDP Stands for "Really Do Patch!" - Understanding the Wormable RDP Vulnerability CVE-2019-0708 By Eoin Carroll · May 21, 2019 During Microsoft’s May Patch Tuesday cycle, a security advisory was released for a vulnerability in the Remote Desktop Protocol RDP. What was unique in this...

LockerGoga Ransomware Family Used in Targeted Attacks

ARCHIVED STORY LockerGoga Ransomware Family Used in Targeted Attacks By ATR Operational Intelligence Team · April 29, 2019 Co-authored by Marc RiveroLopez. Initial discovery Once again, we have seen a significant new ransomware family in the news. LockerGoga, which adds new features to the tried...

LockerGoga Ransomware Family Used in Targeted Attacks

ARCHIVED STORY LockerGoga Ransomware Family Used in Targeted Attacks By ATR Operational Intelligence Team · April 29, 2019 Co-authored by Marc RiveroLopez. Initial discovery Once again, we have seen a significant new ransomware family in the news. LockerGoga, which adds new features to the tried...

IoT Zero-Days – Is Belkin WeMo Smart Plug the Next Malware Target?

ARCHIVED STORY IoT Zero-Days – Is Belkin WeMo Smart Plug the Next Malware Target? By Steve Povolny · April 18, 2019 Effective malware is typically developed with intention, targeting specific victims using either known or unknown vulnerabilities to achieve its primary functions. In this blog, we...

IoT Zero-Days – Is Belkin WeMo Smart Plug the Next Malware Target?

ARCHIVED STORY IoT Zero-Days – Is Belkin WeMo Smart Plug the Next Malware Target? By Steve Povolny · April 18, 2019 Effective malware is typically developed with intention, targeting specific victims using either known or unknown vulnerabilities to achieve its primary functions. In this blog, we...

What’s in the Box?

ARCHIVED STORY What’s in the Box? By Sam Quinn · February 25, 2019 2018 was another record-setting year in the continuing trend for consumer online shopping. With an increase in technology and efficiency, and a decrease in cost and shipping time, consumers have clearly made a statement that...

Your Smart Coffee Maker is Brewing Up Trouble

ARCHIVED STORY Your Smart Coffee Maker is Brewing Up Trouble By Sam Quinn · Febraury 25, 2019 IOT devices are notoriously insecure and this claim can be backed up with a laundry list of examples. With more devices “needing” to connect to the internet, the possibility of your WiFi enabled toaster...

What’s in the Box?

ARCHIVED STORY What’s in the Box? By Sam Quinn · February 25, 2019 2018 was another record-setting year in the continuing trend for consumer online shopping. With an increase in technology and efficiency, and a decrease in cost and shipping time, consumers have clearly made a statement that...

Your Smart Coffee Maker is Brewing Up Trouble

ARCHIVED STORY Your Smart Coffee Maker is Brewing Up Trouble By Sam Quinn · Febraury 25, 2019 IOT devices are notoriously insecure and this claim can be backed up with a laundry list of examples. With more devices “needing” to connect to the internet, the possibility of your WiFi enabled toaster...

Ryuk, Exploring the Human Connection

ARCHIVED STORY Ryuk, Exploring the Human Connection By John Fokker · Febraury 19, 2019 In collaboration with Bill Siegel and Alex Holdtman from Coveware At the beginning of 2019, McAfee ATR published an article describing how the hasty attribution of Ryuk ransomware to North Korea was missing the...

Ryuk, Exploring the Human Connection

ARCHIVED STORY Ryuk, Exploring the Human Connection By John Fokker · Febraury 19, 2019 In collaboration with Bill Siegel and Alex Holdtman from Coveware At the beginning of 2019, McAfee ATR published an article describing how the hasty attribution of Ryuk ransomware to North Korea was missing the...

Ryuk Ransomware Attack: Rush to Attribution Misses the Point

ARCHIVED STORY Ryuk Ransomware Attack: Rush to Attribution Misses the Point By John Fokker · January 09, 2019 Senior analyst Ryan Sherstobitoff contributed to this report. During the past week, an outbreak of Ryuk ransomware that impeded newspaper printing services in the United States has garner...

Ryuk Ransomware Attack: Rush to Attribution Misses the Point

ARCHIVED STORY Ryuk Ransomware Attack: Rush to Attribution Misses the Point By John Fokker · January 09, 2019 Senior analyst Ryan Sherstobitoff contributed to this report. During the past week, an outbreak of Ryuk ransomware that impeded newspaper printing services in the United States has garner...

Digging Up the Past: Windows Registry Forensics Revisited

ARCHIVED STORY Digging Up the Past: Windows Registry Forensics Revisited By David Via · Jan 08, 2019 Introduction FireEye consultants frequently utilize Windows registry data when performing forensic analysis of computer networks as part of incident response and compromise assessment missions. Th...

Digging Up the Past: Windows Registry Forensics Revisited

ARCHIVED STORY Digging Up the Past: Windows Registry Forensics Revisited By David Via · Jan 08, 2019 Introduction FireEye consultants frequently utilize Windows registry data when performing forensic analysis of computer networks as part of incident response and compromise assessment missions. Th...

Shamoon Attackers Employ New Tool Kit to Wipe Infected Systems

ARCHIVED STORY Shamoon Attackers Employ New Tool Kit to Wipe Infected Systems By Thomas Roccia · December 19, 2018 Last week the McAfee Advanced Threat Research team posted an analysis of a new wave of Shamoon “wiper” malware attacks that struck several companies in the Middle East and Europe. In...

Shamoon Attackers Employ New Tool Kit to Wipe Infected Systems

ARCHIVED STORY Shamoon Attackers Employ New Tool Kit to Wipe Infected Systems By Thomas Roccia · December 19, 2018 Last week the McAfee Advanced Threat Research team posted an analysis of a new wave of Shamoon “wiper” malware attacks that struck several companies in the Middle East and Europe. In...

Shamoon Returns to Wipe Systems in Middle East, Europe

ARCHIVED STORY Shamoon Returns to Wipe Systems in Middle East, Europe By Alexandre Mundo · December 14, 2018 Destructive malware has been employed by adversaries for years. Usually such attacks are carefully targeted and can be motivated by ideology, politics, or even financial aims. Destructive...

Shamoon Returns to Wipe Systems in Middle East, Europe

ARCHIVED STORY Shamoon Returns to Wipe Systems in Middle East, Europe By Alexandre Mundo · December 14, 2018 Destructive malware has been employed by adversaries for years. Usually such attacks are carefully targeted and can be motivated by ideology, politics, or even financial aims. Destructive...

Triton Malware Spearheads Latest Attacks on Industrial Systems | McAfee Blogs

Triton Malware Spearheads Latest Attacks on Industrial Systems | McAfee Blogs Thomas Roccia · NOV 08, 2018 Malware that attacks industrial control systems ICS, such as the Stuxnet campaign in 2010, is a serious threat. This class of cyber sabotage can spy on, disrupt, or destroy systems that mana...

Triton Malware Spearheads Latest Attacks on Industrial Systems | McAfee Blogs

Triton Malware Spearheads Latest Attacks on Industrial Systems | McAfee Blogs Thomas Roccia · NOV 08, 2018 Malware that attacks industrial control systems ICS, such as the Stuxnet campaign in 2010, is a serious threat. This class of cyber sabotage can spy on, disrupt, or destroy systems that mana...

Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims

ARCHIVED STORY Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims By John Fokker · October 30, 2018 Alexandr Solad and Daniel Hatheway of Recorded Future are coauthors of this post. Read Recorded Future’s version of this analysis. Rising from the deep, Kraken Cryptor ransomware has...

Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims

ARCHIVED STORY Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims By John Fokker · October 30, 2018 Alexandr Solad and Daniel Hatheway ofRecorded Future are coauthors of this post. Read Recorded Future’s version of this analysis. Rising from the deep, Kraken Cryptor ransomware has...

Rapidly Evolving Ransomware Gandcrab Version

ARCHIVED STORY Ransomware GandCrab Version 5 Partners With Crypter Service for Obfuscation By Alexandre Mundo · October 10, 2018 The GandCrab ransomware, which first appeared in January, has been updated rapidly during its short life, with Version 5.0.2 appearing this month. In this post we will...

Rapidly Evolving Ransomware Gandcrab Version

ARCHIVED STORY Ransomware GandCrab Version 5 Partners With Crypter Service for Obfuscation By Alexandre Mundo · October 10, 2018 The GandCrab ransomware, which first appeared in January, has been updated rapidly during its short life, with Version 5.0.2 appearing this month. In this post we will...

80 to 0 in Under 5 Seconds: Falsifying a Medical Patient's Vitals

ARCHIVED STORY 80 to 0 in Under 5 Seconds: Falsifying a Medical Patient's Vitals By Douglas McKee · August 11, 2018 The author thanks Shaun Nordeck, MD, for his assistance with this report. With the explosion of growth in technology and its influence on our lives, we have become increasingly...

80 to 0 in Under 5 Seconds: Falsifying a Medical Patient's Vitals

ARCHIVED STORY 80 to 0 in Under 5 Seconds: Falsifying a Medical Patient's Vitals By Douglas McKee · August 11, 2018 The author thanks Shaun Nordeck, MD, for his assistance with this report. With the explosion of growth in technology and its influence on our lives, we have become increasingly...

BIOS Boots What? Finding Evil in Boot Code at Scale! | Trellix

ARCHIVED STORY BIOS Boots What? Finding Evil in Boot Code at Scale! By Ryan Fisher, Andrew Davis · August 08, 2018 Malware continues to take advantage of a legacy component of modern systems designed in the 1980s. Despite the cyber threat landscape continuing to evolve at an ever-increasing pace,...

BIOS Boots What? Finding Evil in Boot Code at Scale! | Trellix

ARCHIVED STORY BIOS Boots What? Finding Evil in Boot Code at Scale! By Ryan Fisher, Andrew Davis · August 08, 2018 Malware continues to take advantage of a legacy component of modern systems designed in the 1980s. Despite the cyber threat landscape continuing to evolve at an ever-increasing pace,...

Gandcrab Ransomware Puts Pinch On Victims

ARCHIVED STORY GandCrab Ransomware Puts the Pinch on Victims By Alexandre Mundo · July 31, 2018 Update: On August 9 we added our analysis of Versions 4.2.1 and 4.3. The GandCrab ransomware first appeared in January and has been updated rapidly during its short life. It is the leading ransomware...

Gandcrab Ransomware Puts Pinch On Victims

ARCHIVED STORY GandCrab Ransomware Puts the Pinch on Victims By Alexandre Mundo · July 31, 2018 Update: On August 9 we added our analysis of Versions 4.2.1 and 4.3. The GandCrab ransomware first appeared in January and has been updated rapidly during its short life. It is the leading ransomware...

Organizations Leave Backdoors Open to Cheap Remote Desktop Protocol Attacks

ARCHIVED STORY Organizations Leave Backdoors Open to Cheap Remote Desktop Protocol Attacks By John Fokker · July 11, 2018 Thanks to my colleague Christiaan Beek for his advice and contributions. While researching underground hacker marketplaces, the McAfee Advanced Threat Research team has...

Organizations Leave Backdoors Open to Cheap Remote Desktop Protocol Attacks

ARCHIVED STORY Organizations Leave Backdoors Open to Cheap Remote Desktop Protocol Attacks By John Fokker · July 11, 2018 Thanks to my colleague Christiaan Beek for his advice and contributions. While researching underground hacker marketplaces, the McAfee Advanced Threat Research team has...

Cybercrime in the Spotlight: How Crooks Capitalize on Cultural Events

ARCHIVED STORY Cybercrime in the Spotlight: How Crooks Capitalize on Cultural Events By John Fokker · July 03, 2018 Every four years, everyone’s head around the globe turns toward the television. The Olympics, the World Cup – world events like these have all eyes viewing friendly competition...

Cybercrime in the Spotlight: How Crooks Capitalize on Cultural Events

ARCHIVED STORY Cybercrime in the Spotlight: How Crooks Capitalize on Cultural Events By John Fokker · July 03, 2018 Every four years, everyone’s head around the globe turns toward the television. The Olympics, the World Cup – world events like these have all eyes viewing friendly competition...

Apply MITRE’s ‘ATT&CK’ Model to Check Your Defenses

ARCHIVED STORY Apply MITRE’s ‘ATT&CK’ Model to Check Your Defenses By Trellix · June 18, 2018 Every week we read about adversaries attacking their targets as part of online criminal campaigns. Information gathering, strategic advantage, and theft of intellectual property are some of the...

Apply MITRE’s ‘ATT&CK’ Model to Check Your Defenses

ARCHIVED STORY Apply MITRE’s ‘ATT&CK’ Model to Check Your Defenses By Trellix · June 18, 2018 Every week we read about adversaries attacking their targets as part of online criminal campaigns. Information gathering, strategic advantage, and theft of intellectual property are some of the...

Poor Security Exposes Medical Data to Cybercriminals

ARCHIVED STORY McAfee Researchers Find Poor Security Exposes Medical Data to Cybercriminals By Christiaan Beek · March 11, 2018 The nonperishable nature of medical data makes an irresistible target for cybercriminals. The art of hacking requires significant time and effort, encouraging experience...

Poor Security Exposes Medical Data to Cybercriminals

ARCHIVED STORY McAfee Researchers Find Poor Security Exposes Medical Data to Cybercriminals By Christiaan Beek · March 11, 2018 The nonperishable nature of medical data makes an irresistible target for cybercriminals. The art of hacking requires significant time and effort, encouraging experience...

DDoS Attacks in the Netherlands Reveal Teen Gamers on Troublesome Path

ARCHIVED STORY DDoS Attacks in the Netherlands Reveal Teen Gamers on Troublesome Path By John Fokker · Febraury 22, 2018 At the end of January, the Netherlands was plagued by distributed denial of service DDoS attacks targeting various financial institutions, tech sites, and the Dutch tax...

DDoS Attacks in the Netherlands Reveal Teen Gamers on Troublesome Path

ARCHIVED STORY DDoS Attacks in the Netherlands Reveal Teen Gamers on Troublesome Path By John Fokker · Febraury 22, 2018 At the end of January, the Netherlands was plagued by distributed denial of service DDoS attacks targeting various financial institutions, tech sites, and the Dutch tax...

McAfee Labs Advanced Threat Research Aids Arrest of Suspected Cybercrime Gang Linked to Top Malware CTB Locker

ARCHIVED STORY McAfee Labs Advanced Threat Research Aids Arrest of Suspected Cybercrime Gang Linked to Top Malware CTB Locker By Trellix · December 20, 2017 In our recent research, we interviewed the actors behind ransomware campaigns. One of the interesting findings was cybercriminals seemed to...

McAfee Labs Advanced Threat Research Aids Arrest of Suspected Cybercrime Gang Linked to Top Malware CTB Locker

ARCHIVED STORY McAfee Labs Advanced Threat Research Aids Arrest of Suspected Cybercrime Gang Linked to Top Malware CTB Locker By Trellix · December 20, 2017 In our recent research, we interviewed the actors behind ransomware campaigns. One of the interesting findings was cybercriminals seemed to...

Operation Dragonfly Analysis Suggests Links to Earlier Attacks

ARCHIVED STORY Operation Dragonfly Analysis Suggests Links to Earlier Attacks By Trellix · December 17, 2017 On September 6, Symantec published details of the Dragonfly campaign, which targeted dozens of energy companies throughout 2017. This attack was effectively Dragonfly 2.0, an update to a...

Operation Dragonfly Analysis Suggests Links to Earlier Attacks

ARCHIVED STORY Operation Dragonfly Analysis Suggests Links to Earlier Attacks By Trellix · December 17, 2017 On September 6, Symantec published details of the Dragonfly campaign, which targeted dozens of energy companies throughout 2017. This attack was effectively Dragonfly 2.0, an update to a...

IoT Devices: The Gift that Keeps on Giving… to Hackers

ARCHIVED STORY IoT Devices: The Gift that Keeps on Giving… to Hackers By Tim Hux · November 16, 2017 McAfee Advanced Threat Research on Most Hackable Gifts You’ve probably noticed the recent increase in Internet connected drones, digital assistants, toys, appliances and other devices hitting the...

IoT Devices: The Gift that Keeps on Giving… to Hackers

ARCHIVED STORY IoT Devices: The Gift that Keeps on Giving… to Hackers By Tim Hux · November 16, 2017 McAfee Advanced Threat Research onMost Hackable Gifts You’ve probably noticed the recent increase in Internet connected drones, digital assistants, toys, appliances and other devices hitting the...

‘BadRabbit’ Ransomware Burrows Into Russia, Ukraine

ARCHIVED STORY ‘BadRabbit’ Ransomware Burrows Into Russia, Ukraine By Raj Samani · October 24, 2017 This post was researched and written by Tim Hux, David Marcus, Charles McFarland, Douglas McKee, and Raj Samani. McAfee is currently investigating a ransomware campaign known as BadRabbit, which...

‘BadRabbit’ Ransomware Burrows Into Russia, Ukraine

ARCHIVED STORY ‘BadRabbit’ Ransomware Burrows Into Russia, Ukraine By Raj Samani · October 24, 2017 This post was researched and written by Tim Hux, David Marcus, Charles McFarland, Douglas McKee, and Raj Samani. McAfee is currently investigating a ransomware campaign known as BadRabbit, which...