Tag: Securelist

In this report, we share our latest crimeware findings: the ASMCrypt cryptor/loader related to DoubleFinger, a new Lumma stealer and a new version of Zanubis Android banking trojan. This article has been indexed from Securelist Read the original article: A…

Read more →

Scammers are camouflaging phishing links with QR codes and distributing them through email. This article has been indexed from Securelist Read the original article: QR codes in email phishing

Read more →

IoT threats: how devices get hacked, what malware is uploaded, and what services are on offer on the dark web in 2023. This article has been indexed from Securelist Read the original article: Overview of IoT threats in 2023

Read more →

In the first half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased from H2 2022 by just 0.3 pp to 34%. This article has been indexed from Securelist Read the original article: Threat landscape…

Read more →

Kaspersky researchers analyzed a Linux backdoor disguised as Free Download Manager software that remained under the radar for at least three years. This article has been indexed from Securelist Read the original article: Free Download Manager backdoored – a possible…

Read more →

The article analyzes the malicious tactics, techniques and procedures (TTP) used by the operator of the Cuba ransomware, and details a Cuba attack incident. This article has been indexed from Securelist Read the original article: From Caribbean shores to your…

Read more →

Spyware Telegram mod in Uighur and Chinese spreads through Google Play stealing messages and other user data. This article has been indexed from Securelist Read the original article: Evil Telegram doppelganger attacks Chinese users

Read more →

Q2 2023 overview: targeted attacks such as Operation Triangulation, CloudWizard and Lazarus activity, Nokoyawa ransomware, and others. This article has been indexed from Securelist Read the original article: IT threat evolution in Q2 2023

Read more →

The smartphone malware statistics for Q2 2023 includes data for Android malware, adware, banking Trojans and ransomware. This article has been indexed from Securelist Read the original article: IT threat evolution in Q2 2023. Mobile statistics

Read more →

PC malware statistics for Q2 2022 includes data on miners, ransomware, banking Trojans, and other threats to Windows, macOS and IoT devices. This article has been indexed from Securelist Read the original article: IT threat evolution in Q2 2023. Non-mobile…

Read more →

In September of 2022, multiple security news professionals wrote about and confirmed the leakage of a builder for Lockbit 3 ransomware. In this post we provide the analysis of the builder and recently discovered builds. This article has been indexed…

Read more →

Scammers are hacking websites powered by WordPress and placing phishing pages inside hidden directories. We share some statistics and tips on recognizing a hacked site. This article has been indexed from Securelist Read the original article: Phishing with hacked sites

Read more →

An unknown actor targeted an electric utility in southern Africa with Cobalt Strike beacons and DroxiDat, a new variant of the SystemBC payload. We speculate that this incident was in the initial stages of a ransomware attack. This article has…

Read more →

In 2022 we investigated a series of attacks against industrial organizations in Eastern Europe. In the campaigns, the attackers aimed to establish a permanent channel for data exfiltration, including data stored on air-gapped systems. This article has been indexed from…

Read more →

In this report, we share our recent crimeware findings: the new DarkGate loader, new LokiBot campaign and new Emotet version delivered via OneNote. This article has been indexed from Securelist Read the original article: What’s happening in the world of…

Read more →

I identified several signs of attacks that use forged certificates inside the network and developed a Proof-of-Concept utility capable of finding artifacts in AD, as well as a number of detection logic rules that can be added to SIEM. This…

Read more →

This is our latest summary of the significant events and findings, focusing on activities that we observed during Q2 2023. This article has been indexed from Securelist Read the original article: APT trends report Q2 2023

Read more →

We will highlight the key points and then focus on the initial use of the CVE-2023-23397 vulnerability by attackers before it became public. This article has been indexed from Securelist Read the original article: Comprehensive analysis of initial attack samples…

Read more →

Here is how email phishing scams targeting hot and cold crypto wallets, such as Trezor and Ledger, work. This article has been indexed from Securelist Read the original article: Email crypto phishing scams: stealing from hot and cold crypto wallets

Read more →

In this crimeware report, Kaspersky researchers provide insights into Andariel’s activity targeting organizations: clumsy commands executed manually, off-the-shelf tools and EasyRat malware. This article has been indexed from Securelist Read the original article: Andariel’s silly mistakes and a new malware…

Read more →

This report contains statistics on cybersecurity threats to small and medium-sized businesses in 2023, and examples of cyberattacks on SMBs. This article has been indexed from Securelist Read the original article: How cybercrime is impacting SMBs in 2023

Read more →

In this crimeware report, Kaspersky researchers provide insights into the Conti-based LockBit Green variant, ransomware samples for macOS, FreeBSD, etc. and phishing campaigns targeting organizations. This article has been indexed from Securelist Read the original article: LockBit Green and phishing…

Read more →

In researching Operation Triangulation, we set ourselves the goal to retrieve as many parts of the exploitation chain as possible. As of now, we have finished analyzing the spyware implant and are ready to share the details. This article has…

Read more →

We analyzed smart pet feeders by Dogness, and discovered serious vulnerabilities such as hard-coded credentials and insecure update process. This article has been indexed from Securelist Read the original article: A bowl full of security problems: Examining the vulnerabilities of…

Read more →

What Malware-as-a-Service includes, on what terms cybercriminals offer it, and what malware they most often distribute under this model This article has been indexed from Securelist Read the original article: Understanding Malware-as-a-Service

Read more →

Kaspersky researchers share insight into multistage DoubleFinger loader attack delivering GreetingGhoul cryptocurrency stealer and Remcos RAT. This article has been indexed from Securelist Read the original article: Sneaky DoubleFinger loads GreetingGhoul targeting your cryptocurrency

Read more →

The smartphone threat statistics for Q1 2023 includes data for Android malware, adware, banking Trojans and ransomware. This article has been indexed from Securelist Read the original article: IT threat evolution Q1 2023. Mobile statistics

Read more →

Recent BlueNoroff and Roaming Mantis activities, new APT related to the Russo-Ukrainian conflict, ChatGPT and threat intelligence, malvertising through search engines, cryptocurrency theft campaign and fake Tor browser This article has been indexed from Securelist Read the original article: IT…

Read more →

PC malware statistics for the Q1 2023 includes data on miners, ransomware, banking Trojans, and other threats to Windows, macOS and IoT devices. This article has been indexed from Securelist Read the original article: IT threat evolution in Q1 2023.…

Read more →

A recent campaign by Satacom downloader is delivering a cryptocurrency-stealing extension for Chromium-based browsers, such as Chrome, Brave and Opera. This article has been indexed from Securelist Read the original article: Satacom delivers browser extension that steals cryptocurrency

Read more →

We developed a dedicated utility to scan the iOS backups and run all the checks for Operation Triangulation indicators. This article has been indexed from Securelist Read the original article: In search of the Triangulation: triangle_check utility

Read more →

While monitoring the traffic of our own corporate Wi-Fi network, we noticed suspicious activity that originated from several iOS-based phones. We created offline backups of the devices, inspected them and discovered traces of compromise. This article has been indexed from…

Read more →

GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. The main feature of this group is a specific toolset of .NET malware, JackalControl, JackalWorm, JackalSteal, JackalPerInfo and…

Read more →

Kaspersky analysis of the CloudWizard APT framework used in a campaign in the region of the Russo-Ukrainian conflict. This article has been indexed from Securelist Read the original article: CloudWizard APT: the bad magic story goes on

Read more →

Kaspersky analysis of a complicated multi-stage attack dubbed Minas that features a number of detection evasion and persistence techniques and results in a cryptocurrency miner infection. This article has been indexed from Securelist Read the original article: Minas – on…

Read more →

Kaspersky Incident Response report for 2022: incident response statistics, key trends and conclusions, expert recommendations. This article has been indexed from Securelist Read the original article: The nature of cyberincidents in 2022

Read more →

On the eve of the global Anti-Ransomware Day, Kaspersky researchers share an overview of the key trends observed among ransomware groups. This article has been indexed from Securelist Read the original article: New ransomware trends in 2023

Read more →

The new Trojan family, Fleckpe, spreads via Google Play inside photo editors and wallpapers, subscribing the unaware user to paid services. This article has been indexed from Securelist Read the original article: Not quite an Easter egg: a new family…

Read more →

Managed Detection and Response in 2022: number and severity of incidents, detection rate, breakdown by country and industry, data on cyberattacks in different regions. This article has been indexed from Securelist Read the original article: Managed Detection and Response in…

Read more →

Kaspersky research on ChatGPT capabilities to tell a phishing link from a legitimate one by analyzing the URL, as well as extract target organization name. This article has been indexed from Securelist Read the original article: What does ChatGPT know…

Read more →

For more than five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot…

Read more →

We continued to track Tomiris as a separate threat actor over three new attack campaigns between 2021 and 2023, and our telemetry allowed us to shed light on the group. In this blog post, we’re excited to share what we…

Read more →

In early April, we detected a significant increase in attacks that use banking Trojans of the QBot family (aka QakBot, QuackBot, and Pinkslipbot). The malware would be delivered through e-mails that were based on real business letters the attackers had…

Read more →

Kaspersky researchers discuss infection methods used by Mirai-based RapperBot, Rhadamantys stealer, and CUEMiner: smart brute forcing, malvertising, and distribution through BitTorrent and OneDrive. This article has been indexed from Securelist Read the original article: Uncommon infection methods—part 2

Read more →

The Lazarus group is a high-profile Korean-speaking threat actor with multiple sub-campaigns. In this blog, we’ll focus on an active cluster that we dubbed DeathNote. This article has been indexed from Securelist Read the original article: Following the Lazarus group…

Read more →

In February 2023, we found a zero-day exploit, supporting different versions and builds of Windows, including Windows 11. This particular zero-day was used by a sophisticated cybercrime group that carries out ransomware attacks. This article has been indexed from Securelist…

Read more →

Kaspersky research into dark web offers related to Android malware and its distribution via Google Play: hacked app developer accounts, malicious loaders, etc. This article has been indexed from Securelist Read the original article: Overview of Google Play threats sold…

Read more →

Phishing bots and services on Telegram: how malicious actors use the messaging app to automate the process of generating phishing pages, and sell phishing kits and data. This article has been indexed from Securelist Read the original article: The Telegram…

Read more →

A DLL named guard64.dll, which was loaded into the infected 3CXDesktopApp.exe process, was used in recent deployments of a backdoor that we dubbed “Gopuram” and had been tracking internally since 2020. This article has been indexed from Securelist Read the…

Read more →

This paper aims to provide guidance for organizations looking to select an MSSP and help to identify the benefits and drawbacks of using an MSSP. This article has been indexed from Securelist Read the original article: Selecting the right MSSP:…

Read more →

This report shines a spotlight on the financial cyberthreat landscape in 2022. We look at phishing threats commonly encountered by users and companies, as well as the dynamics of various Windows and Android-based financial malware. This article has been indexed…

Read more →

Clipboard injector malware targeting cryptocurrencies such as Bitcoin, Ethereum, Litecoin, Dogecoin and Monero, is distributed under the guise of Tor Browser. This article has been indexed from Securelist Read the original article: Copy-paste heist or clipboard-injector attacks on cryptousers

Read more →

Attackers put phishing HTML files in IPFS thus cutting back on web hosting costs. IPFS is used in both mass phishing and targeted (spearphishing) campaigns. This article has been indexed from Securelist Read the original article: How scammers employ IPFS…

Read more →

How do we ensure the services being provided by SOCs are meeting expectations? How do we know continuous improvement is being incorporated in daily operations? The answer lies in the measurement of SOC internal processes and services. This article has…

Read more →

Incident response playbooks help optimize the SOC processes, and are a major step forward to SOC maturity, but can be challenging for a company to develop. In this article, I want to share some insights on how to create the…

Read more →

In October 2022, we identified an active infection of government, agriculture and transportation organizations located in the Donetsk, Lugansk, and Crimea regions. This article has been indexed from Securelist Read the original article: Bad magic: new APT found in the…

Read more →

How deals and arrangements are made on the dark web, what parties are involved, what escrow services and arbitration are and how these affect the security of deals. This article has been indexed from Securelist Read the original article: Business…

Read more →

Kaspersky observes a growth in malvertising activity that exploits Google search ads to promote fake software websites that deliver stealers, such as RedLine and Rhadamantys. This article has been indexed from Securelist Read the original article: Malvertising through search engines

Read more →

In 2022, Kaspersky data shows that 29,312 unique individuals around the world were affected by stalkerware. We detected 182 different stalkerware apps, the most popular one was Reptilicus. This article has been indexed from Securelist Read the original article: The…

Read more →

In H2 2022, the percentage of ICS computers on which malicious objects were blocked increased by 3.5 percentage points compared to the previous six-month period, reaching 34.3%. This article has been indexed from Securelist Read the original article: Threat landscape…

Read more →

Android threat report by Kaspersky for 2022: malware on Google Play and inside the Vidmate in-app store, mobile malware statistics. This article has been indexed from Securelist Read the original article: The mobile malware threat landscape in 2022

Read more →

We decided to check what ChatGPT already knows about threat research and whether it can help with identifying simple adversary tools and classic indicators of compromise, such as well-known malicious hashes and domains. This article has been indexed from Securelist…

Read more →

Statistics on spam and phishing with the key trends in 2022: two-stage spear phishing, hijacking of social network and instant messaging accounts, import substitution, and survey phishing. This article has been indexed from Securelist Read the original article: Spam and…

Read more →

We decided to check what ChatGPT already knows about threat research and whether it can help with identifying simple adversary tools and classic indicators of compromise, such as well-known malicious hashes and domains. This article has been indexed from Securelist…

Read more →

What is the analyst on a penetration testing team, what role they perform at Kaspersky, and why is their job vital to the success of the project? This article has been indexed from Securelist Read the original article: Good, Perfect,…

Read more →

Explaining web beacons (web bugs, spy or tracking pixels), what companies use these on websites and in e-mail, how and why. This article has been indexed from Securelist Read the original article: Web beacons on websites and in e-mail

Read more →

Explaining web beacons (web bugs, spy or tracking pixels), what companies use these on websites and in e-mail, how and why. This article has been indexed from Securelist Read the original article: Web beacons on websites and in e-mail

Read more →

Kaspersky discovers three new variants of the Prilex PoS malware capable of blocking contactless NFC transactions on an infected device. This article has been indexed from Securelist Read the original article: Prilex modification now targeting contactless credit card transactions

Read more →

Kaspersky discovers three new variants of the Prilex PoS malware capable of blocking contactless NFC transactions on an infected device. This article has been indexed from Securelist Read the original article: Prilex modification now targeting contactless credit card transactions

Read more →

We have analyzed more than 800 IT job ads and resumes on the dark web. Here is what the dark web job market looks like. This article has been indexed from Securelist Read the original article: Come to the dark…

Read more →

Supply chain and reoccurring attacks, data destruction, lack of staff — what challenges will your security operations center be facing in 2023? This article has been indexed from Securelist Read the original article: What your SOC will be facing in…

Read more →

Roaming Mantis (a.k.a Shaoye) is a long-term cyberattack campaign that uses malicious Android package (APK) files to control infected Android devices and steal data. In 2022, we observed a DNS changer function implemented in its Android malware Wroba.o. This article…

Read more →

Kaspersky’s predictions about the threats to corporations in 2023: media blackmail, fake leaks, cloud attacks, and more advanced ransomware. This article has been indexed from Securelist Read the original article: What threatens corporations in 2023: media blackmail, fake leaks and…

Read more →

A common perception in the infosec community is that there can never be too much security, but it is understood that “too much” security is expensive — and sometimes, prohibitively so — from a business perspective. So, where is that fine line…

Read more →

We continue to track the BlueNoroff group’s activities and this October we observed the adoption of new malware strains in its arsenal. This article has been indexed from Securelist Read the original article: BlueNoroff introduces new methods bypassing MoTW

Read more →

In this report, we compare the ROADSWEEP ransomware and ZEROCLEARE wiper versions used in two waves of attacks against Albanian government organizations. This article has been indexed from Securelist Read the original article: Ransomware and wiper signed with stolen certificates

Read more →

At the end of September, GTSC reported the finding of two 0-day vulnerabilities in Microsoft Exchange Server, CVE-2022-41040 and CVE-2022-41082. The cybersecurity community dubbed the pair of vulnerabilities ProxyNotShell. This article has been indexed from Securelist Read the original article:…

Read more →

In this report, we propose to go over the various activities that were observed in cyberspace in relation to the conflict in Ukraine, understand their meaning in the context of the current conflict, and study their impact on the cybersecurity…

Read more →