Month: May 2019

Security FeedsMalware DescriptionsMalware StatisticsFinancial malwareFeaturedVulnerabilities and exploitsMobile MalwareMalware reportsPOS malwareTrojan BankerRaaSEmotet

IT threat evolution Q1 2019. Statistics

These statistics are based on detection verdicts of Kaspersky Lab products received from users who consented to provide statistical data. Quarterly figures According to Kaspersky Security Network, Kaspersky Lab solutions blocked 843,096,461 attacks launched from online resources in 203 countries across the globe. 113,640,221 unique URLs were recognized as malicious by Web Anti-Virus components. Attempted infections by malware designed to steal money via online access to bank accounts were logged on the computers of 243,604 users. Ransomware attacks were defeated on the computers of…

Security FeedsMalware DescriptionsAPTFinancial malwareInternet of ThingsFeaturedSofacyVulnerabilities and exploitsWiperWormCyber espionageTargeted AttacksMobile MalwareData leaksZero-day vulnerabilitiesMalware reportsHacking TeamNation State Sponsored EspionageSpear PhishingTrojan Banker

IT threat evolution Q1 2019

Targeted attacks and malware campaigns Go Zebrocy Zebrocy was first observed being used as a Sofacy backdoor in 2015. However, the collection of cases where this tool has been used mean that we consider it a subset of activity in its own right. On the basis of this threat actor’s past behaviour, we predicted last year that Zebrocy would continue to innovate in its malware development. The group has developed using Delphi, AutoIT, .NET, C# and PowerShell. Since May 2018, Zebrocy has added the…

Security FeedsBotnetsInternet of ThingsFeaturedDDoS reportsDDoS-attacks

DDoS attacks in Q1 2019

News overview The start of the year saw the appearance of various new tools in the arsenal of DDoS-attack masterminds. In early February, for instance, the new botnet Cayosin, assembled from elements of Qbot, Mirai, and other publicly available malware, swam into view. Cybersecurity experts were intrigued less by the mosaic structure and frequent updating of its set of exploited vulnerabilities than by the fact that it was advertised (as a DDoS service) not on the dark web, but through YouTube. What’s more, it…

Social EngineeringSecurity FeedsMalware DescriptionsFeaturedSpam and phishing reportsMalicious spamNigerian SpamSpam StatisticsSpammer techniquesTematic Spam

Spam and phishing in Q1 2019

Quarterly highlights Valentine’s Day As per tradition, phishing timed to coincide with lovey-dovey day was aimed at swindling valuable confidential information out of starry-eyed users, such as bank card details. The topics exploited by cybercriminals ranged from online flower shops to dating sites. But most often, users were invited to order gifts for loved ones and buy medications such as Viagra. Clicking/tapping the link in such messages resulted in the victim’s payment details being sent to the cybercriminals. New Apple products Late March saw…

Security FeedsMalware DescriptionsAPTVulnerabilities and exploitsMalware Technologies

ScarCruft continues to evolve, introduces Bluetooth harvester

Executive summary After publishing our initial series of blogposts back in 2016, we have continued to track the ScarCruft threat actor. ScarCruft is a Korean-speaking and allegedly state-sponsored threat actor that usually targets organizations and companies with links to the Korean peninsula. The threat actor is highly skilled and, by all appearances, quite resourceful. We recently discovered some interesting telemetry on this actor, and decided to dig deeper into ScarCruft’s recent activity. This shows that the actor is still very active and constantly trying…

Security FeedsMalware StatisticsPublicationsCyber espionageCybercrimeData leaksWebsite HacksDBIR

The 2019 DBIR is out

Once again, we are happy to support a large, voluntary, collaborative effort like the 2019 Data Breach Investigations Report. While our data contribution is completely anonymous, it is based in some of the 2018 data set that our private report customers receive from our efforts to protect all of our customers against every type of malware threat regardless of its source. In general, the report is an excellent point of reference because it is sourced from so many organizations handling various incidents. This year,…