Author: D4RkN

Security FeedsInternet of Things

Looking for sophisticated malware in IoT devices

One of the motivations for this post is to encourage other researchers who are interested in this topic to join in, to share ideas and knowledge and to help build more capabilities in order to better protect our smart devices. Research background Smart watches, smart home devices and even smart cars – as more and more connected devices join the IoT ecosystem, the importance of ensuring their security becomes patently obvious. It’s widely known that the smart devices which are now inseparable parts of…

Security FeedsMalware DescriptionsAPTAPT reportsFeaturedTargeted AttacksGoogle AndroidMalware TechnologiesRAT TrojanMicrosoft Office

Transparent Tribe: Evolution analysis,part 2

Background + Key findings Transparent Tribe, also known as PROJECTM or MYTHIC LEOPARD, is a highly prolific group whose activities can be traced as far back as 2013. In the last four years, this APT group has never taken time off. They continue to hit their targets, which typically are Indian military and government personnel. This is the second of two articles written to share the results of our recent investigations into Transparent Tribe. In the previous article, we described the various Crimson RAT…

Security FeedsMalware DescriptionsAPT reportsFeaturedTargeted AttacksCybercrimeMalware TechnologiesSpear Phishing

Lifting the veil on DeathStalker, a mercenary triumvirate

State-sponsored threat actors and sophisticated attacks are often in the spotlight. Indeed, their innovative techniques, advanced malware platforms and 0-day exploit chains capture our collective imagination. Yet these groups still aren’t likely to be a part of the risk model at most companies, nor should they be. Businesses today are faced with an array of much more immediate threats, from ransomware and customer information leaks, to competitors engaging in unethical business practices. In this blog post, we’ll be focusing on DeathStalker: a unique threat…

Security FeedsMalware DescriptionsAPTMalware StatisticsAPT reportsFeaturedWormTargeted AttacksMalware TechnologiesRAT TrojanKeyloggersTransparent Tribe

Transparent Tribe: Evolution analysis, part 1

Background and key findings Transparent Tribe, also known as PROJECTM and MYTHIC LEOPARD, is a highly prolific group whose activities can be traced as far back as 2013. Proofpoint published a very good article about them in 2016, and since that day, we have kept an eye on the group. We have periodically reported their activities through our APT threat intelligence reports, and subscribers of that service already know that in the last four years, this APT group has never taken time off. They…

Security FeedsFeaturedSpear PhishingSpam and phishing reportsSpam StatisticsSpammer techniquesSpam LettersPhishing websitesThematic phishing

Spam and phishing in Q2 2020

Quarterly highlights Targeted attacks The second quarter often saw phishers resort to targeted attacks, especially against fairly small companies. To attract attention, scammers imitated email messages and websites of companies whose products or services their potential victims could be using. The scammers did not try to make any of the website elements appear credible as they created the fake. The login form is the only exception. One of the phishing websites we discovered even used a real captcha on that form. The main pretext…

Security FeedsIndustrial threatsPublicationsFeaturedVulnerabilities and exploitsData leaksMalicious spamMedical threatsMoney theft

Incident Response Analyst Report 2019

 Download full report (PDF) As an incident response service provider, Kaspersky delivers a global service that results in global visibility of adversaries’ cyber-incident tactics and techniques used in the wild. In this report, we share our teams’ conclusions and analysis based on incident responses and statistics from 2019. As well as a range of highlights, this report will cover the affected industries, the most widespread attack tactics and techniques, how long it took to detect and stop adversaries after initial entry and the most…

Security FeedsMalware DescriptionsFeaturedTargeted AttacksMalware Technologies

WastedLocker: technical analysis

The use of crypto-ransomware in targeted attacks has become an ordinary occurrence lately: new incidents are being reported every month, sometimes even more often. On July 23, Garmin, a major manufacturer of navigation equipment and smart devices, including smart watches and bracelets, experienced a massive service outage. As confirmed by an official statement later, the cause of the downtime was a cybersecurity incident involving data encryption. The situation was so dire that at the time of writing of this post (7/29) the operation of…

Security FeedsBotnetsMalware DescriptionsAPT reportsFeaturedTargeted AttacksCybercrimeMalware TechnologiesLazarus

Lazarus on the hunt for big game

We may only be six months in, but there’s little doubt that 2020 will go down in history as a rather unpleasant year. In the field of cybersecurity, the collective hurt mostly crystallized around the increasing prevalence of targeted ransomware attacks. By investigating a number of these incidents and through discussions with some of our trusted industry partners, we feel that we now have a good grasp on how the ransomware ecosystem is structured. Structure of the ransomware ecosystem Criminals piggyback on widespread botnet…

Security FeedsFeaturedWebsite Hacks

Redirect auction

We’ve already looked at links under old YouTube videos or in Wikipedia articles which at some point turned bad and began pointing to partner program pages, phishing sites, or even malware. It was as if the attackers were purposely buying up domains, but such a scenario always seemed to us too complicated. Recently, while examining the behavior of one not-so-new program, we discovered how links get converted into malicious ones. Razor Enhanced, a legitimate assistant tool for Ultima Online, caught our eye when it…