Securelist

Hey there! How much are you worth?

Nov 5, 2018, 10:00 am

I decided to investigate the black market and see what kind of information is being sold there. We all know that you can buy drugs, weapons and stolen goods there, but you can also buy online identities. How much do you think your online identity is worth? Read Full Article

DDoS reports

DDoS Attacks in Q3 2018

Oct 31, 2018, 9:00 am

Oleg Kupreev, Ekaterina Badovskaya, Alexander Gutnikov

The third quarter 2018 turned out relatively quiet in terms of DDoS attacks. “Relatively” because there were not very many high-level multi-day DDoS onslaughts on major resources. However, the capacities employed by cybercriminals keep growing year after year, while the total number of attacks shows no signs of decline. Read Full Article

Publications

Hackers attacking your memories: science fiction or future threat?

Oct 29, 2018, 10:00 am

Kaspersky Lab

To better understand the potential future threat landscape facing memory implants, researchers from Kaspersky Lab and the University of Oxford Functional Neurosurgery Group have undertaken a practical and theoretical threat review of existing neurostimulators and their supporting infrastructure. Read Full Article

Spam and phishing

Phishing for knowledge

Oct 24, 2018, 10:00 am

Nadezhda Demidova

When we talk about phishing, top of mind are fake banking sites, payment systems, as well as mail and other globally popular services. However, cybercriminals have their fingers in far more pies than that. Unobviously, perhaps, students and university faculties are also in the line of fire. Read Full Article

APT reports

DarkPulsar FAQ

Oct 19, 2018, 10:00 am

Andrey Dolgushev, Dmitry Tarakanov, Vasily Berdnikov

Frequently asked questions about DarkPulsar implant that was found in the “Lost in Translation” leak among other tools. Read Full Article

APT reports

DarkPulsar

Oct 19, 2018, 10:00 am

Andrey Dolgushev, Dmitry Tarakanov, Vasily Berdnikov

After the “Lost in Translation” leak was revealed, we noticed that this leak contained a tool in the “implants” category called DarkPulsar. We analyzed it and understood that it is not a backdoor itself, but the administrative part only. Read Full Article

APT reports

Octopus-infested seas of Central Asia

Oct 15, 2018, 10:00 am

GReAT

For the last two years we have been monitoring a Russian-language cyberespionage actor that focuses on Central Asian users. We named the actor DustSquad and have provided reports on four of their campaigns. In this blogpost we cover a malicious program for Windows called Octopus that mostly targets diplomatic entities. Read Full Article

APT reports

Threats in the Netherlands

Oct 11, 2018, 7:30 am

GReAT

For this blogpost we gathered all the sinkhole data for Dutch IPs in the last four years, which amounts to around 85,000 entries. The aim is to give an overview of which APT groups are active in the Netherlands and what they are interested in. Read Full Article

APT reports

MuddyWater expands operations

Oct 10, 2018, 10:00 am

GReAT

MuddyWater is a relatively new APT that surfaced in 2017. It has focused mainly on governmental targets in Iraq and Saudi Arabia, according to past telemetry. However, the group behind MuddyWater has been known to target other countries in the Middle East, Europe and the US. Read Full Article