Vulnerabilities and exploits

Earlier today we became aware of a malicious website delivering Petya through the Hunter exploit kit. While there is nothing special about yet another exploit kit page, this one caught our attention because it mimics the index page of our sinkhole systems.

The report comprises two papers in which we analyze all existing methods of authentication used in ATMs and those expected to be used in the near future, including: contactless authentication through NFC, one-time password authentication and biometric authentication systems, as well as potential vectors of attacks using malware, through to network attacks and attacks on hardware components.

The telecoms sector is under fire on all sides – hit by direct attacks on organizations and networks, indirect attacks in search of subscribers, and collateral damage from unrelated, targeted campaigns. This report reveals the many layers of vulnerability.

August 13, 2016 saw the beginning of a truly bizarre episode. A new identity going under the name ‘ShadowBrokers’ came onto the scene claiming to possess files belonging to the apex predator of the APT world, the Equation Group.

In the second quarter of 2016, Kaspersky Lab’s web antivirus detected 16,119,489 unique malicious objects: scripts, exploits, executable files, etc. 54,539,948 unique URLs were recognized as malicious by web antivirus components.

Bankers and encryptors, ransomware and spyware, old and new exploits; APT attacks, ATM infection, spear phishing and fraud targeting large numbers of users – cybercriminals continue their hunt for money and information

This review consists of three parts devoted to the most prominent new Windows 10 features that affect security. We use examples to demonstrate how Windows 10 protection technologies work and how they can be complemented by third-party solutions to improve system security.

Expansion of the Internet makes ICS easier prey to attackers. Taking into account that initially many ICS solutions and protocols were designed for isolated environments, such availability often provides a malicious user with multiple capabilities to cause impact to the infrastructure behind the ICS due to lack of security controls.

A threat actor, likely operating from India, was undertaking aggressive cyber-espionage activity in the Asian region, targeting multiple diplomatic and government entities with a particular focus on China and its international affairs.

Last week we reported on the xDedic underground marketplace. The day after, an anonymous source posted the links pointed to a series of pastes on the Pastebin, which in turn contained long lists of IP addresses. The author of the comment mentioned that the list of pastes is related to hacked servers from the xDedic marketplace.

Kaspersky Lab discovers CVE-2016-4171 used in limited targeted attacks to compromise high profile victims.

Over the last two years, deep in the slums of the Internet, a different kind of underground market has flourished. The short, cryptic name perhaps doesn’t say much about it: xDedic. However, on this obscure marketplace anyone can purchase more than 70,000 hacked servers from all around the Internet.

We caught another zero-day Adobe Flash Player exploit deployed in targeted attacks. We believe these attacks are launched by an APT Group we call “ScarCruft”.

How safe is it to charge your phone using USB ports? Our experiment shows that it is far from being safe – it comes with risks of losing data or even gaining access to the device by cybercriminal.

Cyberespionage attacks conducted by different groups across the Asia-Pacific (APAC) and Far East regions share one common feature: in order to infect their victims with malware, the attackers use an exploit for the CVE-2015-2545 vulnerability.