The popularity of cloud services is growing, and threat actors are here to exploit the trend.
Kaspersky solutions blocked 989,432,403 attacks launched from online resources in 203 countries across the globe; 560,025,316 unique URLs were recognized as malicious by Web Anti-Virus components.
Mobile espionage targeting the Middle East, new FinSpy iOS and Android implants, Dtrack banking malware and other security news
This report contains the results of the Managed Detection and Response (MDR) service. The MDR service provides managed threat hunting and initial incident response.
Kaspersky solutions blocked 717,057,912 attacks launched from online resources in 203 countries across the globe, 217,843,293 unique URLs triggered Web Anti-Virus components.
This cybercriminal’s thirst for stolen data is confirmed by the statistics: in the first half of 2019, more than 940,000 users were attacked by malware designed to harvest a variety of data on the computers. The threat’s called “Stealer Trojans” or Password Stealing Ware (PSW), a type of malware designed to steal passwords, files, and other data from victim computers.
When Sodin appeared in the first half of 2019, it immediately caught our attention for distributing itself through an Oracle Weblogic vulnerability and carrying out attacks on MSP providers.
The analysis showed the Backdoor.Win32.Plurox to have a few quite unpleasant features. What’s more, the backdoor is modular, which means that its functionality can be expanded with the aid of plugins.
To find out exactly how cybercriminals capitalize on the rise in illegal downloads of TV content, we have researched the landscape of malware threats disguised as new episodes of popular TV shows distributed through torrent websites.
Due to the wide media coverage botnets activities have become largely associated with DDoS attacks. Yet this is merely the tip of the iceberg, and botnets are used widely not only to carry out DDoS attacks, but to steal various user information.
There’s nothing new in Brazilian cybercriminals trying out new ways to stay under the radar. It’s just that this time around the bad guys have started using a method that was reported in the wild years ago – the UTF-8 BOM (Byte Order Mark) additional bytes.
In early March 2019, a number of malicious files detected by our products caught the eye. Although similar to AZORult stealer already known to us, unlike the original malware, they were written not in Delphi, but in C++.
Predator is a data stealer developed by Russian-speaking individuals. It’s being sold cheaply on Russian forums and has been detected many times in the wild.
In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.
While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.
As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that the Lazarus group is going after intelligence that could help these efforts by attacking entities related to COVID-19 research.
We matched private and public DNS data for the SUNBURST-malware root C2 domain with the CNAME records, to identify who was targeted for further exploitation. In total, we analyzed 1722 DNS records, leading to 1026 unique target name parts and 964 unique UIDs.