In the second half of 2016, ESET researchers identified a unique malicious toolset that was used in targeted cyberattacks against high-value targets in the Ukrainian financial sector. The authors at We Live Security believe that the main goal of attackers using these tools is cybersabotage. This blog post outlines the details about the campaign that we discovered.
Read the article on We Live Security
New research from Recorded Future has identified that threat actors are making use of plain text upload sites like Pastebin to serve up malware encoded in base64.
Read the full article on Recorded Future
The security landscape has evolved to a point where most IT threats occur with the intention of generating financial gain for their creators and financiers. Based on this premise, various attack or threat types have proliferated and evolved to affect a greater number of users and organizations. The cybercrime “business model” is based on creating a value chain that offers new methods, for example cybercrime as a service, that is, the practice of facilitating illegal activities via services. In other words, anyone could acquire everything they need to organize frauds or cyberattacks, whatever their skills or technical knowledge.
Read more on We Live Security
ESET researchers have discovered a new exploit kit spreading via malicious ads on a number of reputable news websites, each with millions of visitors daily. Since at least the beginning of October 2016, the bad guys have been targeting users of Internet Explorer and scanning their computers for vulnerabilities in Flash Player. Exploiting these flaws in the code, they have been attempting to download and execute various types of malware.
Read the full article on We Live Security
IBM X-Force researchers following the development of the TrickBot Trojan noted that the malware is rapidly adding new targets and attack capabilities and has now officially advanced into Germany. The most recent additions to TrickBot’s configurations target 10 savings banks in the European country.
Read the full article on Security Intelligence
Saudi Arabia’s government agencies were hit with a cyberattack that security researchers are blaming on a worm-like malware that can wipe computer systems, destroying data.
Several government bodies and vital installations suffered the attack, disrupting their servers, the country’s Saudi Press Agency said on Thursday. The transportation sector was among the agencies hit by an actor from outside the country, the press agency said.
Read more on CSO Online
For the past 18 months, The Shadowserver Foundation has been quietly working to support international Law Enforcement agencies in the coordinated take down of the criminal operated Avalanche malware delivery platform.
Read the full article on Shadowserver