Cyberthreats News, Articles and Updates

SC Media Exclusive: Fortinet uncovers malicious Word doc that infects both Windows and macOS machines

Researchers have discovered a malicious Word file that is designed to infect both Windows and macOS operating systems with malware payloads using macros, SC Media has learned after an exclusive first look at a report from Fortinet.

Israel-UK cyber-security lessons - shared concerns, shared responses

Israel is under constant threat and conscription gives its army access to its brightest students - what can the UK learn from its approach to and understanding of cyber-terrorism?

Nearly two-thirds of polled organizations hit by ransomware, CyberEdge report

Sixty-one percent of organizations polled in a survey from CyberEdge Group responded that they'd been hit by a ransomware demand, a third of those paid the ransom demand.

Version of Facebook Lite app weighed down by Spy FakePlay mobile malware

A version of the social media mobile app Facebook Lite, most likely available via third-party sites in China, was found infected with malware that can steal personal information, Malwarebytes reported on Monday.

Proton RAT malware not a positive development for Mac users

Questions continue to swirl surround a mysterious Mac-based remote-access trojan (RAT) malware program called Proton, which Apple addressed in a recent update to its anti-malware program XProtect.

New Dridex borrows from AtomBombing code injection technique, UK banks already targeted

Developers behind Dridex have launched a major new version of the banking trojan, one that employs a unique method for injecting malicious code based on a technique called AtomBombing. And UK banks already feel the heat.

Kaspersky: Banking malware attacks up 30.6% in 2016; finance sector phishing also more prevalent

The number of cyberattacks targeting financial institutions and their customers soared to new heights in 2016, according to Kaspersky Lab, which observed nearly 1.09 million banking trojan attacks on users in 2016.

ElTest adds CryptoShield 1.0, a Cryptomix variant, to its arsenal

A newly discovered derivative of CryptoMix ransomware, dubbed CryptoShield 1.0, is reportedly one of the latest malicious tools to be adopted by the ElTest malware campaign. And while it's name may convey images of protection, it is very much used an an offensive weapon.

Researchers tentatively link Greenbug cyberspy group to Saudi Shamoon attackers

Researchers may have found a tenuous link between a cyberespionage organization's credentials-stealing trojan and the Shamoon hacking group that's been targeting Saudi energy companies with Disttrack disk-wiping malware.

Intel officials: China still hacking U.S., albeit at reduced rate

According to testimony from top intelligence officials, more than 30 nations are developing offensive cyberattack capabilities as of late 2016, including China, which continues to conduct cyberespionage operations against U.S. assets.

Clapper testimony: U.S. intel more confident than ever Russia interfered with elections

In a hearing on Capitol Hill Thursday, U.S. intelligence leaders doubled down on their collective assertion that Russia intentionally interfered with the 2016 presidential election, even as President-elect Donald Trump continues to publicly cast doubt on these findings.

New variant of KillDisk wiper threatens industrial control networks with ransomware

The KillDisk disk-wiper program that was used in conjunction with BlackEnergy malware to attack Ukrainian energy utilities now includes a ransomware component, according to researchers at CyberX.

'Switch' leads to glitch: Android malware hijacks routers' DNS settings

A newly discovered Android trojan can sabotage entire Wi-Fi networks and the users who connect to them by accessing the router that an infected device is communicating with and executing a Domain Name System hijack attack.

Hackers reportedly use Punycode to bypass Office 365 phishing filters; Microsoft denies story

According to a research report, hackers are using Punycode, a technique for encoding domain names with Unicode characters, to bypass anti-phishing protections in Office 365 productivity software.

Telebots cybergang toolset reminiscent of BlackEnergy

ESET researchers spotted a unique malicious toolset that was used in targeted cyberattacks to sabotage high-value entities in the Ukrainian

Hackers hide base64-encoded PowerShell scripts on Pastebin

Hackers are encoding malicious PowerShell scripts in base64 and hiding them on plain-text upload sites such as Pastebin, according to a new research report and accompanying blog post by threat intelligence firm Recorded Future.

Researchers suspect outsourced developer tainted Android phones' firmware with trojans

Several dozen models of Android phones running on a mobile platform from MediaTek have been found to contain trojans that were secretly implanted in their firmware.

SamSa ransomware extortionists earned $450K in yearly ill-gotten profits

Over the last 12 months, the cybercriminals behind the SamSa ransomware campaign targeting healthcare organizations have raked in at least $450,000 in ransom payments.

I wanna be your Sledgehammer: DDoS program recruits attackers by making it a game

Like a malevolent customer loyalty program, a Turkish cybercriminal operation is recruiting volunteers to participate in distributed denial of service campaigns by offering them rewards in exchange for their network bandwidth.

Shamoon malware remains destructive force since 2012 Saudi oil attacks

The Shamoon data-wiping malware that attacked government systems in Saudi Arabia last month is not dramatically different from an older version that destroyed 35,000 computers at Saudi oil company Aramco in 2012. Yet the still packs a massive punch.

After takedown, are Avalanche and its malware families buried?

Global authorities' takedown of Avalanche, a cybercriminal network whose malware campaigns are estimated to have cost victims in over 180 countries hundreds of millions of dollars, was an achievement four years in the making - and yet the saga is far from over.

U.S. Dept. of IoT? Experts debate need for Internet of Things regulation

Confronting the dangers posed by the Internet of Things, members of the House of Representatives' Energy and Commerce Committee held a hearing on Wednesday that examined the feasibility of regulating IoT devices.

PacketSled CEO Harrigan resigns over threats to Trump

Updated! Matt Harrigan, CEO of PacketSled, resigned his position today after being suspended for having posted threatening messaged against President-Elect Trump on social media.

Floki Bot: The Rest of the Story

Last week we took the 100,000 foot level view of the relatively new floki bot. This bot - allegedly modeled after Zeus 2.0.8.9 is selling in the underground marketplaces for around $1,000.

Big Malware Moments of 2016 Part 1

Financial malware is a threat that seems to make headlines almost every month. Studies indicate that cybercrime is the only economic crime to have seen an increase this year, rising sharply, and landing the second rank on the list of the most reported economic crimes globally.

Watch your endpoints, says SANS whitepaper

Cybercriminals are only getting more insidious in their methods of attack and the impact on organizations is increasingly harmful. But, holding off incursions can be achieved with user education and tested strategies.

Zero-day DDoS attack vector leverages LDAP to amplify malicious traffic

Corero Network Security today disclosed a zero-day distributed denial of service attack (DDoS) technique, observed in the wild, that is capable of amplifying malicious traffic by a factor of as much as 55x.

Are Mirai DDoS attacks a wake-up call for IoT industry?

Friday's DDoS attacks that created major website outages across the Internet may prove to be a watershed moment for the Internet of Things industry, after years of warnings - mostly ignored - about the glaring vulnerabilities in IoT devices.