Cyberthreats News, Articles and Updates

Kaspersky: Banking malware attacks up 30.6% in 2016; finance sector phishing also more prevalent

The number of cyberattacks targeting financial institutions and their customers soared to new heights in 2016, according to Kaspersky Lab, which observed nearly 1.09 million banking trojan attacks on users in 2016.

ElTest adds CryptoShield 1.0, a Cryptomix variant, to its arsenal

A newly discovered derivative of CryptoMix ransomware, dubbed CryptoShield 1.0, is reportedly one of the latest malicious tools to be adopted by the ElTest malware campaign. And while it's name may convey images of protection, it is very much used an an offensive weapon.

Researchers tentatively link Greenbug cyberspy group to Saudi Shamoon attackers

Researchers may have found a tenuous link between a cyberespionage organization's credentials-stealing trojan and the Shamoon hacking group that's been targeting Saudi energy companies with Disttrack disk-wiping malware.

Intel officials: China still hacking U.S., albeit at reduced rate

According to testimony from top intelligence officials, more than 30 nations are developing offensive cyberattack capabilities as of late 2016, including China, which continues to conduct cyberespionage operations against U.S. assets.

Clapper testimony: U.S. intel more confident than ever Russia interfered with elections

In a hearing on Capitol Hill Thursday, U.S. intelligence leaders doubled down on their collective assertion that Russia intentionally interfered with the 2016 presidential election, even as President-elect Donald Trump continues to publicly cast doubt on these findings.

New variant of KillDisk wiper threatens industrial control networks with ransomware

The KillDisk disk-wiper program that was used in conjunction with BlackEnergy malware to attack Ukrainian energy utilities now includes a ransomware component, according to researchers at CyberX.

'Switch' leads to glitch: Android malware hijacks routers' DNS settings

A newly discovered Android trojan can sabotage entire Wi-Fi networks and the users who connect to them by accessing the router that an infected device is communicating with and executing a Domain Name System hijack attack.

Hackers reportedly use Punycode to bypass Office 365 phishing filters; Microsoft denies story

According to a research report, hackers are using Punycode, a technique for encoding domain names with Unicode characters, to bypass anti-phishing protections in Office 365 productivity software.

Telebots cybergang toolset reminiscent of BlackEnergy

ESET researchers spotted a unique malicious toolset that was used in targeted cyberattacks to sabotage high-value entities in the Ukrainian

Hackers hide base64-encoded PowerShell scripts on Pastebin

Hackers are encoding malicious PowerShell scripts in base64 and hiding them on plain-text upload sites such as Pastebin, according to a new research report and accompanying blog post by threat intelligence firm Recorded Future.

Researchers suspect outsourced developer tainted Android phones' firmware with trojans

Several dozen models of Android phones running on a mobile platform from MediaTek have been found to contain trojans that were secretly implanted in their firmware.

SamSa ransomware extortionists earned $450K in yearly ill-gotten profits

Over the last 12 months, the cybercriminals behind the SamSa ransomware campaign targeting healthcare organizations have raked in at least $450,000 in ransom payments.

I wanna be your Sledgehammer: DDoS program recruits attackers by making it a game

Like a malevolent customer loyalty program, a Turkish cybercriminal operation is recruiting volunteers to participate in distributed denial of service campaigns by offering them rewards in exchange for their network bandwidth.

Shamoon malware remains destructive force since 2012 Saudi oil attacks

The Shamoon data-wiping malware that attacked government systems in Saudi Arabia last month is not dramatically different from an older version that destroyed 35,000 computers at Saudi oil company Aramco in 2012. Yet the still packs a massive punch.

After takedown, are Avalanche and its malware families buried?

Global authorities' takedown of Avalanche, a cybercriminal network whose malware campaigns are estimated to have cost victims in over 180 countries hundreds of millions of dollars, was an achievement four years in the making - and yet the saga is far from over.

U.S. Dept. of IoT? Experts debate need for Internet of Things regulation

Confronting the dangers posed by the Internet of Things, members of the House of Representatives' Energy and Commerce Committee held a hearing on Wednesday that examined the feasibility of regulating IoT devices.

PacketSled CEO Harrigan resigns over threats to Trump

Updated! Matt Harrigan, CEO of PacketSled, resigned his position today after being suspended for having posted threatening messaged against President-Elect Trump on social media.

Floki Bot: The Rest of the Story

Last week we took the 100,000 foot level view of the relatively new floki bot. This bot - allegedly modeled after Zeus is selling in the underground marketplaces for around $1,000.

Big Malware Moments of 2016 Part 1

Financial malware is a threat that seems to make headlines almost every month. Studies indicate that cybercrime is the only economic crime to have seen an increase this year, rising sharply, and landing the second rank on the list of the most reported economic crimes globally.

Watch your endpoints, says SANS whitepaper

Cybercriminals are only getting more insidious in their methods of attack and the impact on organizations is increasingly harmful. But, holding off incursions can be achieved with user education and tested strategies.

Zero-day DDoS attack vector leverages LDAP to amplify malicious traffic

Corero Network Security today disclosed a zero-day distributed denial of service attack (DDoS) technique, observed in the wild, that is capable of amplifying malicious traffic by a factor of as much as 55x.

Are Mirai DDoS attacks a wake-up call for IoT industry?

Friday's DDoS attacks that created major website outages across the Internet may prove to be a watershed moment for the Internet of Things industry, after years of warnings - mostly ignored - about the glaring vulnerabilities in IoT devices.

Near-death experience: Hicurdismos tech support scam mimics Microsoft Blue Screen of Death

Microsoft on Friday warned of a malware threat called Hicurdismos that simulates the infamous Windows Blue Screen of Death as part of a tech support scam.

Russian APT's DealersChoice exploit tool is a raw deal for Flash users

Russian advanced persistent threat group Sofacy has another ace up its sleeve: a Flash Player exploit tool, dubbed DealersChoice, that in some ways resembles a Russian nesting doll.

Nearly 6K e-commerce sites hacked, including GOP group

Hackers exploited security vulnerabilities and weak passwords to burrow their way into a number of e-commerce sites, including that of the National Republican Senatorial Committee.

Linux-run IoT devices under attack by NyaDrop

Internet of Things (IoT) devices running on the open-source Linux OS are under attack from NyaDrop.

Enterprises need a culture of cybersecurity, says PCI Security Standards Council

Building a culture of cybersecurity within enterprises is essential in today's fast-paced world of online transactions.

Ghost Push possesses Android devices; only version 6.0 is safe

"I ain't afraid of no Ghost Push?" Better think again if you're an Android user with a device operating on anything lower than version 6.