Home Tags Cybercriminals

Tag: cybercriminals

Use of DNS Tunneling for C&C Communications

Often, virus writers don't even bother to run encryption or mask their communications. However, you do get the occasional off-the-wall approaches that don't fall into either of the categories.

Take, for instance, the case of a Trojan that Kaspersky Lab researchers discovered in mid-March and which establishes a DNS tunnel for communication with the C&C server.

APT Threat Evolution in Q1 2017

Kaspersky Lab is currently tracking more than a hundred threat actors and sophisticated malicious operations in over 80 countries.

During the first quarter of 2017, there were 33 private reports released to subscribers of our Intelligence Services, with IOC data and YARA rules to assist in forensics and malware-hunting.

xDedic Marketplace Data Spells Danger for Businesses

The xDedic marketplace, a hotspot for cybercriminals on the dark web, sells access to RDP servers to enable attacks on government and corporations.

Original XPan Ransomware Returns, Targets Brazilian SMBs

Brazilian cybercriminals are using the original version of the XPan ransomware, targeting small to medium-sized business based in Brazil with the malware.

XPan, I am your father

While we have previously written on the now infamous XPan ransomware family, some of it’s variants are still affecting users primarily located in Brazil.

This sample is what could be considered as the “father” of other XPan ransomware variants.

A considerable amount of indicators within the source code depict the early origins of this sample.

Exploits: how great is the threat?

How serious, really, is the danger presented by exploits? The recent leak of an exploit toolset allegedly used by the infamous Equation Group suggests it’s time to revisit that question. Using our own telemetry data and intelligence reports as well as publicly available information, we’ve looked at the top vulnerabilities and applications exploited by attackers.

Cybercriminals prefer to chat over Skype

Law enforcement and government officials don’t like encrypted peer-to-peer chat platforms such as WhatsApp and Jabber because it is harder to eavesdrop on what cybercriminals are planning.

But according to a recent study of global cybercriminal operations, the bulk of criminal discussions don’t happen over encrypted chat.
Skype is the preferred mode of communication among cybercrime gangs worldwide.Skype, owned by Microsoft and widely used by consumers and enterprises, doesn’t encrypt messaging end-to-end the way the secure messaging apps do.

But it is still popular among cybercrime gangs around the world, FlashPoint analysts found in a study of communications platforms used by financially motivated cybercriminals.To read this article in full or to leave a comment, please click here

Cybercriminals Mostly Prefer Skype Messaging

But cybercrime gangs worldwide are increasingly using encrypted peer-to-peer chat platforms for their communications outside online underground forums, new study finds.

Report: Cybercriminals prefer Skype, Jabber, and ICQ

The most popular instant messaging platforms with cyber criminals are Skype, Jabber and ICQ, according to a new report released this morning.Meanwhile, consumer-grade platforms like AOL Instant Messenger and Yahoo IM have fallen out of favor, while newer, more secure consumer oriented platforms like Telegram and WhatsApp are also gaining popularity.[ Safeguard your data! The tools you need to encrypt your communications and web data. • Maximum-security essential tools for everyday encryption. • InfoWorld's encryption Deep Dive how-to report. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ]The newer platforms are more user-friendly and more convenient, but also offer greater security, said Leroy Terrelonge, Director of Middle East and Africa Research at Flashpoint, which recently released a report about the communication platforms cyber criminals have been using over the past four years.To read this article in full or to leave a comment, please click here

Personalized Spam and Phishing

Lately we have been noticing an opposite tendency occurring quite often, wherein fraud becomes personalized and spammers invent new methods to persuade the recipient that the message is addressed personally to him.

Thus, in the malicious mailing that we discovered last month, spammers used the actual postal addresses of the recipients in messages to make them seem as credible as possible.

At $175, this ransomware service is a boon to cybercriminals

Cybercriminals have another easy-to-use ransomware kit to add to their arsenals, thanks to a new variant called Karmen that hackers can buy on the black market for $175.A Russian-speaking user called DevBitox has been advertising the ransomware in underground forums, security firm Recorded Future said in a blog post on Tuesday.  [ Expand your security career horizons with these essential certifications for smart security pros. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ]Karmen is what experts call ransomware-as-a-service -- a particularly worrisome trend.

Amateur hackers with little technical know-how can buy access to them, and in return, they’ll receive a whole suite of web-based tools to develop their own ransomware attacks.To read this article in full or to leave a comment, please click here

Leaked NSA exploits plant a bull’s-eye on Windows Server

Friday’s release of suspected NSA spying tools is bad news for companies running Windows Server.

The cyberweapons, which are now publicly available, can easily hack older versions of the OS.  The Shadow Brokers, a mysterious hacking group, leaked the files online, setting off worries that cybercriminals will incorporate them in their own hacks.  [ The InfoWorld review: Microsoft's Nano Server offers mega advantages. | The best new features in Windows Server 2016. | Stay up on key Microsoft technologies with the Windows Report newsletter. ]“This leak basically puts nation-state tools into the hands of anyone who wants them,” said Matthew Hickey, the director of security provider Hacker House.To read this article in full or to leave a comment, please click here