Home Tags Greece

Tag: Greece

Officials arrest suspect in $4 billion Bitcoin money laundering scheme

Bitcoin's decentralized architecture makes it popular with criminal groups.

Neutrino modification for POS-terminals

From time to time authors of effective and long-lived Trojans and viruses create new modifications and forks of them, like any other software authors. One of the brightest examples amongst them is Zeus, which continues to spawn new modifications of itself each year.

Right Now Get a $20 Amazon Dash Wand With Alexa For...

Dash Wand is a wifi enabled kitchen assistant that helps you shop AmazonFresh and millions of everyday essentials on Amazon.com.

Essentially free, since right now you get a $20 Amazon credit when you register the device. How does it work? Just scan a barcode on an item you need, or press the button and say:"How many teaspoons in a tablespoon?”"How many calories are there in Greek yogurt?""Alexa, ask Pizza Hut to place an order."To read this article in full or to leave a comment, please click here

IT threat evolution Q1 2017. Statistics

According to KSN data, Kaspersky Lab solutions detected and repelled 479,528,279 malicious attacks from online resources located in 190 countries all over the world.

File antivirus detected a total of 174,989,956 unique malicious and potentially unwanted objects.

WannaCry ransomware used in widespread attacks all over the world

Earlier today, our products detected and successfully blocked a large number of ransomware attacks around the world.
In these attacks, data is encrypted with the extension “.WCRYrdquo; added to the filenames. Our analysis indicates the attack, dubbed “WannaCryrdquo;, is initiated through an SMBv2 remote code execution in Microsoft Windows.

BrandPost: 5 Things to Consider Before an IT Refresh

By Bharath Vasudevan, HPE Product Manager, Software-defined and Cloud GroupHeraclitus, a Greek philosopher, is quoted as saying "change is the only constant in life." And he wrote that in 500 B.C.
I wonder what he would say today about the constant change brought about by technology.The pace of change in business is extraordinary – and if you don’t keep up, you’ll be left behind. Yet how do you know when change is needed for your business — particularly your infrastructure? And how do you decide what change will make you more competitive?A tech refresh is a chance for a business to evaluate the direction of its IT infrastructure and weigh the costs and benefits of trying something new.
It’s a good time to look at the current IT environment and research what other options are available that may better suit the needs of the organization.To read this article in full or to leave a comment, please click here

The future of solar power technology is bright

From photovoltaic paint to thermal fuel, we peek at a future beyond today's solar cells.

KopiLuwak: A New JavaScript Payload from Turla

A new, unique JavaScript payload is now being used by Turla in targeted attacks.

This new payload, dubbed KopiLuwak, is being delivered using embedded macros within Office documents.

The Oracle of Delphi puts a board game Odyssey on your...

Stefan Feld's newest board game is a blast from the past.

Shamoon Can Now Destroy Virtual Desktops, Too

Enlarge / A computer infected by Shamoon System is unable to find its operating system.Palo Alto Networks reader comments 19 Share this story There's a new variant of the Shamoon disk-wiping malware that was originally unleashed on Saudi Arabia's state-owned oil company in 2012, and it has a newly added ability to destroy virtual desktops, researchers said. The new strain is at least the second Shamoon variant to be discovered since late November, when researchers detected the return of disk-wiping malware after taking a more than four-year hiatus.

The variant was almost identical to the original one except for the image that was left behind on sabotaged computers. Whereas the old one showed a burning American flag, the new one displayed the iconic photo of the body of Alan Kurdi, the three-year-old Syrian refugee boy who drowned as his family tried to cross from Turkey to Greece. Like the original Shamoon, which permanently destroyed data on more than 30,000 work stations belonging to Saudi Aramco, the updates also hit one or more Saudi targets that researchers have yet to name. According to a blog post published Monday night by researchers from Palo Alto Networks, the latest variant has been updated to include legitimate credentials to access virtual systems, which have emerged as a key protection against Shamoon and other types of disk-wiping malware.

The actor involved in this attack could use these credentials to manually log into so-called virtual management infrastructure management systems to attack virtual desktop products from Huawei, which can protect against destructive malware through its ability to load snapshots of wiped systems. "The fact that the Shamoon attackers had these usernames and passwords may suggest that they intended on gaining access to these technologies at the targeted organization to increase the impact of their destructive attack," the Palo Alto Networks researchers wrote. "If true, this is a major development and organizations should consider adding additional safeguards in protecting the credentials related to their VDI deployment." Several of the usernames and passwords are included in official documentation as administrator accounts for Huawei’s virtualized desktop products, such as FusionCloud.

The researchers still aren't sure if Shamoon attackers obtained the credentials from an earlier attack on the targeted network or included the default usernames and passwords in an attempt to guess the login credentials to the VDI infrastructure. In addition to the virtualization-defeating update, the variant found by Palo Alto Networks also contained hardcoded Windows domain account credentials that were specific to the newly targeted organization.

The credentials met Windows password complexity requirements, a finding that suggests the attackers obtained the credentials through a previous breach. Like the previous Shamoon variant, the new one spread throughout a local network by "logging in using legitimate domain account credentials, copying itself to the system and creating a scheduled task that executes the copied payload." The Shamoon update was set to begin overwriting systems on November 29, 2016 at 1:30am.

The timing aligns with previous Shamoon strains, which attempted to maximize their destructive impact by striking when the targeted organization would have fewer personnel and resources available on site. Post updated in the headline and third paragraph to make clear VDI systems are manually accessed.

Shamoon disk-wiping malware can now destroy virtual desktops, too

Enlarge / A computer infected by Shamoon System is unable to find its operating system.Palo Alto Networks reader comments 14 Share this story There's a new variant of the Shamoon disk-wiping malware that was originally unleashed on Saudi Arabia's state-owned oil company in 2012, and it has a newly added ability to destroy virtual desktops, researchers said. The new strain is at least the second Shamoon variant to be discovered since late November, when researchers detected the return of disk-wiping malware after taking a more than four-year hiatus.

The variant was almost identical to the original one except for the image that was left behind on sabotaged computers. Whereas the old one showed a burning American flag, the new one displayed the iconic photo of the body of Alan Kurdi, the three-year-old Syrian refugee boy who drowned as his family tried to cross from Turkey to Greece. Like the original Shamoon, which permanently destroyed data on more than 30,000 work stations belonging to Saudi Aramco, the updates also hit one or more Saudi targets that researchers have yet to name. According to a blog post published Monday night by researchers from Palo Alto Networks, the latest variant has been updated to attack virtual desktops, which have emerged as one of the key protections against Shamoon and other types of disk-wiping malware.

The update included usernames and passwords related to the virtual desktop infrastructure products from Huawei, which can protect against a destructive malware through its ability to load snapshots of wiped systems. "The fact that the Shamoon attackers had these usernames and passwords may suggest that they intended on gaining access to these technologies at the targeted organization to increase the impact of their destructive attack," the Palo Alto Networks researchers wrote. "If true, this is a major development and organizations should consider adding additional safeguards in protecting the credentials related to their VDI deployment." Several of the usernames and passwords are included in official documentation as administrator accounts for Huawei’s virtualized desktop products, such as FusionCloud.

The researchers still aren't sure if Shamoon attackers obtained the credentials from an earlier attack on the targeted network or included the default usernames and passwords in an attempt to guess the login credentials to the VDI infrastructure. In addition to the virtualization-defeating update, the variant found by Palo Alto Networks also contained hardcoded Windows domain account credentials that were specific to the newly targeted organization.

The credentials met Windows password complexity requirements, a finding that suggests the attackers obtained the credentials through a previous breach. Like the previous Shamoon variant, the new one spread throughout a local network by "logging in using legitimate domain account credentials, copying itself to the system and creating a scheduled task that executes the copied payload." The Shamoon update was set to begin overwriting systems on November 29, 2016 at 1:30am.

The timing aligns with previous Shamoon strains, which attempted to maximize their destructive impact by striking when the targeted organization would have fewer personnel and resources available on site.

DoD Warns Contractors About Iran-Linked Malware

Shamoon, a piece of malware that tries to turn infected computers into unusable bricks, is back. Earlier this month, a number of cybersecurity firms reported that hackers had used the malware against thousands of computers in Saudi Arabia's civil aviation agency and other government bodies. According to Bloomberg, the attacks, like previous ones involving Shamoon, seemingly originated from Iran. Now, the Defense Security Service (DSS), part of the US Department of Defense, has issued a bulletin to cleared contractors warning them of the threat. “Between 2 and 7 December 2016, DSS was given information from another government agency regarding Indicators of Compromise (IOC) associated with a Shamoon malware variant and may be used in computer network exploitation attempts,” the bulletin, distributed on Thursday and obtained by Motherboard, reads. It does not specify the government agency that provided the information. These bulletins are sent to contractors to alert them to threats from foreign intelligence entities (FIEs), and in particular, FIEs' infrastructure, malware, tactics, techniques or procedures. “This information is being shared by DSS in order to enable potential targets of possible espionage activity to detect, disrupt or deny FIE's exploitation of cleared contractor information systems, networks or personnel,” it reads. In 2012, the “Cutting Sword of Justice,” a suspected Iranian hacking group, used Shamoon to aggressively wipe tens of thousands of computers belonging to Saudi Aramco. Aramco is the state-owned oil company of Saudi Arabia. In the wake of the attack, Armaco had to take itself entirely offline. “No emails, no phones, nothing,” Chris Kubecka, a consultant who worked with Aramco, told an audience at the Black Hat hacking conference last year. The hackers also replaced emails and documents with a picture of a burning American flag, according to The Register. The new version of Shamoon, however, displays a picture of a Alan Kurdi, the 3-year-old Syrian boy who drowned while trying to cross from Turkey to Greece, according to a report from security company Symantec. Neither the FBI or the Department of Defense provided comment in time for publication, and the NSA did not respond to a request for comment.