Home Tags Malicious

Tag: malicious

Use of DNS Tunneling for C&C Communications

Often, virus writers don't even bother to run encryption or mask their communications. However, you do get the occasional off-the-wall approaches that don't fall into either of the categories.

Take, for instance, the case of a Trojan that Kaspersky Lab researchers discovered in mid-March and which establishes a DNS tunnel for communication with the C&C server.

Foiled! 15 tricks to hold off the hackers

Malicious hackers have outsize reputations.

They are über-geniuses who can guess any password in seconds, hack any system, and cause widespread havoc across multiple, unrelated networks with a single keystroke—or so Hollywood says.

Those of us who fight hackers every day know the good guys are usually far smarter. Hackers simply have to be persistent.Each year, a few hackers do something truly new.

But for the most part, hackers repeat the tried and true.
It doesn’t take a supergenius to check for missing patches or craft a social engineering attack. Hacking by and large is tradework: Once you learn a few tricks and tools, the rest becomes routine.

The truly inspired work is that of security defenders, those who successfully hack the hackers.To read this article in full or to leave a comment, please click here

APT Threat Evolution in Q1 2017

Kaspersky Lab is currently tracking more than a hundred threat actors and sophisticated malicious operations in over 80 countries.

During the first quarter of 2017, there were 33 private reports released to subscribers of our Intelligence Services, with IOC data and YARA rules to assist in forensics and malware-hunting.

McAfee: Wave of Shamoon cyberattacks being coordinated by a single group

The waves of cyberattacks that have rocked Saudi Arabia over the past few months are linked to the earlier Shamoon attacks. However, the initial 2012 attack was the work of a single group, whereas the latest attacks have been carried out by different groups of varying skills and expertise, all following instructions provided by one malicious actor, McAfee researchers have found.Researchers at McAfee Strategic Intelligence believe the 2012 Shamoon attacks against Saudi Arabia’s state-run oil company Saudi Aramco and Qatari natural gas company RasGas, the attacks last November against Saudi organizations, and these latest attacks are all the work of hacker groups supported and coordinated by a single actor, and not the efforts of multiple gangs operating independently, said McAfee principal engineer Christiaan Beek and McAfee chief scientist Raj Samani. To read this article in full or to leave a comment, please click here

McAfee: Wave of Shamoon cyberattacks coordinated by a single group

The waves of cyberattacks that have rocked Saudi Arabia over the past few months are linked to the earlier Shamoon attacks. However, the initial 2012 attack was the work of a single group, whereas the latest attacks have been carried out by different groups of varying skills and expertise, all following instructions provided by one malicious actor, McAfee researchers have found.Researchers at McAfee Strategic Intelligence believe the 2012 Shamoon attacks against Saudi Arabia’s state-run oil company Saudi Aramco and Qatari natural gas company RasGas, the attacks last November against Saudi organizations, and the latest attacks are the work of hacker groups supported and coordinated by a single actor, not by multiple gangs operating independently, said McAfee principal engineer Christiaan Beek and McAfee chief scientist Raj Samani. To read this article in full or to leave a comment, please click here

Webroot deletes Windows files and causes serious problems for users

Users of Webroot's endpoint security product, consumers and businesses alike, had a nasty surprise Monday when the program started flagging Windows files as malicious.The reports quickly popped up on Twitter and continued on the Webroot community fo...

BrandPost: How To Prepare and Prevent Ransomware From Wreaking Havoc

By Bharath Vasudevan, Director of Product Management, Hewlett Packard Enterprise Software-defined and Cloud GroupRansomware is a malicious software virus that locks files or computer systems until a sum of money (usually in Bitcoin) is paid to the cyber criminals. With ransomware attacks increasing in quantity and ferocity seemingly by the day, it is no longer a matter of if an organization will be attacked by ransomware, but when.

According to the Ponemon Institute’s January 2016 report, Cost of Data Center Outages, 22% of unplanned IT outages are due to cyberattacks.

This represents a 167% increase since the initial 2010 report.
Stronger security and improved data protection and disaster recovery plans may be businesses’ only hopes to minimize the damage done by ransomware.To read this article in full or to leave a comment, please click here

Bash Bunny: Big hacks come in tiny packages

Today’s increasingly miniaturized world is giving rise to all sorts of hardware devices that can hack almost any computer, device, or network. Plug in an item the size of a USB stick and all your hard-won protections could be defeated.
If you haven’t been paying attention to this field of attack, what you learn might shock you.Anyone can create or buy a computer with an operating system that fits in a space smaller than a postage stamp. Most of these have physical USB interfaces, but many are wireless or have interchangeable interfaces.

These devices include the following:Computers on a stick Keyboard man-in-the-middle intercept devices Wireless computers Plug-in hacking devices [ Also from InfoWorld: The 10 Windows group policy settings you need to get right. | Survive and thrive with the new OS: The ultimate Windows 10 survivor kit. | Stay up on key Microsoft technologies with the Windows newsletter. ]In the interest of defending against this new threat, let's take a close look at one of the most versatile and popular hardware hacking devices: Bash Bunny by Hak5.
I'm offering considerable detail here to show how easy it is to launch malicious attacks that bypass network defenses—and to help white hats who may wish to use the device for simulated red team attacks.To read this article in full or to leave a comment, please click here

Hajime, the mysterious evolving botnet

Hajime (meaning ‘beginning’ in Japanese) is an IoT worm that was first mentioned on 16 October 2016 in a public report by RapidityNetworks.
In this blogpost we outline some of the recent ‘improvements’ to Hajime, some techniques that haven’t been made public, and some statistics about infected IoT devices.

Webroot fixes faulty antivirus update that mistakenly flagged Windows as malware

Windows' system files were flagged as malicious, and Facebook was marked as a phishing site.

Webroot antivirus goes bananas, starts trashing Windows system files

Even automated security tool thinks Redmond's snooping operating system is 'malicious' Webroot's security tools went berserk today, mislabeling key Microsoft Windows system files as malicious and removing them – knackering PCs in the process.…

Chrome, Firefox, and Opera users beware: This isn’t the apple.com you...

Unicode sleight of hand makes it hard for even savvy users to detect impostor sites.