Cisco Security

AUGUST 12, 2021

For several years, Cisco Secure provided DNS visibility and architecture intelligence with Cisco Umbrella and Cisco Umbrella Investigate ; and automated malware analysis and threat intelligence with Cisco Secure Malware Analytics (Threat Grid) , backed by Cisco Talos Intelligence and Cisco SecureX. CyberCrime Tracker.

DNS 144

DNS Firewall Phishing Mobile 144

Security Affairs

OCTOBER 29, 2020

“CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to U.S. In early 2019, researchers spotted a new TrickBot backdoor framework dubbed Anchor that was using the anchor_dns tool for abusing the DNS protocol for C2 communications. hospitals and healthcare providers.

Healthcare 142

Healthcare Ransomware Cybercrime Advertising 142

Security Affairs

JANUARY 13, 2019

Proofpoint analyzed two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang. Security researchers at Proofpoint researchers discovered two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang.

Malware 91

Malware DNS Financial Services Retail 91

Krebs on Security

APRIL 2, 2019

Canadian police last week raided the residence of a Toronto software developer behind “ Orcus RAT ,” a product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. ” “I am not your A-typical computer geek, Brian,” he wrote in a 2018 email. “I An advertisement for Orcus RAT.

Advertising 220

Advertising Malware Marketing Software 220

Krebs on Security

JULY 18, 2022

These services can be used in a legitimate manner for several business purposes — such as price comparisons or sales intelligence — but they are massively abused for hiding cybercrime activity because they can make it difficult to trace malicious traffic to its original source. “The 911[.]re FORUM ACTIVITY?

VPN 304

VPN Computers and Electronics Antivirus Software 304

Security Affairs

FEBRUARY 14, 2021

The administrator announced the decision via messages posted on various cybercrime forums. Joker’s Stash is one of the most longevous carding websites, it was launched in October 2014 and is very popular in the cybercrime underground due to the freshness of its cards and their validity. Image source FlashPoint.

Cybercrime 97

Cybercrime Backups Hacking DNS 97

Krebs on Security

SEPTEMBER 6, 2021

In May 2015, KrebsOnSecurity briefly profiled “ The Manipulaters ,” the name chosen by a prolific cybercrime group based in Pakistan that was very publicly selling spam tools and a range of services for crafting, hosting and deploying malicious email. One of several current Fudtools sites run by The Manipulaters.

Software 239

Software Phishing Cybercrime Accountability 239

Security Affairs

FEBRUARY 8, 2022

Roaming Mantis surfaced in March 2018 when hacked routers in Japan redirecting users to compromised websites. Roaming Mantis is a credential theft and malware campaign that leverages smishing to distribute malicious Android apps in the format of APK files. ” concludes Kaspersky.

Phishing 86

Phishing DNS Malware Hacking 86

Security Affairs

AUGUST 8, 2018

Ramnit is one of the most popular banking malware families in existence today, it was first spotted in 2010 as a worm, in 2011, its authors improved it starting from the leaked Zeus source code turning the malware into a banking Trojan. However, in May-July 2018 we detected a new Ramnit campaign with around 100,000 computers infected.”

Malware 47

Malware DNS Encryption Banking 47

Security Affairs

OCTOBER 12, 2019

In August 2018, three members of the notorious cybercrime gang have been indicted and charged with 26 felony counts of conspiracy, wire fraud, computer hacking, access device fraud and aggravated identity theft. The messages sent to the victims were also dropping the backdoor DNSbot that primarily operates over DNS traffic.

Identity Theft 75

Identity Theft Hacking Advertising DNS 75

CyberSecurity Insiders

MARCH 21, 2021

Back in 2018, almost two-thirds of the small businesses suffered from cyber security attacks. . Anti-virus and anti-malware . There are different kinds of cyber attacks that are faced by small businesses, including malware, phishing, SQL injection, DNS tunneling, and more. Two-factor authentication . Firewalls .

Small Business 145

Small Business Cyber Attacks VPN Backups 145

SecureList

AUGUST 30, 2023

Since 2018, Lazarus has persistently targeted crypto-currency-related businesses for a long time, using malicious Word documents and themes related to the crypto-currency business to lure potential targets. It’s thought that the malware was spread through a vulnerability in the software.

Malware 73

Malware Spyware Cryptocurrency Government 73

SecureList

NOVEMBER 26, 2021

The PyInstaller module for Windows contains a script named “Guard” Interestingly, this malware was developed for both Windows and macOS operating systems. The malware tries to spread to other hosts on the network by infecting USB drives. After this, they were tricked into downloading previously unknown malware.

Malware 86

Malware Banking Energy and Utilities Accountability 86

eSecurity Planet

JUNE 1, 2023

Domain-based Message Authentication, Reporting and Conformance is a protocol that was first proposed in January 2012 and widely adopted in 2018 by the U.S. A DMARC policy is included in a DNS record for a given domain, enabling the sender to specify if messages are protected by SPF or DKIM. How Does DMARC Work?

Technology 72

Technology Authentication DNS Phishing 72

Security Affairs

AUGUST 20, 2019

Group-IB has limited some of the data in the reports that could hinder investigations into the group’s cybercrimes. Prior to April 2018, Silence’s target interests were primarily limited to 25 post-Soviet states and neighboring countries. Silence going global. Larger geographical scope of attacks. Within the sound of Silence.

Banking 56

Banking Cybercrime Cybersecurity Advertising 56

Security Affairs

JANUARY 25, 2019

During the last weeks, the Cybaze-Yoroi ZLab researchers identified infection attempts aimed to install RAT malware directed to the naval industry sector. Instead, in this case, Cybaze-Yoroi ZLab detected the usage of multiplatform Java malware. Figure 5 – Open directory used by malware to download jre.zip component.

Malware 82

Malware VPN Advertising InfoSec 82

Security Affairs

SEPTEMBER 1, 2018

Security experts from Netscout’s ASERT uncovered a new campaign carried out by the Cobalt cybercrime group. The attacks were detected on August 13, 2018, experts revealed that the hackers targeted also the NS Bank in Russia and Carpatica/Patria in Romania. A weaponized Word document and a binary with a.jpg extension.

Cybercrime 55

Cybercrime Banking Phishing Advertising 55

Security Affairs

MARCH 22, 2019

The financially-motivated hacking group FIN7 is back and used a new piece of malware in a recent hacking campaign. Security experts at Flashpoint revealed that the financially-motivated cybercrime group FIN7 (aka Anunak and Carbanak ) used new malware in a recent hacking campaign. ” continues the analysis.

Malware 83

Malware Identity Theft Cybercrime Hacking 83

SecureList

APRIL 27, 2022

Disclaimer: when referring to APT groups as Russian-speaking, Chinese-speaking or other-“speaking” languages, we refer to various artefacts used by the groups (such as malware debugging strings, comments found in scripts, etc.) On February 23, ESET published a tweet announcing new wiper malware targeting Ukraine.

Malware 130

Malware Firmware Government Phishing 130

Security Affairs

NOVEMBER 29, 2019

Compared to its predecessors, the sixth “Hi-Tech Crime Trends” report is the first to contain chapters devoted to the main industries attacked and covers the period from H2 2018 to H1 2019, as compared to the period from H2 2017 to H1 2018. As for 2019, it has become the year of covert military operations in cyberspace.

Banking 86

Banking Telecommunications Marketing Internet 86

eSecurity Planet

DECEMBER 3, 2021

Brian Krebs is an independent investigative reporter known for his coverage of technology, malware , data breaches , and cybercrime developments. Russian software engineer Eugene Kaspersky’s frustration with the malware of the 80s and 90s led to the founding of antivirus and cybersecurity vendor Kaspersky Lab.

Accountability 134

Accountability Cybersecurity Penetration Testing InfoSec 134

SecureList

MAY 27, 2022

Our analysis of the rogue firmware, and other malicious artefacts from the target’s network, revealed that the threat actor behind it had tampered with the firmware to embed malware that we call MoonBounce. Since 2018, we have been tracking Roaming Mantis – a threat actor that targets Android devices.

Phishing 103

Phishing Spyware Firmware Malware 103

SecureList

APRIL 27, 2021

In our initial report on Sunburst , we examined the method used by the malware to communicate with its C2 (command-and-control) server and the protocol used to upgrade victims for further exploitation. This campaign made use of a previously unknown malware family we dubbed FourteenHi.

Malware 138

Malware Spyware Government Social Engineering 138

Veracode Security

NOVEMBER 19, 2020

credible information of an increased and imminent cybercrime threat to U.S. In the report, the agencies found that threat actors are targeting the HPH Sector using TrickBot and BazarLoader malware efforts, which can result in the disruption of healthcare services, the initiation of ransomware attacks, and the theft of sensitive data.

Healthcare 52

Healthcare Ransomware Phishing Social Engineering 52

Security Affairs

JULY 7, 2019

Sodin Ransomware includes exploit for Windows CVE-2018-8453 bug. Cryptomining Campaign involves Golang malware to target Linux servers. Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH). Tens of VMware Products affected by SACK Panic and SACK Slowness flaws.

Scams 48

Scams Spyware DNS Advertising 48

Fox IT

JUNE 23, 2020

Evil Corp were previously associated to the Dridex malware and BitPaymer ransomware, the latter came to prominence in the first half of 2017. Business associations are fairly fluid in organised cybercrime groups, Partnerships and affiliations are formed and dissolved much more frequently than in nation state sponsored groups, for example.

Ransomware 45

Ransomware Encryption Malware Architecture 45

SecureList

OCTOBER 26, 2021

In June, more than six months after DarkHalo had gone dark, we observed the DNS hijacking of multiple government zones of a CIS member state that allowed the attacker to redirect traffic from government mail servers to computers under their control – probably achieved by obtaining credentials to the control panel of the victims’ registrar.

Malware 140

Malware Government Surveillance Spyware 140

SecureList

FEBRUARY 16, 2021

The DTLS (Datagram Transport Layer Security) protocol is used to establish secure connections over UDP, through which most DNS queries, as well as audio and video traffic, are sent. However, we are becoming increasingly convinced that the DDoS market has stopped growing, having completely stabilized after the decline in 2018.

DDOS 129

DDOS Cryptocurrency Marketing Internet 129

Herjavec Group

AUGUST 26, 2021

We can learn a lot from the cybercrime of the past…the history of cybercrime is a glimpse into what we can expect in the future. In the past 18 months, we’ve experienced the beginning of an era that has seen cybersecurity and cybercrime at the center of it all. Dateline Cybercrime . Robert Herjavec.

Cybercrime 135

Cybercrime Computers and Electronics Banking Hacking 135