Cyber Security Informer

The State of Malware Analysis: Advice from the Trenches

Lenny Zeltser

SEPTEMBER 26, 2019

What malware analysis approaches work well? The following discussion–captured as an MP3 audio file –offers friendly advice from 5 malware analysts. 1:05) How has your approach to examining malware changed over the years? (7:17) 7:17) What role do automated sandboxes play in the analysis process? (14:30)

Malware

Malware InfoSec Engineering Software

Expert warns of Turtle macOS ransomware

Security Affairs

DECEMBER 1, 2023

The popular cyber security researcher Patrick Wardle published a detailed analysis of the new macOS ransomware Turtle. Wardle pointed out that since Turtle was uploaded on Virus Total, it was labeled as malicious by 24 anti-malware solutions, suggesting it is not a sophisticated threat. concludes the analysis. Troj.Undef”).

Ransomware

Ransomware Encryption Malware Cybercrime

Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

Security Affairs

APRIL 15, 2024

The Ukrainian hacking group Blackjack used a destructive ICS malware dubbed Fuxnet in attacks against Russian infrastructure. ” states the website. ” reads the analysis published by Claroty. ” reads the analysis published by Claroty. Access to 112 Emergency Service. YouTube Video 1 , YouTube Video 2 ).

Malware

Malware Firmware IoT Hacking

MITRE attributes the recent attack to China-linked UNC5221

Security Affairs

MAY 7, 2024

MITRE has shared more details on the recent hack , including the new malware involved in the attack and a timeline of the attacker’s activities. According to the MITRE Corporation, a nation-state actor breached its systems in January 2024 by chaining two Ivanti Connect Secure zero-day vulnerabilities (CVE-2023-46805 and CVE-2024-21887).

Malware

Malware Hacking Accountability Authentication

Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

APRIL 14, 2024

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches

Data breaches Social Engineering Malware Hacking

More SolarWinds News

Schneier on Security

FEBRUARY 3, 2021

Microsoft analyzed details of the SolarWinds attack: Microsoft and FireEye only detected the Sunburst or Solorigate malware in December, but Crowdstrike reported this month that another related piece of malware, Sunspot , was deployed in September 2019, at the time hackers breached SolarWinds’ internal network.

Computers and Electronics

Computers and Electronics Malware Software Government

Researchers find new ICS malware toolkit designed to cause electric power outages

CSO Magazine

MAY 26, 2023

Over the past few years state-sponsored attackers have been ramping up their capabilities of hitting critical infrastructure like power grids to cause serious disruptions. A new addition to this arsenal is a malware toolkit that seems to have been developed for red-teaming exercises by a Russian cybersecurity company.

Malware

Malware Engineering Technology Cybersecurity

New Agent Raccoon malware targets the Middle East, Africa and the US

Security Affairs

DECEMBER 3, 2023

Threat actors are using the Agent Raccoon malware in attacks against organizations in the Middle East, Africa and the U.S. The malware was used in attacks against multiple industries, including education, real estate, retail, non-profit organizations, telecom companies, and governments.

Malware

Malware DNS Retail Education

Sophisticated Tardigrade malware launches attacks on vaccine manufacturing infrastructure

Security Boulevard

NOVEMBER 25, 2021

Security researchers are warning biomanufacturing facilities around the world that they are being targeted by a sophisticated new strain of malware, known as Tardigrade. The post Sophisticated Tardigrade malware launches attacks on vaccine manufacturing infrastructure appeared first on The State of Security.

Manufacturing

Manufacturing Malware

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Security Affairs

OCTOBER 18, 2023

Google’s Threat Analysis Group (TAG) reported that in recent weeks multiple nation-state actors were spotted exploiting the vulnerability CVE-2023-38831 in WinRAR. In September, CERT-UA observed the FROZENLAKE group exploitingthe WinRAR flaw to deploy malware in attacks aimed at energy infrastructure.

Cybercrime

Cybercrime Malware Software Hacking

Xenomorph malware is back after months of hiatus and expands the list of targets

Security Affairs

SEPTEMBER 26, 2023

A new campaign is spreading Xenomorph malware to Android users in the United States, Spain, Portugal, Italy, Canada, and Belgium. Researchers from ThreatFabric uncovered a new campaign spreading Xenomorph malware to Android users in the United States and all over the world. that was significantly improved.

Malware

Malware Banking Phishing Engineering

Merck settles with insurers regarding a $1.4 billion claim over NotPetya damages

Security Affairs

JANUARY 6, 2024

billion claim arising from the NotPetya malware incident. known as Merck Sharp & Dohme (MSD) outside the United States and Canada, is an American multinational pharmaceutical company. The analysis conducted on the ransomware revealed it was designed to look like ransomware but was wiper malware designed for sabotage purposes.

Insurance

Insurance Manufacturing Ransomware Healthcare

Raspberry Robin Malware Evolves with Sophisticated Evasion Tactics

SecureWorld News

APRIL 11, 2024

The Raspberry Robin malware, a heavily obfuscated Windows worm first identified in late 2021, has become one of the most prevalent threats facing enterprises today. These script files employ a range of anti-analysis techniques to evade detection. The obfuscation techniques used by this malware payload system are impressive.

Malware

Malware IoT Ransomware Manufacturing

New Windows Meduza Stealer targets tens of crypto wallets and password managers

Security Affairs

JULY 3, 2023

The malware also targets crypto wallet extensions, password managers, and 2FA extensions. The authors are actively developing malware to evade detection, but no specific attacks have been attributed to the Meduza Stealer to date. The malware admin declared that their operations do not involve any ransom activities.

Password Management

Password Management Passwords Malware Antivirus

Microsoft unveils the tradecraft of hacking group Nobelium

CyberSecurity Insiders

FEBRUARY 24, 2023

Microsoft has unveiled a new set of malware, known as MagicWeb in the wild and has concluded that the said malicious tool is the work of state-funded hacking group Nobelium that changes its trade crafts as per the machine status that they fraudulently access through cyber attacks.

Hacking

Hacking Authentication Cyber Attacks Malware

THE 11TH EDITION OF THE ENISA THREAT LANDSCAPE REPORT IS OUT!

Security Affairs

OCTOBER 19, 2023

I’m proud to announce the release of the 11th edition of the ENISA Threat Landscape (ETL) on the state of the cybersecurity threat landscape. The Europen Agency for cybersecurity ENISA releases its ENISA Threat Landscape 2023 (ETL) report , which is the annual analysis of the state of the cybersecurity threat landscape.

Social Engineering

Social Engineering Artificial Intelligence Engineering Ransomware

Security Affairs newsletter Round 455 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 21, 2024

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Patch it now!

Artificial Intelligence

Artificial Intelligence VPN Hacking Firewall

Malware exploits undocumented Google OAuth endpoint to regenerate Google cookies

Security Affairs

JANUARY 1, 2024

Subsequently, other malware integrated the exploit, including Rhadamanthys, Risepro, Meduza , Stealc Stealer and recently the White Snake. The researchers discovered that the malware targets Chrome’s token_service table of WebData to extract tokens and account IDs of chrome profiles logged in. ” continues the report. .

Malware

Malware Penetration Testing Passwords Encryption

Google: We're Tracking 270 State-Sponsored Hacker Groups From Over 50 Countries

The Hacker News

OCTOBER 14, 2021

Google's Threat Analysis Group (TAG) on Thursday said it's tracking more than 270 government-backed threat actors from more than 50 countries, adding it has approximately sent 50,000 alerts of state-sponsored phishing or malware attempts to customers since the start of 2021.

Phishing

Phishing Internet Internet Government

How You Can Start Learning Malware Analysis

Lenny Zeltser

JANUARY 6, 2021

Malware analysis sits at the intersection of incident response, forensics, system and network administration, security monitoring, and software engineering. As someone who’s helped thousands of security professionals learn how to analyze malware at SANS Institute , I have a few tips for how you can get started.

Malware

Malware Software Engineering Information Security

What Is Stateful Inspection in Network Security? Ultimate Guide

eSecurity Planet

FEBRUARY 14, 2024

Stateful inspection is a firewall feature that filters data packets based on the context of previous data packets. An understanding of how stateful inspection works, the key pros and cons, and its use cases provides important insight into how stateful inspection can be used successfully in a security stack.

Network Security

Network Security Firewall DNS DDOS

APT28 relies on PowerPoint Mouseover to deliver Graphite malware

Security Affairs

SEPTEMBER 29, 2022

The Russia-linked APT28 group is using mouse movement in decoy Microsoft PowerPoint documents to distribute malware. The Russia-linked APT28 employed a technique relying on mouse movement in decoy Microsoft PowerPoint documents to deploy malware, researchers from Cluster25 reported. ” reads the analysis published by Cluster25.

Malware

Malware Government Hacking Information Security

USCYBERCOM shares five new North Korea-linked malware samples

Security Affairs

MAY 13, 2020

The United States Cyber Command (USCYBERCOM) has uploaded five new North Korean malware samples to VirusTotal. The United States Cyber Command (USCYBERCOM) has shared five new malware samples attributed to the North Korea-linked Lazarus APT , it has uploaded the malicious code to VirusTotal.

Malware

Malware Advertising Government Cryptocurrency

Experts warn of a 600X increase in P2Pinfect traffic

Security Affairs

SEPTEMBER 22, 2023

surge during the week leading up to the publication of their analysis. P2Pinfect infections have been reported in China, the United States, Germany, the United Kingdom, Singapore, Hong Kong and Japan. ” reads the analysis published by Cado Security Labs. According to the researchers, traffic experienced a 12.3%

Malware

Malware Passwords Hacking Cybercrime

OPSWAT launches new malware analysis capabilities for ICS, OT networks

CSO Magazine

AUGUST 10, 2022

Critical infrastructure cybersecurity vendor OPSWAT has announced new malware analysis capabilities for IT and operational technology (OT). The release comes amid increasing cyberthreats surrounding OT networks in industrial control systems (ICS).

Malware

Malware Technology Cybersecurity

Multiple threat actors exploited Progress Telerik bug to breach U.S. federal agency

Security Affairs

MARCH 16, 2023

In 2020 and 2021, this flaw was included by the US National Security Agency (NSA) in the list of the top 25 vulnerabilities exploited by Chinese state-sponsored hacking groups in attacks in the wild. The joint alert recommends network defenders review the Malware Analysis Report, MAR-10413062-1.v1 ” reads the advisory.

Internet

Internet Internet Malware Government

North Korea-linked APTs use Maui Ransomware to target the Healthcare industry

Security Affairs

JULY 7, 2022

The report provides information about tactics, techniques, and procedures (TTPs) of the threat actors using the Maui ransomware along with indicators of compromise (IOCs) that were obtained by government experts during incident response activities and industry analysis of a Maui sample. The FBI, CISA, and the U.S.

Healthcare

Healthcare Ransomware Encryption Government

Russia-linked hackers target Ukrainian military with Infamous Chisel Android malware

Security Affairs

AUGUST 31, 2023

Russia-linked threat actors have been targeting Android devices of the Ukrainian military with a new malware dubbed Infamous Chisel. The GCHQ’s National Cyber Security Centre (NCSC) and agencies in the United States, Australia, Canada, and New Zealand have published an analysis of the Android malware.

Malware

Malware Authentication Threat Detection Government

ShadowPad malware on Industrial Control Systems of Asia

CyberSecurity Insiders

JUNE 28, 2022

Researchers from the security firm state they detected the said cyber threat in Oct’21 and found that the hackers were infiltrating the industrial control systems through a Microsoft Exchange Vulnerability. The post ShadowPad malware on Industrial Control Systems of Asia appeared first on Cybersecurity Insiders.

Malware

Malware Telecommunications Surveillance Cyber threats

LiveAction adds new SOC-focused features to ThreatEye NDR platform

CSO Magazine

OCTOBER 3, 2022

In a press release, the firm stated that the platform features a new user interface (UI) designed to enhance the ability of SOC analysts to correlate findings and policy violations to track incidents. To read this article in full, please click here

Encryption

Encryption Network Security Malware

macOS Zero-Day exploited in watering hole attacks on users in Hong Kong

Security Affairs

NOVEMBER 12, 2021

Google revealed that threat actors recently exploited a zero-day vulnerability in macOS to deliver malware to users in Hong Kong. Google TAG researchers discovered that threat actors leveraged a zero-day vulnerability in macOS in a watering hole campaign aimed at delivering malware to users in Hong Kong.

Malware

Malware Media Surveillance Encryption

The Lazarus Group Targeted Cybersecurity Researchers Again, Google Says

Heimadal Security

APRIL 1, 2021

According to Google’s Threat Analysis Group research published yesterday, the North Korean state-sponsored operation has set up a fake security company and social media accounts as part of a broad campaign targeting cybersecurity researchers with malware linked to the Lazarus Group.

Cybersecurity

Cybersecurity Media Accountability Malware

Cyclops Blink malware: US and UK authorities issue alert

Malwarebytes

FEBRUARY 24, 2022

According to a joint security advisory published yesterday by US and UK cybersecurity and law enforcement agencies, a new malware called Cyclops Blink has surfaced to replace the VPNFilter malware attributed to the Sandworm group, which has always been seen as a Russian state-sponsored group. Cyclops Blink.

Malware

Malware Firewall Firmware DDOS

DragonSpark threat actor avoids detection using Golang source code Interpretation

Security Affairs

JANUARY 25, 2023

Chinese threat actor tracked as DragonSpark targets organizations in East Asia with a Golang malware to evade detection. The attackers employed an open source tool SparkRAT along with Golang malware that implements an uncommon technique to evade detection. ” reads the report published by SentineOne. exe, implemented in Golang.”

Malware

Malware Internet Internet Hacking

New PowerDrop malware targets U.S. aerospace defense industry

Security Affairs

JUNE 7, 2023

aerospace defense sector with a new PowerShell malware dubbed PowerDrop. The PowerShell-based malware uses advanced techniques to evade detection, including deception, encoding, and encryption. ” reads the analysis published by Adlumin. . ” reads the analysis published by Adlumin. aerospace sector.

Malware

Malware Encryption Internet Internet

HIVE Ransomware Shut Down by International Law Enforcement

SecureWorld News

JANUARY 27, 2023

The United States Department of Justice (DOJ) recently announced that it has successfully taken down the HIVE ransomware network, an international cybercrime ring that had been responsible for stealing and encrypting the data of more than 1,500 companies from 80 different countries. Cybercrime is a constantly evolving threat.

Ransomware

Ransomware Cybercrime Cryptocurrency Telecommunications

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

Security Affairs

SEPTEMBER 24, 2023

Stealth Falcon is a nation-state actor active since at least 2012, the group targeted political activists and journalists in the Middle East in past campaigns. The researchers explained that unlike other malware typically using components written in only one programming language, Deadglyph uses distinct programming languages.

Spyware

Spyware Malware Architecture Encryption

North Korea-linked Lazarus targeted a Spanish aerospace company

Security Affairs

OCTOBER 1, 2023

The state-sponsored hackers deployed several tools, including a previously undocumented backdoor dubbed LightlessCan. ” reads the analysis published by ESET. ” reads the analysis published by ESET. The cyberspies impersonated Meta’s recruiters to lure employees with trojanized coding challenges. exe and Quiz2.exe,

Malware

Malware Cyber Attacks Hacking

A Ukrainian Raccoon Infostealer operator is awaiting trial in the US

Security Affairs

FEBRUARY 19, 2024

He appealed the decision of a Dutch Court for granting his extradition to the United States, but it was finally extradited to the US from the Netherlands to appear in a US court. The malware is now promoted on English-speaking hacking forums, it works on both 32-bit and 64-bit operating systems. in the stolen data.

Identity Theft

Identity Theft Cryptocurrency Cybercrime Hacking

New RAT malware uses sophisticated evasion techniques, leverages COVID-19 messaging

CSO Magazine

MAY 11, 2022

Researchers at cybersecurity vendor Proofpoint have analyzed a new remote access Trojan (RAT) malware campaign using sophisticated evasion techniques and leveraging COVID-19 themed messaging to target global organizations.

Malware

Malware Cybersecurity

Researchers used electromagnetic signals to classify malware infecting IoT devices

Security Affairs

JANUARY 5, 2022

Cybersecurity researchers demonstrate how to use electromagnetic field emanations from IoT devices to detect malware. The researchers proposed a novel approach of using side channel information to identify malware targeting IoT systems. In fact, EM emanation that is measured from the device is practically undetectable by the malware.

IoT

IoT Malware Internet Internet

Hackers spread backdoor after compromising the Mongolian CA MonPass

Security Affairs

JULY 4, 2021

Threat actors compromised the servers of Mongolian certificate authority (CA) MonPass and used its website to spread malware. Hackers compromised the servers of the Mongolian certificate authority (CA) MonPass and used its website to spread malware, reported Avast researchers. ” states the analysis published by Avast.

Malware

Malware Encryption Hacking Information Security

Unknown APT group has targeted Russia repeatedly since Ukraine invasion

Malwarebytes

MAY 24, 2022

The malware uses a number of advanced tricks to hide what it does and how it works, but our analysts have been able to reverse engineer the malware, reveal its inner workings, and uncover some clues about its possible origins. Urgent Vulnerability Fixes” ( Rostec is a Russian state-owned defense conglomerate founded by Putin.).

Malware

Malware Phishing Government Accountability

Navigating the Dual Impact of AI in Cybersecurity

Approachable Cyber Threats

FEBRUARY 23, 2024

Category Awareness, Artificial Intelligence Risk Level Artificial Intelligence (AI) is set to be the newest ally for many companies, but it’s also set to be the newest threat. The realm of cybersecurity is undergoing a transformation, guided by the omnipresent force of Artificial Intelligence (AI). What is AI’s emerging role in cybersecurity?”

Cybersecurity

Cybersecurity Artificial Intelligence Malware Phishing

The State of Malware Analysis: Advice from the Trenches

Expert warns of Turtle macOS ransomware

Trending Sources

Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

MITRE attributes the recent attack to China-linked UNC5221

Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION

More SolarWinds News

Researchers find new ICS malware toolkit designed to cause electric power outages

New Agent Raccoon malware targets the Middle East, Africa and the US

Sophisticated Tardigrade malware launches attacks on vaccine manufacturing infrastructure

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Xenomorph malware is back after months of hiatus and expands the list of targets

Merck settles with insurers regarding a $1.4 billion claim over NotPetya damages

Raspberry Robin Malware Evolves with Sophisticated Evasion Tactics

New Windows Meduza Stealer targets tens of crypto wallets and password managers

Microsoft unveils the tradecraft of hacking group Nobelium

THE 11TH EDITION OF THE ENISA THREAT LANDSCAPE REPORT IS OUT!

Security Affairs newsletter Round 455 by Pierluigi Paganini – INTERNATIONAL EDITION

Malware exploits undocumented Google OAuth endpoint to regenerate Google cookies

Google: We're Tracking 270 State-Sponsored Hacker Groups From Over 50 Countries

How You Can Start Learning Malware Analysis

What Is Stateful Inspection in Network Security? Ultimate Guide

APT28 relies on PowerPoint Mouseover to deliver Graphite malware

USCYBERCOM shares five new North Korea-linked malware samples

Experts warn of a 600X increase in P2Pinfect traffic

OPSWAT launches new malware analysis capabilities for ICS, OT networks

Multiple threat actors exploited Progress Telerik bug to breach U.S. federal agency

North Korea-linked APTs use Maui Ransomware to target the Healthcare industry

Russia-linked hackers target Ukrainian military with Infamous Chisel Android malware

ShadowPad malware on Industrial Control Systems of Asia

LiveAction adds new SOC-focused features to ThreatEye NDR platform

macOS Zero-Day exploited in watering hole attacks on users in Hong Kong

The Lazarus Group Targeted Cybersecurity Researchers Again, Google Says

Cyclops Blink malware: US and UK authorities issue alert

DragonSpark threat actor avoids detection using Golang source code Interpretation

New PowerDrop malware targets U.S. aerospace defense industry

HIVE Ransomware Shut Down by International Law Enforcement

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

North Korea-linked Lazarus targeted a Spanish aerospace company

A Ukrainian Raccoon Infostealer operator is awaiting trial in the US

New RAT malware uses sophisticated evasion techniques, leverages COVID-19 messaging

Researchers used electromagnetic signals to classify malware infecting IoT devices

Hackers spread backdoor after compromising the Mongolian CA MonPass

Unknown APT group has targeted Russia repeatedly since Ukraine invasion

Navigating the Dual Impact of AI in Cybersecurity

Stay Connected