Cyber Security Informer

The State of Malware Analysis: Advice from the Trenches

Lenny Zeltser

SEPTEMBER 26, 2019

What malware analysis approaches work well? The following discussion–captured as an MP3 audio file –offers friendly advice from 5 malware analysts. 1:05) How has your approach to examining malware changed over the years? (7:17) 7:17) What role do automated sandboxes play in the analysis process? (14:30)

Malware

Malware InfoSec Engineering Software

GitCaught campaign relies on Github and Filezilla to deliver multiple malware

Security Affairs

MAY 20, 2024

Researchers discovered a sophisticated cybercriminal campaign by Russian-speaking threat actors that used GitHub to distribute malware. Recorded Future’s Insikt Group discovered a sophisticated cybercriminal campaign by Russian-speaking threat actors from the Commonwealth of Independent States (CIS).

Malware

Malware Banking Software Advertising

Expert warns of Turtle macOS ransomware

Security Affairs

DECEMBER 1, 2023

The popular cyber security researcher Patrick Wardle published a detailed analysis of the new macOS ransomware Turtle. Wardle pointed out that since Turtle was uploaded on Virus Total, it was labeled as malicious by 24 anti-malware solutions, suggesting it is not a sophisticated threat. concludes the analysis. Troj.Undef”).

Ransomware

Ransomware Encryption Malware Cybercrime

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

Security Affairs

APRIL 15, 2024

The Ukrainian hacking group Blackjack used a destructive ICS malware dubbed Fuxnet in attacks against Russian infrastructure. ” states the website. ” reads the analysis published by Claroty. ” reads the analysis published by Claroty. Access to 112 Emergency Service. YouTube Video 1 , YouTube Video 2 ).

Malware

Malware Firmware IoT Hacking

North Korea-linked Kimsuky APT attack targets victims via Messenger

Security Affairs

MAY 17, 2024

North Korea-linked Kimsuky APT group employs rogue Facebook accounts to target victims via Messenger and deliver malware. Researchers at Genius Security Center (GSC) identified a new attack strategy by the North Korea-linked Kimsuky APT group and collaborated with the Korea Internet & Security Agency (KISA) for analysis and response.

Malware

Malware Phishing Accountability Media

MITRE attributes the recent attack to China-linked UNC5221

Security Affairs

MAY 7, 2024

MITRE has shared more details on the recent hack , including the new malware involved in the attack and a timeline of the attacker’s activities. According to the MITRE Corporation, a nation-state actor breached its systems in January 2024 by chaining two Ivanti Connect Secure zero-day vulnerabilities (CVE-2023-46805 and CVE-2024-21887).

Malware

Malware Hacking Accountability Authentication

More SolarWinds News

Schneier on Security

FEBRUARY 3, 2021

Microsoft analyzed details of the SolarWinds attack: Microsoft and FireEye only detected the Sunburst or Solorigate malware in December, but Crowdstrike reported this month that another related piece of malware, Sunspot , was deployed in September 2019, at the time hackers breached SolarWinds’ internal network.

Computers and Electronics

Computers and Electronics Malware Software Government

Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

APRIL 14, 2024

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches

Data breaches Social Engineering Malware Hacking

Businesses Flock to NSA's Free Cybersecurity Services

SecureWorld News

MAY 16, 2024

Services include threat analysis reports, guidance on mitigating active threats, insights into nation-state hacking groups, and even direct assistance from the NSA's top cybersecurity experts during active intrusions or incident response. They may have found a powerful new ally in the U.S. government's latest cybersecurity initiative.

Cybersecurity

Cybersecurity Small Business DNS Cyber threats

Researchers find new ICS malware toolkit designed to cause electric power outages

CSO Magazine

MAY 26, 2023

Over the past few years state-sponsored attackers have been ramping up their capabilities of hitting critical infrastructure like power grids to cause serious disruptions. A new addition to this arsenal is a malware toolkit that seems to have been developed for red-teaming exercises by a Russian cybersecurity company.

Malware

Malware Engineering Technology Cybersecurity

New Agent Raccoon malware targets the Middle East, Africa and the US

Security Affairs

DECEMBER 3, 2023

Threat actors are using the Agent Raccoon malware in attacks against organizations in the Middle East, Africa and the U.S. The malware was used in attacks against multiple industries, including education, real estate, retail, non-profit organizations, telecom companies, and governments.

Malware

Malware DNS Retail Education

What Is Stateful Inspection in Network Security? Ultimate Guide

eSecurity Planet

FEBRUARY 14, 2024

Stateful inspection is a firewall feature that filters data packets based on the context of previous data packets. An understanding of how stateful inspection works, the key pros and cons, and its use cases provides important insight into how stateful inspection can be used successfully in a security stack.

Network Security

Network Security Firewall DNS DDOS

Sophisticated Tardigrade malware launches attacks on vaccine manufacturing infrastructure

Security Boulevard

NOVEMBER 25, 2021

Security researchers are warning biomanufacturing facilities around the world that they are being targeted by a sophisticated new strain of malware, known as Tardigrade. The post Sophisticated Tardigrade malware launches attacks on vaccine manufacturing infrastructure appeared first on The State of Security.

Manufacturing

Manufacturing Malware

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Security Affairs

OCTOBER 18, 2023

Google’s Threat Analysis Group (TAG) reported that in recent weeks multiple nation-state actors were spotted exploiting the vulnerability CVE-2023-38831 in WinRAR. In September, CERT-UA observed the FROZENLAKE group exploitingthe WinRAR flaw to deploy malware in attacks aimed at energy infrastructure.

Cybercrime

Cybercrime Malware Software Hacking

Xenomorph malware is back after months of hiatus and expands the list of targets

Security Affairs

SEPTEMBER 26, 2023

A new campaign is spreading Xenomorph malware to Android users in the United States, Spain, Portugal, Italy, Canada, and Belgium. Researchers from ThreatFabric uncovered a new campaign spreading Xenomorph malware to Android users in the United States and all over the world. that was significantly improved.

Malware

Malware Banking Phishing Engineering

Merck settles with insurers regarding a $1.4 billion claim over NotPetya damages

Security Affairs

JANUARY 6, 2024

billion claim arising from the NotPetya malware incident. known as Merck Sharp & Dohme (MSD) outside the United States and Canada, is an American multinational pharmaceutical company. The analysis conducted on the ransomware revealed it was designed to look like ransomware but was wiper malware designed for sabotage purposes.

Insurance

Insurance Manufacturing Ransomware Healthcare

Raspberry Robin Malware Evolves with Sophisticated Evasion Tactics

SecureWorld News

APRIL 11, 2024

The Raspberry Robin malware, a heavily obfuscated Windows worm first identified in late 2021, has become one of the most prevalent threats facing enterprises today. These script files employ a range of anti-analysis techniques to evade detection. The obfuscation techniques used by this malware payload system are impressive.

Malware

Malware IoT Ransomware Manufacturing

Microsoft unveils the tradecraft of hacking group Nobelium

CyberSecurity Insiders

FEBRUARY 24, 2023

Microsoft has unveiled a new set of malware, known as MagicWeb in the wild and has concluded that the said malicious tool is the work of state-funded hacking group Nobelium that changes its trade crafts as per the machine status that they fraudulently access through cyber attacks.

Hacking

Hacking Authentication Cyber Attacks Malware

New Windows Meduza Stealer targets tens of crypto wallets and password managers

Security Affairs

JULY 3, 2023

The malware also targets crypto wallet extensions, password managers, and 2FA extensions. The authors are actively developing malware to evade detection, but no specific attacks have been attributed to the Meduza Stealer to date. The malware admin declared that their operations do not involve any ransom activities.

Password Management

Password Management Passwords Malware Antivirus

Google: We're Tracking 270 State-Sponsored Hacker Groups From Over 50 Countries

The Hacker News

OCTOBER 14, 2021

Google's Threat Analysis Group (TAG) on Thursday said it's tracking more than 270 government-backed threat actors from more than 50 countries, adding it has approximately sent 50,000 alerts of state-sponsored phishing or malware attempts to customers since the start of 2021.

Phishing

Phishing Internet Internet Government

How You Can Start Learning Malware Analysis

Lenny Zeltser

JANUARY 6, 2021

Malware analysis sits at the intersection of incident response, forensics, system and network administration, security monitoring, and software engineering. As someone who’s helped thousands of security professionals learn how to analyze malware at SANS Institute , I have a few tips for how you can get started.

Malware

Malware Software Engineering Information Security

THE 11TH EDITION OF THE ENISA THREAT LANDSCAPE REPORT IS OUT!

Security Affairs

OCTOBER 19, 2023

I’m proud to announce the release of the 11th edition of the ENISA Threat Landscape (ETL) on the state of the cybersecurity threat landscape. The Europen Agency for cybersecurity ENISA releases its ENISA Threat Landscape 2023 (ETL) report , which is the annual analysis of the state of the cybersecurity threat landscape.

Social Engineering

Social Engineering Artificial Intelligence Engineering Ransomware

Malware exploits undocumented Google OAuth endpoint to regenerate Google cookies

Security Affairs

JANUARY 1, 2024

Subsequently, other malware integrated the exploit, including Rhadamanthys, Risepro, Meduza , Stealc Stealer and recently the White Snake. The researchers discovered that the malware targets Chrome’s token_service table of WebData to extract tokens and account IDs of chrome profiles logged in. ” continues the report. .

Malware

Malware Penetration Testing Passwords Encryption

Security Affairs newsletter Round 455 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 21, 2024

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Patch it now!

Artificial Intelligence

Artificial Intelligence VPN Hacking Firewall

APT28 relies on PowerPoint Mouseover to deliver Graphite malware

Security Affairs

SEPTEMBER 29, 2022

The Russia-linked APT28 group is using mouse movement in decoy Microsoft PowerPoint documents to distribute malware. The Russia-linked APT28 employed a technique relying on mouse movement in decoy Microsoft PowerPoint documents to deploy malware, researchers from Cluster25 reported. ” reads the analysis published by Cluster25.

Malware

Malware Government Hacking Information Security

USCYBERCOM shares five new North Korea-linked malware samples

Security Affairs

MAY 13, 2020

The United States Cyber Command (USCYBERCOM) has uploaded five new North Korean malware samples to VirusTotal. The United States Cyber Command (USCYBERCOM) has shared five new malware samples attributed to the North Korea-linked Lazarus APT , it has uploaded the malicious code to VirusTotal.

Malware

Malware Advertising Government Cryptocurrency

OPSWAT launches new malware analysis capabilities for ICS, OT networks

CSO Magazine

AUGUST 10, 2022

Critical infrastructure cybersecurity vendor OPSWAT has announced new malware analysis capabilities for IT and operational technology (OT). The release comes amid increasing cyberthreats surrounding OT networks in industrial control systems (ICS).

Malware

Malware Technology Cybersecurity

Experts warn of a 600X increase in P2Pinfect traffic

Security Affairs

SEPTEMBER 22, 2023

surge during the week leading up to the publication of their analysis. P2Pinfect infections have been reported in China, the United States, Germany, the United Kingdom, Singapore, Hong Kong and Japan. ” reads the analysis published by Cado Security Labs. According to the researchers, traffic experienced a 12.3%

Malware

Malware Passwords Hacking Cybercrime

Multiple threat actors exploited Progress Telerik bug to breach U.S. federal agency

Security Affairs

MARCH 16, 2023

In 2020 and 2021, this flaw was included by the US National Security Agency (NSA) in the list of the top 25 vulnerabilities exploited by Chinese state-sponsored hacking groups in attacks in the wild. The joint alert recommends network defenders review the Malware Analysis Report, MAR-10413062-1.v1 ” reads the advisory.

Internet

Internet Internet Malware Government

North Korea-linked APTs use Maui Ransomware to target the Healthcare industry

Security Affairs

JULY 7, 2022

The report provides information about tactics, techniques, and procedures (TTPs) of the threat actors using the Maui ransomware along with indicators of compromise (IOCs) that were obtained by government experts during incident response activities and industry analysis of a Maui sample. The FBI, CISA, and the U.S.

Healthcare

Healthcare Ransomware Encryption Government

ShadowPad malware on Industrial Control Systems of Asia

CyberSecurity Insiders

JUNE 28, 2022

Researchers from the security firm state they detected the said cyber threat in Oct’21 and found that the hackers were infiltrating the industrial control systems through a Microsoft Exchange Vulnerability. The post ShadowPad malware on Industrial Control Systems of Asia appeared first on Cybersecurity Insiders.

Malware

Malware Telecommunications Surveillance Cyber threats

Russia-linked hackers target Ukrainian military with Infamous Chisel Android malware

Security Affairs

AUGUST 31, 2023

Russia-linked threat actors have been targeting Android devices of the Ukrainian military with a new malware dubbed Infamous Chisel. The GCHQ’s National Cyber Security Centre (NCSC) and agencies in the United States, Australia, Canada, and New Zealand have published an analysis of the Android malware.

Malware

Malware Authentication Threat Detection Government

LiveAction adds new SOC-focused features to ThreatEye NDR platform

CSO Magazine

OCTOBER 3, 2022

In a press release, the firm stated that the platform features a new user interface (UI) designed to enhance the ability of SOC analysts to correlate findings and policy violations to track incidents. To read this article in full, please click here

Encryption

Encryption Network Security Malware

The Lazarus Group Targeted Cybersecurity Researchers Again, Google Says

Heimadal Security

APRIL 1, 2021

According to Google’s Threat Analysis Group research published yesterday, the North Korean state-sponsored operation has set up a fake security company and social media accounts as part of a broad campaign targeting cybersecurity researchers with malware linked to the Lazarus Group.

Cybersecurity

Cybersecurity Media Accountability Malware

What Is a Circuit-Level Gateway? Definitive Guide

eSecurity Planet

FEBRUARY 21, 2024

CLGs depend on two key features, proxy capability and stateful packet inspection, to block unsolicited communication. Successful implementation of a circuit-level gateway defends against unrestricted communication, which can enable network probing, malware delivery, and other attacks.

Firewall

Firewall DDOS Architecture Cybersecurity

macOS Zero-Day exploited in watering hole attacks on users in Hong Kong

Security Affairs

NOVEMBER 12, 2021

Google revealed that threat actors recently exploited a zero-day vulnerability in macOS to deliver malware to users in Hong Kong. Google TAG researchers discovered that threat actors leveraged a zero-day vulnerability in macOS in a watering hole campaign aimed at delivering malware to users in Hong Kong.

Malware

Malware Media Surveillance Encryption

Cyclops Blink malware: US and UK authorities issue alert

Malwarebytes

FEBRUARY 24, 2022

According to a joint security advisory published yesterday by US and UK cybersecurity and law enforcement agencies, a new malware called Cyclops Blink has surfaced to replace the VPNFilter malware attributed to the Sandworm group, which has always been seen as a Russian state-sponsored group. Cyclops Blink.

Malware

Malware Firewall Firmware DDOS

HIVE Ransomware Shut Down by International Law Enforcement

SecureWorld News

JANUARY 27, 2023

The United States Department of Justice (DOJ) recently announced that it has successfully taken down the HIVE ransomware network, an international cybercrime ring that had been responsible for stealing and encrypting the data of more than 1,500 companies from 80 different countries. Cybercrime is a constantly evolving threat.

Ransomware

Ransomware Cybercrime Cryptocurrency Telecommunications

DragonSpark threat actor avoids detection using Golang source code Interpretation

Security Affairs

JANUARY 25, 2023

Chinese threat actor tracked as DragonSpark targets organizations in East Asia with a Golang malware to evade detection. The attackers employed an open source tool SparkRAT along with Golang malware that implements an uncommon technique to evade detection. ” reads the report published by SentineOne. exe, implemented in Golang.”

Malware

Malware Internet Internet Hacking

New PowerDrop malware targets U.S. aerospace defense industry

Security Affairs

JUNE 7, 2023

aerospace defense sector with a new PowerShell malware dubbed PowerDrop. The PowerShell-based malware uses advanced techniques to evade detection, including deception, encoding, and encryption. ” reads the analysis published by Adlumin. . ” reads the analysis published by Adlumin. aerospace sector.

Malware

Malware Encryption Internet Internet

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

Security Affairs

SEPTEMBER 24, 2023

Stealth Falcon is a nation-state actor active since at least 2012, the group targeted political activists and journalists in the Middle East in past campaigns. The researchers explained that unlike other malware typically using components written in only one programming language, Deadglyph uses distinct programming languages.

Spyware

Spyware Malware Architecture Encryption

New RAT malware uses sophisticated evasion techniques, leverages COVID-19 messaging

CSO Magazine

MAY 11, 2022

Researchers at cybersecurity vendor Proofpoint have analyzed a new remote access Trojan (RAT) malware campaign using sophisticated evasion techniques and leveraging COVID-19 themed messaging to target global organizations.

Malware

Malware Cybersecurity

North Korea-linked Lazarus targeted a Spanish aerospace company

Security Affairs

OCTOBER 1, 2023

The state-sponsored hackers deployed several tools, including a previously undocumented backdoor dubbed LightlessCan. ” reads the analysis published by ESET. ” reads the analysis published by ESET. The cyberspies impersonated Meta’s recruiters to lure employees with trojanized coding challenges. exe and Quiz2.exe,

Malware

Malware Cyber Attacks Hacking

Researchers used electromagnetic signals to classify malware infecting IoT devices

Security Affairs

JANUARY 5, 2022

Cybersecurity researchers demonstrate how to use electromagnetic field emanations from IoT devices to detect malware. The researchers proposed a novel approach of using side channel information to identify malware targeting IoT systems. In fact, EM emanation that is measured from the device is practically undetectable by the malware.

IoT

IoT Malware Internet Internet

The State of Malware Analysis: Advice from the Trenches

GitCaught campaign relies on Github and Filezilla to deliver multiple malware

Webinars

Trending Sources

Expert warns of Turtle macOS ransomware

Webinars

Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

North Korea-linked Kimsuky APT attack targets victims via Messenger

MITRE attributes the recent attack to China-linked UNC5221

More SolarWinds News

Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION

Businesses Flock to NSA's Free Cybersecurity Services

Researchers find new ICS malware toolkit designed to cause electric power outages

New Agent Raccoon malware targets the Middle East, Africa and the US

What Is Stateful Inspection in Network Security? Ultimate Guide

Sophisticated Tardigrade malware launches attacks on vaccine manufacturing infrastructure

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Xenomorph malware is back after months of hiatus and expands the list of targets

Merck settles with insurers regarding a $1.4 billion claim over NotPetya damages

Raspberry Robin Malware Evolves with Sophisticated Evasion Tactics

Microsoft unveils the tradecraft of hacking group Nobelium

New Windows Meduza Stealer targets tens of crypto wallets and password managers

Google: We're Tracking 270 State-Sponsored Hacker Groups From Over 50 Countries

How You Can Start Learning Malware Analysis

THE 11TH EDITION OF THE ENISA THREAT LANDSCAPE REPORT IS OUT!

Malware exploits undocumented Google OAuth endpoint to regenerate Google cookies

Security Affairs newsletter Round 455 by Pierluigi Paganini – INTERNATIONAL EDITION

APT28 relies on PowerPoint Mouseover to deliver Graphite malware

USCYBERCOM shares five new North Korea-linked malware samples

OPSWAT launches new malware analysis capabilities for ICS, OT networks

Experts warn of a 600X increase in P2Pinfect traffic

Multiple threat actors exploited Progress Telerik bug to breach U.S. federal agency

North Korea-linked APTs use Maui Ransomware to target the Healthcare industry

ShadowPad malware on Industrial Control Systems of Asia

Russia-linked hackers target Ukrainian military with Infamous Chisel Android malware

LiveAction adds new SOC-focused features to ThreatEye NDR platform

The Lazarus Group Targeted Cybersecurity Researchers Again, Google Says

What Is a Circuit-Level Gateway? Definitive Guide

macOS Zero-Day exploited in watering hole attacks on users in Hong Kong

Cyclops Blink malware: US and UK authorities issue alert

HIVE Ransomware Shut Down by International Law Enforcement

DragonSpark threat actor avoids detection using Golang source code Interpretation

New PowerDrop malware targets U.S. aerospace defense industry

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

New RAT malware uses sophisticated evasion techniques, leverages COVID-19 messaging

North Korea-linked Lazarus targeted a Spanish aerospace company

Researchers used electromagnetic signals to classify malware infecting IoT devices

Stay Connected