research

Why Organizations Should Take Cloud-Based Cryptocurrency-Mining Attacks Seriously

Posted on by Admin
Why Organizations Should Take Cloud-Based Cryptocurrency-Mining Attacks Seriously

But that’s just the tangible cost of a cryptocurrency-mining attack. There are also indirect consequences that an affected organization might encounter, such as the disruption and slowdown of operations that could result in loss of revenue or even damage to the reputation of the organization because of the inconveniences brought upon its customers. The major players in the cloud-based cryptocurrency mining landscape are diverse in terms of their tools, techniques, and even the way they…

Read More

Purple Fox Uses New Arrival Vector and Improves Malware Arsenal

Posted on by Admin
Purple Fox Uses New Arrival Vector and Improves Malware Arsenal

In previous campaigns in 2019, HTTP file servers (HFS) were used by Purple Fox to run the C&C servers that host files on the infected bots. In this most recent investigation, we found an exposed HFS that the Purple Fox group uses to host all the second stage samples with their update timestamps. We were able to track the frequency of the second stage updated packages pushed to this exposed server using the timestamp data….

Read More

An Investigation of Cryptocurrency Scams and Schemes

Posted on by Admin
An Investigation of Cryptocurrency Scams and Schemes

The use of cryptocurrency has increased tremendously since it was first introduced in 2009. As blockchain technology has only enabled this use to expand, interest in cryptocurrency and the assets that are generated in its use also continue to grow. However, the virtual environment that allows it to flourish has also become fertile ground for cybercriminals to exploit, so much so that there has been a constant stream of reports on scams related to cryptocurrency…

Read More

Cyclops Blink Sets Sights on Asus Routers

Posted on by Admin
Cyclops Blink Sets Sights on Asus Routers

Conclusion and security recommendations Over the past few years, IoT attacks have been escalating globally and internet routers have been one of the primary targets. There are several reasons that these devices are favored by an attacker — the infrequency of patching, the lack of security software, and the limited visibility of defenders. Combined, these allow for the possibility of what we refer to as “eternal botnets.” Once an IoT device is infected with malware,…

Read More

New Nokoyawa Ransomware Possibly Related to Hive

Posted on by Admin
New Nokoyawa Ransomware Possibly Related to Hive

Hive, which is one of the more notable ransomware families of 2021, made waves in the latter half of the year after breaching over 300 organizations in just four months — allowing the group to earn what could potentially be millions of US dollars in profit. In March 2022, we came across evidence that another, relatively unknown, ransomware known as Nokoyawa is likely connected with Hive, as the two families share some striking similarities in…

Read More

New RURansom Wiper Targets Russia

Posted on by Admin
New RURansom Wiper Targets Russia

Other versions also attempt to start the process with elevated privileges. These different versions and modifications might indicate that the malware was still undergoing development at the time of writing. Other activities from the same author Aside from RURansom, the developer appears to have been working on another “wiper” dubbed as “dnWipe.” Its payload is executed every Tuesday. We analyzed dnWipe and found that it simply encodes content in base64 for the following file extensions:…

Read More

SMS PVA Part 3: Countries Most Impacted by Cybercriminal Service

Posted on by Admin
SMS PVA Part 3: Countries Most Impacted by Cybercriminal Service

SMS PVA Part 3: Countries Most Impacted by Cybercriminal Service Malware In this final part, we discuss the countries most affected by SMS PVA services as well as lay out several recommendations to mitigate the risks of such threats. By: Trend Micro March 02, 2022 Read time:  ( words) Part two of our blog entry discussed the impacts and implications of SMS PVA services. The article also explored how these services work by using Carousell…

Read More

SMS PVA Part 2: Underground Service for Cybercriminals

Posted on by Admin
SMS PVA Part 2: Underground Service for Cybercriminals

In this sample, we can see an Indonesian mobile number with an “ethnically” matching photograph in Whatsapp (presumed real account of the owner), but with a Russian name in Telegram (account presumed to have been registered using SMS PVA). These are just some illustrations of the common trend we saw on smspva.net. Either the accounts have different names across different services, or the country of the mobile phone does not match the language used in…

Read More

SMS PVA Part 1: Underground Service for Cybercriminals

Posted on by Admin
SMS PVA Part 1: Underground Service for Cybercriminals

SMS PVA Part 1: Underground Service for Cybercriminals Malware In this three-part blog entry, our team explored SMS PVA, a service built on top of a global bot network that compromises smartphone cybersecurity as we know it. By: Trend Micro February 22, 2022 Read time:  ( words) Smartphones have become a huge part of our daily lives. Not only do they allow us to connect with family and friends, these nifty devices let us become…

Read More

Latest Mac Coinminer Utilizes Open-Source Binaries and the I2P Network

Posted on by Admin
Latest Mac Coinminer Utilizes Open-Source Binaries and the I2P Network

Latest Mac Coinminer Utilizes Open-Source Binaries and the I2P Network Malware A Mac coinminer has been spotted using open-source components in its routine and the I2P Network to hide its traffic. We dive into old iterations of this malware, and also analyze the newest version. By: Luis Magisa February 21, 2022 Read time:  ( words) Coinminers are one of the more profitable types of malware for malicious actors, and they require little maintenance once installed…

Read More
1 12 13 14 15 16 18