Malware Advisory - Alert: APT 10 Targeting UK Organizations

APT10 (also known as Stone Panda, MenuPass and Red Apollo) is a threat actor known to have been active since at least 2009. Recently APT10 has compromised many global MSPs. The activity is global, but there is a significant UK impact. Industry information indicates that the exploitation methods vary depending on the location targeted. While the impact of the actor’s intrusions may not be immediately evident, the loss of intellectual property and associated financial cost in the case of successful data theft can be considerable. A successful compromise may also result in significant penalties under GDPR, as APT10 have been observed in multiple cases exfiltration large volumes of personal data. And the organization itself is not at risk in isolation: infections can and do spread rapidly onward to infect its customers and/or supply chain.

A Note on WannaCry/WanaCrypt0r Ransomware

Ransomware is a malicious software that encrypts the files and locks device, such as a computer, tablet or smartphone and then demands a ransom to unlock it. Recently, a dangerous ransomware named 'Wannacry' has been affecting the computers worldwide creating the biggest ransomware attack the world has ever seen. This has affected computers in India also.
About the Wanacrypt0r Ransomware
Wanacrypt0r is a ransomware that infects windows systems by exploiting a vulnerability called EternalBlue.  The exploit allows access to a remote machine via SMBV1 protocol. Microsoft patched this flaw in March as MS17-010. Wanacryptor is also known as “wannacry, wcry and wannacrypt.
How does Wanacrypt0r work?

Ransomware - Are we doing enough to prevent ?

Ransomware - Are we doing enough to prevent ?

Ransomware are malicious code designed to block access to a computer system, executes a crypto-virology attack that adversely affects files until a sum of money is remunerated. They act like a hostage kidnapper, makes you pay a ransom cash towards freeing the system back. The average ransom demanded today is about 500$ to 1000$. Most ransomware either restrict the application access of the legitimate user or are of encrypting type. Ransomware hackers demand payment mostly is the form of bitcoins, ensuring anonymity.

Mirai - A botnet resposible for largest DDoS attack

Mirai - A botnet resposible for largest DDoS attack
Mirai is a botnet that was responsible for the largest DDoS attack in botnet history. On 20 September 2016, the biggest security news website was targeted by 650 Gbps attack and later the French internet hosting site OVH reported being targeted by 1.1 Tbps DDoS attack. Mirai was responsible for the largest DDoS attack recorded till date despite not being the biggest botnet in the world.

Malvertising - A rising menace

Malvertising a rising menace

Malvertising or Malicious advertising is a technique which uses ads to spread malware. Instead of tricking users to visit malicious website, malvertising uses advertising networks to distribute malware in trustworthy websites. The distributed malware can be a spyware, ransomware, anything that can benefit the attacker.

Malware + Advertising (Malvertising) acts as a carrier for cyber criminals to open up a covert channel to launch an attack on the system. It always targets popular websites, where the traffic is high because these high trafficked websites often outsource the advertising space to ad sellers (ad networks). Advertisers bid for ad space in popular websites and the ad sellers serves the winners in bidding process with the space.

How to prevent mobile malware?

How to prevent mobile malware ?

Malware is short for Malicious softWare, which is designed to damage or even disrupt the computer. The array of malware ranges from spyware to key loggers; some are for financial malware and includes ransomware. Protection against Malware is ‘anti-malware’ products in the simplistic terms, and there we have it.  Not much of an article though is it!! So let’s dig deeper into the subject mobile malware prevention.

Vendors such as Sophos, Trend, MacAfee, Symantec or Kaspersky give deeper ways into the prevention. Equally, the ‘User’ must use common sense and it’s down to ‘ownership’ of the problem.

Insight onto the problem

To precise, in 2015 Kaspersky identified the following:

Ransomware - a growing threat , more and more stories day by day

Ransomware - a growing threat , more and more stories day by day

Kidnapping for money is something common in various parts of the world today. In Cyber Security too, we are facing this in the form of Ransomware, a new way of kidnapping and some people call this as Digital kidnapping.  Here the Cyber criminals kidnap our valuable data and hold them as a hostage. Think about a situation where an organization’s entire system is held as hostage by an outside party and are unwilling to release it until a ransom is paid.  Not only valuable data, in this IoT era where we use Smart TV’s, smart watches, smart fridges, and we already witnessed car hacks, a cyber criminal can hack those and ask ransom to get it back. Imagine a situation where you are driving a car and a criminal gets your vehicle control and asks for ransom to give you back the vehicle control.  Day by day, we are hearing a lot of ransomware stories, most of them targeting health care organizations.

How to Perform Basic Static Malware Analysis Using Open Source Tools ?

How to Perform Basic Static Malware Analysis Using Open Source Tools ?

The recent Malware attacks on banks, financial institutions, and payment processors are a validation of the increasing technical expertise of cyber-criminals and their ability to cause significant damage while orchestrating remotely. From mobile malware to banking Trojans, and point-of-sale (POS) and retail breaches, the threat landscape continues to evolve.  According to anti-malware product vendors, the average time to resolve a malware attack ranges from 18-26 days, resulting huge business down-time. In addition, the average cost of cleanup, cost of investigation, increased manifold.  The two reasons for this pathetic situation are:

A quick thought on how good Sandboxing technologies are ?

A quick thought on how good Sandboxing technologies are?

These days we hear lot about Advanced Persistent Threat (APT) mitigation techniques and the solutions that could protect us from Zero Day Attacks. Last couple of years the main focus was on Sandboxing solutions. We normally place firewall, IPS/IDS, HIPS, Antivirus solutions as a part of Defence in Depth principle. The limitation in this is most IPS/IDS, HIPS or Antivirus solutions detect and block known malwares as most of them are signature based security solutions. If they don’t have a corresponding signature, then the attack will go unnoticed and will result in exploiting vulnerabilities. I always believe in a principle – Prevention is better than cure.

Windows PCs Make Up 80% Of Mobile Network Infections

Microsoft Windows PCs -- not smartphones and tablets -- harbor most of the malware on mobile networks, according to a new Alcatel-Lucent report.

Mobile devices are the least of your worries in a mobile network: Windows PCs are responsible for 80% of all malware infections on today's mobile infrastructure, new data shows.
Alcatel-Lucent's Motive Security Labs this week published its findings from the first half of 2015, showing that the overall infection rate for mobile devices had declined from 0.68% to 0.50% from January to April of this year. Then it spiked to 0.75% in late June, thanks in part to the main source of malware on a mobile network -- Windows PCs tethered to mobile WiFi devices, hotspots, and smartphones getting hit mainly with malicious adware.


Subscribe to RSS - malware