A Note on WannaCry/WanaCrypt0r Ransomware

Ransomware is a malicious software that encrypts the files and locks device, such as a computer, tablet or smartphone and then demands a ransom to unlock it. Recently, a dangerous ransomware named 'Wannacry' has been affecting the computers worldwide creating the biggest ransomware attack the world has ever seen. This has affected computers in India also.
About the Wanacrypt0r Ransomware
Wanacrypt0r is a ransomware that infects windows systems by exploiting a vulnerability called EternalBlue.  The exploit allows access to a remote machine via SMBV1 protocol. Microsoft patched this flaw in March as MS17-010. Wanacryptor is also known as “wannacry, wcry and wannacrypt.
How does Wanacrypt0r work?

Ransomware - Are we doing enough to prevent ?

Ransomware - Are we doing enough to prevent ?

Ransomware are malicious code designed to block access to a computer system, executes a crypto-virology attack that adversely affects files until a sum of money is remunerated. They act like a hostage kidnapper, makes you pay a ransom cash towards freeing the system back. The average ransom demanded today is about 500$ to 1000$. Most ransomware either restrict the application access of the legitimate user or are of encrypting type. Ransomware hackers demand payment mostly is the form of bitcoins, ensuring anonymity.

Mirai - A botnet resposible for largest DDoS attack

Mirai - A botnet resposible for largest DDoS attack
Mirai is a botnet that was responsible for the largest DDoS attack in botnet history. On 20 September 2016, the biggest security news website was targeted by 650 Gbps attack and later the French internet hosting site OVH reported being targeted by 1.1 Tbps DDoS attack. Mirai was responsible for the largest DDoS attack recorded till date despite not being the biggest botnet in the world.

Malvertising - A rising menace

Malvertising a rising menace

Malvertising or Malicious advertising is a technique which uses ads to spread malware. Instead of tricking users to visit malicious website, malvertising uses advertising networks to distribute malware in trustworthy websites. The distributed malware can be a spyware, ransomware, anything that can benefit the attacker.

Malware + Advertising (Malvertising) acts as a carrier for cyber criminals to open up a covert channel to launch an attack on the system. It always targets popular websites, where the traffic is high because these high trafficked websites often outsource the advertising space to ad sellers (ad networks). Advertisers bid for ad space in popular websites and the ad sellers serves the winners in bidding process with the space.

How to prevent mobile malware?

How to prevent mobile malware ?

Malware is short for Malicious softWare, which is designed to damage or even disrupt the computer. The array of malware ranges from spyware to key loggers; some are for financial malware and includes ransomware. Protection against Malware is ‘anti-malware’ products in the simplistic terms, and there we have it.  Not much of an article though is it!! So let’s dig deeper into the subject mobile malware prevention.

Vendors such as Sophos, Trend, MacAfee, Symantec or Kaspersky give deeper ways into the prevention. Equally, the ‘User’ must use common sense and it’s down to ‘ownership’ of the problem.

Insight onto the problem

To precise, in 2015 Kaspersky identified the following:

Ransomware - a growing threat , more and more stories day by day

Ransomware - a growing threat , more and more stories day by day

Kidnapping for money is something common in various parts of the world today. In Cyber Security too, we are facing this in the form of Ransomware, a new way of kidnapping and some people call this as Digital kidnapping.  Here the Cyber criminals kidnap our valuable data and hold them as a hostage. Think about a situation where an organization’s entire system is held as hostage by an outside party and are unwilling to release it until a ransom is paid.  Not only valuable data, in this IoT era where we use Smart TV’s, smart watches, smart fridges, and we already witnessed car hacks, a cyber criminal can hack those and ask ransom to get it back. Imagine a situation where you are driving a car and a criminal gets your vehicle control and asks for ransom to give you back the vehicle control.  Day by day, we are hearing a lot of ransomware stories, most of them targeting health care organizations.

How to Perform Basic Static Malware Analysis Using Open Source Tools ?

How to Perform Basic Static Malware Analysis Using Open Source Tools ?

The recent Malware attacks on banks, financial institutions, and payment processors are a validation of the increasing technical expertise of cyber-criminals and their ability to cause significant damage while orchestrating remotely. From mobile malware to banking Trojans, and point-of-sale (POS) and retail breaches, the threat landscape continues to evolve.  According to anti-malware product vendors, the average time to resolve a malware attack ranges from 18-26 days, resulting huge business down-time. In addition, the average cost of cleanup, cost of investigation, increased manifold.  The two reasons for this pathetic situation are:

A quick thought on how good Sandboxing technologies are ?

A quick thought on how good Sandboxing technologies are?

These days we hear lot about Advanced Persistent Threat (APT) mitigation techniques and the solutions that could protect us from Zero Day Attacks. Last couple of years the main focus was on Sandboxing solutions. We normally place firewall, IPS/IDS, HIPS, Antivirus solutions as a part of Defence in Depth principle. The limitation in this is most IPS/IDS, HIPS or Antivirus solutions detect and block known malwares as most of them are signature based security solutions. If they don’t have a corresponding signature, then the attack will go unnoticed and will result in exploiting vulnerabilities. I always believe in a principle – Prevention is better than cure.

Windows PCs Make Up 80% Of Mobile Network Infections

Microsoft Windows PCs -- not smartphones and tablets -- harbor most of the malware on mobile networks, according to a new Alcatel-Lucent report.

Mobile devices are the least of your worries in a mobile network: Windows PCs are responsible for 80% of all malware infections on today's mobile infrastructure, new data shows.
Alcatel-Lucent's Motive Security Labs this week published its findings from the first half of 2015, showing that the overall infection rate for mobile devices had declined from 0.68% to 0.50% from January to April of this year. Then it spiked to 0.75% in late June, thanks in part to the main source of malware on a mobile network -- Windows PCs tethered to mobile WiFi devices, hotspots, and smartphones getting hit mainly with malicious adware.

New Malware - PoS Trojan

New Malware - PoS Trojan

As per Researchers from  Dr. Web an antivirus firm, a malware is designed to infect point-of-sale (PoS) terminals and capable of intercepting GET and POST requests sent from Web browsers on infected machines.The Trojan can modify the registry branch in charge with autorun on the infected PoS terminals, it can also check the device’s RAM for credit card information,steal data from the Microsoft Mail application, as well as FTP login credentials.
Also Dr.Web explains that the commands supported by the Trojan include CMD (forward the command to the interpreter - cmd.exe), UPDATE, FIND (search for documents using a mask), DDoS (mount an HTTP Flood attack), and rate (set a time interval for communication with the command and control server).This Trojan borrows code from previously discovered Dexter malware that targets PoS terminals, while its architecture looks similar to that of Neutrino, though it is rather a downsized version of the latter.


Subscribe to RSS - malware