Girl Scouts and OpenText empower future leaders of tomorrow with cyber resilience

The transition to a digital-first world enables us to connect, work and live in a realm where information is available at our fingertips. The children of today will be working in an environment of tomorrow that is shaped by hyperconnectivity. Operating in this...

World Backup Day reminds us all just how precious our data is

Think of all the important files sitting on your computer right now. If your computer crashed tomorrow, would you be able to retrieve your important files? Would your business suffer as a result? As more and more of our daily activities incorporate digital and online...

3 Reasons We Forget Small & Midsized Businesses are Major Targets for Ransomware

The ransomware attacks that make headlines and steer conversations among cybersecurity professionals usually involve major ransoms, huge corporations and notorious hacking groups. Kia Motors, Accenture, Acer, JBS…these companies were some of the largest to be...

How Ransomware Sneaks In

Ransomware has officially made the mainstream. Dramatic headlines announce the latest attacks and news outlets highlight the staggeringly high ransoms businesses pay to retrieve their stolen data. And it’s no wonder why – ransomware attacks are on the rise and the...

An MSP and SMB guide to disaster preparation, recovery and remediation

Introduction It’s important for a business to be prepared with an exercised business continuity and disaster recovery (BC/DR) plan plan before its hit with ransomware so that it can resume operations as quickly as possible. Key steps and solutions should be followed...

Podcast: Cyber resilience in a remote work world

The global pandemic that began to send us packing from our offices in March of last year upended our established way of working overnight. We’re still feeling the effects. Many office workers have yet to return to the office in the volumes they worked in pre-pandemic....

5 Tips to get Better Efficacy out of Your IT Security Stack

If you’re an admin, service provider, security executive, or are otherwise affiliated with the world of IT solutions, then you know that one of the biggest challenges to overcome is efficacy. Especially in terms of cybersecurity, efficacy is something of an amorphous...

How Cryptocurrency and Cybercrime Trends Influence One Another

Typically, when cryptocurrency values change, one would expect to see changes in crypto-related cybercrime. In particular, trends in Bitcoin values tend to be the bellwether you can use to predict how other currencies’ values will shift, and there are usually...

New subscription-based ‘stealth Bitcoin miner’ spotted in the wild

By Dancho Danchev

Bitcoin, the digital peer-to-peer based currency, is an attractive target for cybercriminals, who persistently look for new monetization tactics to apply to their massive, but easily generated botnets. Not surprisingly, thanks to the buzz surrounding it, fraudulent Internet actors have begun to look for efficient ways to take advantage of the momentum. A logical question emerges – how are market oriented cybercriminals capitalizing on the digital currency?

Instead of having to personally infect tens of thousands of hosts, some take advantage of basic pricing schemes such subscription-based pricing, and have others do all the infecting, with them securing a decent revenue stream based on a monthly subscription model.

Let’s profile the international underground market proposition, detailing the commercial availability of a stealth Bitcoin miner, feature screenshots of the actual DIY miner generating tool, screenshots provided by happy customers, and perhaps most importantly, MD5s of known miner modifications ‘pushed’ since its first commercial release.

More details:

read more…

Newly launched E-shop for hacked PCs charges based on malware ‘executions’

By Dancho Danchev

On the majority of occasions, Cybercrime-as-a-Service vendors will sell access to malware-infected hosts to virtually anyone who pays for them, without bothering to know what happens once the transaction takes place.

A newly launched E-shop for malware-infected hosts, however, has introduced a novel approach for calculating the going rate for the hacked PCs. Basically, they’re selling actual malicious binary “executions” on the hosts that the vendor is managing, instead of just selling access to them.

A diversified international underground market proposition? Check. A novel approach to monetize malware-infected hosts? Not at all. Let’s profile the actual market proposition, and discuss in-depth why its model is flawed by design.

More details:

read more…

Cybercriminals offer HTTP-based keylogger for sale, accept Bitcoin

By Dancho Danchev

In 2013, Liberty Reserve and Web Money remain the payment method of choice for the majority of Russian/Eastern European cybercriminals. Cybercrime-as-a-Service underground market propositions, malware crypters, R.A.Ts (Remote Access Trojans), brute-forcing tools etc. virtually every underground market product/service is available for purchase through the use of these ubiquitous virtual currencies.

What’s the situation on the international underground market? Next to accepting PayPal and consequently all major credit cards, we’ve been observing an increase in market propositions starting to accept Bitcoins. Is this a trend or a fad, and does the currency’s P2P model about to be embraced ecosystem-wide due to its (current) pseudo-anonymous model?

Let’s find out.

More details:

read more…

Cybercriminals impersonate New York State’s Department of Motor Vehicles (DMV), serve malware

By Dancho Danchev

Cybercriminals are currently spamvertising tens of thousands of bogus emails impersonating New York State’s Department of Motor Vehicles (DMV) in an attempt to trick users into thinking they’ve received an uniform traffic ticket, that they should open, print and send to their town’s court.

In reality, once users open and execute the malicious attachment, their PCs will automatically join the botnet operated by the cybercriminal/cybercriminals behind the campaign.

More details:

read more…

Fake Amazon ‘Your Kindle E-Book Order’ themed emails circulating in the wild, lead to client-side exploits and malware

By Dancho Danchev

Kindle users, watch what you click on!

Cybercriminals are currently mass mailing tens of thousands of fake Amazon “You Kindle E-Book Order” themed emails in an attempt to trick Kindle users into clicking on the malicious links found in these messages. Once they do so, they’ll be automatically exposed to the client-side exploits served by the Black Hole Exploit Kit, ultimately joining the botnet operated by the cybercriminal/cybercriminals that launched the campaign.

More details:

read more…

Citibank ‘Merchant Billing Statement’ themed emails lead to malware

Over the past 24 hours, we’ve intercepted yet another spam campaign impersonating Citibank in an attempt to socially engineer Citibank customers into thinking that they’ve received a Merchant Billing Statement. Once users execute the malicious attachment found in the fake emails, their PCs automatically join the botnet operated by the cybercriminal/cybercriminals.

More details:

read more…

New version of DIY Google Dorks based mass website hacking tool spotted in the wild

Need a compelling reason to perform search engine reconnaissance on your website, for the purpose of securing it against eventual compromise? We’re about to give you a good one.

A new version of a well known mass website hacking tool has been recently released, empowering virtually anyone who buys it with the capability to efficiently build “hit lists” of remotely exploitable websites for the purpose of abusing them in a malicious or fraudulent fashion. Relying on Google Dorks for performing search engine reconnaissance, the tool has built-in SQL injecting options, the ability to add custom exploits, a proxy aggregation function so that no CAPTCHA challenge is ever displayed to the attacker, and other related features currently under development.

More details:

read more…

Rootkit infection sporadically redirects search results in hopes users ‘just live with it’

By Tyler Moffitt

Recently we have seen an increase in fake installer scams attempting to trick computer users into installing disguised rootkits directly on their machines. In this post, we want to highlight how a scam like this can be installed and infect a machine, including behavior to watch out for as well as how to remedy the situation if it were to arise.

In the case of this infection, we are utilizing a bogus Adobe Flash Player installer. Normally, this file would be downloaded from a website after a message stating “You need the latest version of Flash to view this video” appears. The file being downloaded would have a random name, such as ‘flashplayerinstallerxxxx.exe’.
read more…

New IRC/HTTP based DDoS bot wipes out competing malware

Everyday, new vendors offering malicious software enter the underground marketplace. And although many will fail to differentiate their underground market proposition in market crowded with reputable, trusted and verified sellers, others will quickly build their reputation on the basis of their “innovative” work, potentially stealing some market share and becoming rich by offering the tools necessary to facilitate cybercrime.

Publicly announced in late 2012, the IRC/HTTP based DDoS bot that I’ll profile in this post has been under constant development. From its initial IRC-based version, the bot has evolved into a HTTP-based one, supporting 10 different DDoS attack techniques as well as possessing a featuring allowing it to heuristically and proactively remove competing malware on the affected hosts, such as, for instance, ZeuS, Citadel or SpyEye.

More details:

read more…

A peek inside a CVE-2013-0422 exploiting DIY malicious Java applet generating tool

On a regular basis we profile various DIY (do it yourself) releases offered for sale on the underground marketplace with the idea to highlight the re-emergence of this concept which allows virtually anyone obtaining the leaked tools, or purchasing them, to launch targeted malware attacks.

Can DIY exploit generating tools be considered as a threat to the market domination of Web malware exploitation kits? What’s the driving force behind their popularity? Let’s find out by profiling a tool that’s successfully generating an exploit (CVE-2013-0422) embedded Web page, relying on malicious Java applets.

More details:

read more…