Articles

New Jenkins Campaign Hides Malware, Kills Competing Crypto-Miners

Article / Jul 16, 2018

By liron segal

Threat actors continue to find creative yet relatively unsophisticated ways to launch new campaigns to reap profits from crypto-mining operations.

Tackling Gootkit's Traps

Article / Jul 11, 2018

By julia karpin

Gootkit malware uses misleading code to hinder manual research and automated analysis.

BackSwap Defrauds Online Banking Customers Using Hidden Input Fields

Article / Jun 29, 2018

By ruby cohen doron voolf

BackSwap demonstrates unique behavior in its manipulation of user input fields and its handling of International Bank Account Numbers (IBANs).

New Struts 2 Campaign Compiles Its Own C# Downloader, Leverages a User Profile Page as Its C&C Server

Article / Jun 23, 2018

By liron segal

Attackers continue to find new and creative ways to carry out malicious crypto-mining operations, employing multiple exploits in a single campaign.

New Campaign Targeting Apache Struts 2, WebLogic Deploys Malware Using VBScript

Article / Jun 21, 2018

By liron segal

With the vast availability of new exploits and the competition for victims’ resources, the multi-exploit trend continues to be popular among attackers.

Panda Malware Broadens Targets to Cryptocurrency Exchanges and Social Media

Article / May 9, 2018

By doron voolf

Panda malware is back in full force with three currently active campaigns that extend its targets beyond banking to new industries and organizations worldwide.

Windows IIS 6.0 CVE-2017-7269 Is Targeted Again to Mine Electroneum

Article / Apr 12, 2018

By andrey shalnev

Attackers are targeting a Windows IIS vulnerability first disclosed a year ago to mine Electroneum.

The Global Playing Field is Leveling Out as Europe and Asia Take on More DDoS Attacks

Article / Apr 6, 2018

By sara boddy justin shattuck ilan meller damien rocha

The latest DDoS trends include the return of large volumetric DDoS attacks, the rise of application targeted attacks, and businesses in Europe and Asia are growing targets.

Old Dog, New Targets: Switching to Windows to Mine Electroneum

Article / Mar 28, 2018

By andrey shalnev

Apache Struts 2 Jakarta Multipart Parser RCE crypto-mining campaign is now targeting Windows, not just Linux systems.

rTorrent Vulnerability Leveraged in Campaign Spoofing RIAA and NYU User-Agents?

Article / Mar 8, 2018

By andrey shalnev

The rTorrent XML-RPC function configuration error targeted to mine Monero in February was also targeted in January in a campaign to spoof user-agents for RIAA and NYU.

rTorrent Client Exploited In The Wild To Deploy Monero Crypto-Miner

Article / Feb 28, 2018

By andrey shalnev

A previously undisclosed misconfiguration vulnerability in the rTorrent client is being exploited in the wild to mine Monero.

Ramnit Goes on a Holiday Shopping Spree, Targeting Retailers and Banks

Article / Jan 15, 2018 (MODIFIED: Jan 25, 2018)

By doron voolf

Ramnit’s latest twist includes targeting the most widely used web services during the holidays: online retailers, entertainment, banking, food delivery, and shipping sites.

New Python-Based Crypto-Miner Botnet Flying Under the Radar

Article / Jan 3, 2018 (MODIFIED: Jan 25, 2018)

By maxim zavodchik liron segal aaron brailsford

A new Python-based botnet that mines Monero spreads via SSH and leverages Pastebin to publish new C&C server addresses.

Zealot: New Apache Struts Campaign Uses EternalBlue and EternalSynergy to Mine Monero on Internal Networks

Article / Dec 15, 2017 (MODIFIED: Jan 18, 2018)

By maxim zavodchik liron segal

Zealot Apache Struts campaign targets vulnerabilities in Windows, Linux, and DotNetNuke, then uses leaked NSA exploits to mine Monero on internal networks.

Academic Research: A Survey of Email Attacks

Article / Oct 31, 2017 (MODIFIED: Dec 14, 2017)

By david hammerstrom sara mcgarvey russel parham kyle uecker anthony wade

Email has become such an ordinary part of our daily lives that we can forget how vulnerable it is.

Academic Research: Web Application Attacks

Article / Oct 10, 2017 (MODIFIED: Nov 9, 2017)

By andrew cox daniel freese matthew martin daniel massie

Personally identifiable information and user credentials are the primary nuggets attackers are after when they exploit known vulnerabilities in web applications.

CISOs: Striving Toward Proactive Security Strategies

Article / Sep 19, 2017 (MODIFIED: Nov 9, 2017)

By mike convertino

As enterprises more closely align their security and IT operations, they still struggle to shift their security programs from reactive to proactive.

Trickbot Rapidly Expands its Targets in August, Shifting Focus to US Banks and Credit Card Companies

Article / Sep 14, 2017 (MODIFIED: Oct 17, 2017)

By sara boddy jesse smith doron voolf

TrickBot released a new worm module, shifted its focus towards the US, and soared past the one thousand target URLs mark in a single configuration.

Trickbot Focuses on Wealth Management Services from its Dyre Core

Article / Jul 27, 2017 (MODIFIED: Sep 1, 2017)

By doron voolf sara boddy jesse smith

As TrickBot evolves, we examine version 24, which heavily targets Nordic financial institutions, and we take a close look at the Dyre–TrickBot connection.

Doxing, DoS, and Defacement: Today’s Mainstream Hacktivism Tools

Article / Apr 12, 2017 (MODIFIED: Jul 6, 2017)

By ray pompon

Readily available hacking tools provide new ways for civil disobedience groups to antagonize their targets anonymously.

Follow us on social media.