Category: blog
-
New paper: Botception: botnet distributes script with bot capabilities
The Necurs botnet has been active for some time. In 2014, Virus Bulletin published a 3-part article by Peter Ferrie ( 1 , 2 , 3 ) who had studied the botnet in great detail. And although, as is typical for botnets, Necurs’ activities can be somewhat volatile, it has been used for some notorious…
-
VB2018 video: Behind the scenes of the SamSam investigation
Yesterday, a federal grand jury in the US unsealed an indictment charging two Iranians with being behind the SamSam ransomware. SamSam has been one of the most successful ransomware campaigns in recent years, thanks to the clever targeting of specific organisations, including universities, hospitals and local governments. This targeting allowed the attackers to ensure the…
-
VB2018 video: Behind the scenes of the SamSam investigation
Yesterday, a federal grand jury in the US unsealed an indictment charging two Iranians with being behind the SamSam ransomware. SamSam has been one of the most successful ransomware campaigns in recent years, thanks to the clever targeting of specific organisations, including universities, hospitals and local governments. This targeting allowed the attackers to ensure the…
-
VB2018 video: Foreverdays: tracking and mitigating threats targeting civil society orgs
Israel’s NSO Group is in hot water following a Haaretz report that revealed that the company negotiated with the Saudi government on the sale of its spyware, leading the local branch of Amnesty International to call for the firm’s export licence to be revoked. The list of targets of the group’s Pegasus spyware makes for…
-
VB2018 video: Foreverdays: tracking and mitigating threats targeting civil society orgs
Israel’s NSO Group is in hot water following a Haaretz report that revealed that the company negotiated with the Saudi government on the sale of its spyware, leading the local branch of Amnesty International to call for the firm’s export licence to be revoked. The list of targets of the group’s Pegasus spyware makes for…
-
Latest Virus Bulletin report shows the difference web security products make
Extremely targeted attacks aside, when a user gets infected through the web, it means something has happened that should not have. Either the user clicked on a link they shouldn’t have clicked on, or they were browsing the web using unpatched software. Unfortunately, in both large and small organisations, these things happen a lot. And…
-
Latest Virus Bulletin report shows the difference web security products make
Extremely targeted attacks aside, when a user gets infected through the web, it means something has happened that should not have. Either the user clicked on a link they shouldn’t have clicked on, or they were browsing the web using unpatched software. Unfortunately, in both large and small organisations, these things happen a lot. And…
-
VB2018 paper: Since the hacking of Sony Pictures
Recent activity shows that the Lazarus Group, which became (in)famous through the Sony Pictures breach and the WannaCry attack, is still very much active and targeting financial institutions around the world. Perhaps unsurprisingly, the group, which is generally believed to be linked to the North Korean government, has also been very active in South Korea,…