Category: blog
-
VB2018 paper: Since the hacking of Sony Pictures
Recent activity shows that the Lazarus Group, which became (in)famous through the Sony Pictures breach and the WannaCry attack, is still very much active and targeting financial institutions around the world. Perhaps unsurprisingly, the group, which is generally believed to be linked to the North Korean government, has also been very active in South Korea,…
-
VB2018 video: Shedding skin – Turla’s fresh faces
“Capable, well-resourced, and they go back decades.” The Turla threat group doesn’t make the news as much as some other Russian-speaking APT groups, but it is one of the most advanced and most diverse groups out there. At VB2018 in Montreal, Kurt Baumgartner and Mike Scott from Kaspersky Lab ‘s GReAT detailed the latest malware…
-
VB2018 video: Shedding skin – Turla’s fresh faces
“Capable, well-resourced, and they go back decades.” The Turla threat group doesn’t make the news as much as some other Russian-speaking APT groups, but it is one of the most advanced and most diverse groups out there. At VB2018 in Montreal, Kurt Baumgartner and Mike Scott from Kaspersky Lab ‘s GReAT detailed the latest malware…
-
VB2018 video: Triada: the past, the present and the (hopefully not existing) future
From NotPetya to Shadowpad, supply chain attacks have become a serious and hard-to-fight security problem. One prominent type of supply chain attack involves the pre-installation of malware on (often) cheap Android devices. At VB2018 in Montreal, Google researcher Łukasz Siewierski talked about one such case: that of the multi-purpose ‘Triada’ trojan. First discovered by Kaspersky…
-
VB2018 video: Triada: the past, the present and the (hopefully not existing) future
From NotPetya to Shadowpad, supply chain attacks have become a serious and hard-to-fight security problem. One prominent type of supply chain attack involves the pre-installation of malware on (often) cheap Android devices. At VB2018 in Montreal, Google researcher Łukasz Siewierski talked about one such case: that of the multi-purpose ‘Triada’ trojan. First discovered by Kaspersky…
-
VB2018 paper: Now you see it, now you don’t: wipers in the wild
Early computer viruses were often destructive in nature, but once criminals learned about the money they could make from malware, they realised that destructiveness hurt their goals. Destructive malware, however, has made a comeback in recent years, most importantly in nation-sponsored attacks. Some of these malware variants literally wipe all data off disks (hence the…
-
VB2018 paper: Now you see it, now you don’t: wipers in the wild
Early computer viruses were often destructive in nature, but once criminals learned about the money they could make from malware, they realised that destructiveness hurt their goals. Destructive malware, however, has made a comeback in recent years, most importantly in nation-sponsored attacks. Some of these malware variants literally wipe all data off disks (hence the…
-
Emotet trojan starts stealing full emails from infected machines
Researchers at Kryptos Logic have discovered that the Emotet banking trojan is exfiltrating entire email bodies as opposed to merely email addresses. Emotet was first discovered in 2014 as a banking trojan but has since evolved to become mostly a distributor of other malware. A typical Emotet infection starts with an email attachment, which downloads…