Category: blog
-
VB2019 paper: A study of Machete cyber espionage operations in Latin America
Latin America has long been a hotbed for cybercrime, but the region has also seen the activity of various APT groups. One of these groups makes use of ‘Machete’, a Python-based toolset. Machete dates back at least nine years and was first written about by Kaspersky in 2014. In August of this year, ESET published…
-
VB2019 paper: The push from fiction for increased surveillance, and its impact on privacy
Levels of anxiety over technology and interconnectedness are growing. People are becoming increasingly concerned about privacy, and wary that every gadget or app might be spying on them. But researchers Miriam Cihodariu ( Heimdal Security ) and Andrei Bogdan Brad ( Code4Romania ) wondered how much impact the misrepresentation of surveillance technology in fiction (films…
-
VB2019 paper: Oops! It happened again!
Different forms of malware and cyber threats are constantly making the news headlines, and one could be forgiven for thinking that threats like ransomware, fileless malware, rootkits and phishing are all new phenomena. But are they really? This is the question asked – and answered – by industry veterans Righard Zwienenberg ( ESET ) and Eddy Willems…
-
Job vacancy at VB: Security Evangelist
Virus Bulletin is a small company with a largely remote team based all over Europe that is placed at the heart of the IT security industry. Through its product testing, annual conference and ad hoc activities, Virus Bulletin works with security vendors, researchers and practitioners. We are currently recruiting for a ‘ security evangelist ‘,…
-
VB2019 video: Thwarting Emotet email conversation thread hijacking with clustering
Having returned from its summer break, Emotet is once again being used as the first stage of many often prominent and costly malware infections. A detailed analysis of the malware was given in a paper presented at VB2019 by Sophos researcher Luca Nagy. But Emotet isn’t just a very clever piece of malware. It also…
-
VB2019 paper: A vine climbing over the Great Firewall: a long-term attack against China
The global nature of both the Virus Bulletin conference and APT threats was highlighted by a VB2019 paper from Lion Gu and Bowen Pan from the Qi An Xin Threat Intelligence Center in China. In their paper, the researchers analysed an APT group dubbed ‘Poison Vine’, which targeted various government, military and research institutes in…
-
VB2019 paper: Fantastic Information and Where to Find it: A guidebook to open-source OT reconnaissance
Ever since Stuxnet was discovered almost a decade ago, ‘operational technology’, the use of computers to monitor or alter physical processes, has been part of the cybersecurity realm. Indeed, several threats have been discovered that targeted and, in some cases, damaged physical systems such as factories or the power grid. Simplified diagram of OT components.…
-
VB2019 paper: Different ways to cook a crab: GandCrab Ransomware-as-a-Service (RaaS) analysed in depth
Though active for not much longer than a year, GandCrab had been one of the most successful ransomware operations. Running as a Ransomware-as-a-Service scheme, the malware regularly updated itself to newer versions to stay ahead of decryptors released by security researchers. High-level overview of the GandCrab RaaS model. In a paper presented at VB2019 in…
-
VB2019 paper: Domestic Kitten: an Iranian surveillance program
In September last year, researchers at Check Point uncovered an Iranian operation they named ‘Domestic Kitten’ and that used Android apps for targeted surveillance. Active since 2016, the operation continued after this discovery with new malware found during the course of 2019. In a paper presented at VB2019 in London, Check Point researchers Aseel Kayal…
-
VB2019 video: Discretion in APT: recent APT attack on crypto exchange employees
In June, employees at cryptocurrency exchange Coinbase were targeted by emails linking to a website that used two zero-day vulnerabilities in the Firefox browser to deliver macOS malware. The malware, dubbed ‘NetWire’, had previously been known but the exploit allowed it to bypass built-in protections against it. The NetWire sample was analysed by regular VB…