Tag: targeted attack
-
VB2019 presentation: Targeted attacks through ISPs
In 2019 we saw an increase in the number of targeted malware infections spread via ISPs and service providers. Some notable cases included the installation of digital certificates in the target’s browser, which would help the attackers to distinguish and decrypt traffic, and the spread of malware via HTTP 307 redirects by the StrongPity group.…
-
VB2019 paper: Operation Soft Cell – a worldwide campaign against telecommunication providers
In June this year, Cybereason published a blog post on Operation Soft Cell, a targeted attack against telecom providers around the world. The actors behind the operation are particularly interested in Call Detail Records (CDR) for specific high-value users, which give them valuable metadata on their communication and location. Prior to publishing their blog post,…
-
VB2019 paper: A vine climbing over the Great Firewall: a long-term attack against China
The global nature of both the Virus Bulletin conference and APT threats was highlighted by a VB2019 paper from Lion Gu and Bowen Pan from the Qi An Xin Threat Intelligence Center in China. In their paper, the researchers analysed an APT group dubbed ‘Poison Vine’, which targeted various government, military and research institutes in…
-
Emotet trojan starts stealing full emails from infected machines
Researchers at Kryptos Logic have discovered that the Emotet banking trojan is exfiltrating entire email bodies as opposed to merely email addresses. Emotet was first discovered in 2014 as a banking trojan but has since evolved to become mostly a distributor of other malware. A typical Emotet infection starts with an email attachment, which downloads…
-
Emotet trojan starts stealing full emails from infected machines
Researchers at Kryptos Logic have discovered that the Emotet banking trojan is exfiltrating entire email bodies as opposed to merely email addresses. Emotet was first discovered in 2014 as a banking trojan but has since evolved to become mostly a distributor of other malware. A typical Emotet infection starts with an email attachment, which downloads…
-
Attack on Fox-IT shows how a DNS hijack can break multiple layers of security
Every company will, sooner or later, get hacked and we should judge them by how they respond. With that in mind, Fox-IT , which writes in great detail about how a DNS hijack was used to man-in-the-middle its customer portal, should be judged favourably. The company’s report on the incident also provides some important lessons,…
-
Attack on Fox-IT shows how a DNS hijack can break multiple layers of security
Every company will, sooner or later, get hacked and we should judge them by how they respond. With that in mind, Fox-IT , which writes in great detail about how a DNS hijack was used to man-in-the-middle its customer portal, should be judged favourably. The company’s report on the incident also provides some important lessons,…
-
VB2017 paper: Modern reconnaissance phase on APT – protection layer
Targeted attack campaigns involve multiple stages, the first of which consists of collecting information about the target: the reconnaissance phase. It’s an essential part of any campaign and one that often exploits that well known weakest link: the human user. At VB2017 in Madrid, Cisco Talos researchers Paul Rascagneres and Warren Mercer presented a paper…
-
VB2017 paper: Modern reconnaissance phase on APT – protection layer
Targeted attack campaigns involve multiple stages, the first of which consists of collecting information about the target: the reconnaissance phase. It’s an essential part of any campaign and one that often exploits that well known weakest link: the human user. At VB2017 in Madrid, Cisco Talos researchers Paul Rascagneres and Warren Mercer presented a paper…
-
Tizi Android malware highlights the importance of security patches for high-risk users
A well-known security researcher once said : “if you purposely choose Android you are either Poor, Cheap, or really hate Apple.” Android has a bad reputation in security circles, though these days that is less because of a lack of effort on Google ‘s part and more because of the prevalence of many older devices…