Month: October 2018

APT Framework 2.0 for ArcSight is Released

Delaware, USA ā€“ October 16, 2018 ā€” APT Framework 2.0 for ArcSight is available in Threat Detection Marketplace. Predicting the shape of the threat landscape is a lot like meteorology. Even though the data may point to sunny skies, we aren’t too surprised when a storm rolls through instead. Similarly, the threat landscape has sudden […]

Read More
Sigma Rules Guide for ArcSight

Introduction to Sigma Sigma, created by Florian Roth and Thomas Patzke, is an open source project to create a generic signature format for SIEM systems. The common analogy is that Sigma is the log file equivalent of what Snort is to IDS and what YARA is for file based malware detection. However, unlike Snort and […]

Read More
Iceland Suffers Largest Cyber Attack

Delaware, USA ā€“ October 15, 2018 ā€”Ā Unidentified cybercriminals carried out the largest cyber attack in the history of Iceland infecting users with Remcos remote access tool and gain access to their banking accounts. On October 6, adversaries started sending phishing emails, which contained a link to the spoofed version of the Icelandic police website and […]

Read More
Ongoing APT Campaign of MuddyWater Group

Delaware, USA ā€“ October 12, 2018 ā€” The Muddywater APT group appeared last year, and the first cyber espionage campaigns they conducted against government organizations of Iraq and Saudi Arabia. Now a number of other countries of the Middle East and Europe are in their field of interest. The group conducts a large number of […]

Read More
Gallmaker APT Group Attacks Government and Military Targets

Delaware, USA ā€“ October 11, 2018 ā€” The newly discovered APT group Gallmaker has been active at least since last December and is aimed at the government, military and defense targets in the Middle East and Eastern Europe. The group does not use malware during the attacks. Instead, they are perfect at using living off […]

Read More
Magecart Operators Compromise Shopper Approved Plugin

Delaware, USA ā€“ October 10, 2018 ā€” In mid-September, one of the groups behind the card-skimming campaign Magecart compromised the Shopper Approved plug-in and injected malicious code into it. RiskIQ researchers consider that there are at least six cybercriminal groups involved in the campaign, and the same group that attacked Ticketmaster in July of this […]

Read More
Major Changes in Emotet Malware

Delaware, USA ā€“ October 9, 2018 ā€” Security researcher Vishal Thakur dissected the newest version of Emotet downloader and discovered several new features that make malware even more stealthy and effective. Attackers used another obfuscation pattern to complicate detection, and downloader now drops Powershell.exe to Temp folder and then executes it. Also, the new version […]

Read More
IQY Files are Used to Spread FlawedAmmyy RAT

Delaware, USA ā€“ October 8, 2018 ā€” Adversaries are constantly looking for new ways to infect the victim’s system, and now the Excel Web Query file (IQY) has attracted their attention, which has been used in recent campaigns to spread FlawedAmmyy RAT. Last month, attackers distributed multi-platform Adwind malware via malicious Excel documents with .CSV […]

Read More
Kraken Cryptor Ransomware is Distributed via Exploit Kit

Delaware, USA ā€“ October 5, 2018 ā€” Adversaries behind the Fallout Exploit kit started distributing the latest version of the Kraken Cryptor Ransomware. Before that, they used the exploit kit for about two weeks to infect their victims with GandCrab ransomware. Kraken Cryptor, as well as GandCrab, is Ransomware-as-a-Service, so adversaries can easily switch from […]

Read More
FASTCash: New Campaign of Lazarus Group

Delaware, USA ā€“ October 4, 2018 ā€” US-CERT, the US Department of Homeland Security, the US Department of the Treasury and the FBI have published a joint report on a new scheme for stealing money from ATMs. One of the divisions of the infamous Lazarus group uses FASTCash tactics in attacks on banks worldwide. The […]

Read More