Month: July 2019

$2 Million Ransomware Attack on Monroe College

Delaware, USA ā€“ July 17, 2019 ā€“ New York City’s Monroe College has become a recent victim of a large-scale ransomware attack as a result of which the entire network of the educational institution was disabled. It is not known exactly which cybergang is behind this incident, but judging by the required gigantic ransom amount […]

Read More
Interview with Developer: Lee Archinal

We are starting a series of interviews with participants of the Developer Program (https://my.socprime.com/en/tdm-developers) to introduce you to these wonderful people who are searching the web for relevant threats and create unique content for their detection. Meet Lee Archinal! Hello Lee, hope you are inspired enough today to write a bit about yourself and your […]

Read More
Topinambour Campaign by Turla APT

Delaware, USA ā€“ July 16, 2019 ā€“ Since the beginning of the year, notorious Turla APT has been using new tools for cyber espionage distributed through infected installers of the legitimate software. Researchers at Kaspersky Lab analyzed the malware which is called Topinambour by its authors and the infrastructure of campaigns targeted at government agencies. […]

Read More
Router Exploit Kits Continue Target Brazilian Users

Delaware, USA ā€“ July 15, 2019 ā€“ Attacks on routers in Brazil started about a year ago, sometimes going beyond the borders of the country. Initially, the compromised devices were used to mine Monero cryptocurrency by injecting Coinhive script into a specially created error page. Then the attackers began to change router DNS settings and […]

Read More
eCh0raix Ransomware Attacks Linux-Based NAS Devices

Delaware, USA ā€“ July 12, 2019 ā€“ Adversaries compromise QNAP Systems devices by exploiting vulnerabilities or brute-forcing them to install eCh0raix ransomware. Network Attached Storage devices often store sensitive data and important backups in corporate networks and can be accessed over the Internet. The value of the encrypted data and the relatively low cost of […]

Read More
Buhtrap Uses Recently Patched Zero-Day

Delaware, USA ā€“ July 11, 2019 ā€“Ā Disappeared a few years ago Buhtrap group get spotted using unpatched zero-day in a cyber espionage campaign targeted at governmental institutions. The group began operations in 2014 with financially motivated attacks against businesses and banks, and their activities remained below the radar of researchers until next year. At the […]

Read More
Warming Up. Using ATT&CK for Self Advancement

Introduction Many blue teams are using MITRE ATT&CK for advancement in the maturity of their detection and response. Blue teamā€™s arsenal of EDR tools, event logs, and triage tools are all opening up the story of whatā€™s occurring on endpoints. However, anomalies are normal and these alerts and data sources need to be triaged to […]

Read More
Sea Turtle Group Uses New DNS Hijacking Technique

Delaware, USA ā€“ July 10, 2019 ā€“ Sea Turtle APT group, allegedly attributed to the Iranian government, compromised the ICS-Forth network that manages the Greek top-level domains .gr and .el. About the Sea Turtle group became known in this April, but their campaigns were tracked back till 2017. The adversaries use a very unusual technique […]

Read More
Astaroth Malware Infects Systems Using Legitimate Tools Only

Delaware, USA ā€“ July 9, 2019 ā€“Ā Microsoft admonishes of ongoing campaign spreading fileless malware capable of stealing credentials and clipboard data. The attacks started in mid-May, and most of the campaign targets are located in Brazil. Experts from Microsoft Defender ATP Research Team discovered suspicious surges in the use of the Windows Management Instrumentation Command-line […]

Read More
960+ E-Commerce Stores Breached by MageCart Group in Twenty-Four Hours

Delaware, USA ā€“ July 8, 2019 ā€“ A Magecart group cranks out compromised websites injecting card skimming scripts to steal credit card data and personal info of customers. Last week, Sanguine Security discovered 962 websites with an installed skimmer, and all victims were compromised within 24 hours. For now, it is the largest automated attack […]

Read More