Tag Archives: cyberattack

“Eye Pyramid”, the Cyber-Espionage Malware that has Italy Reeling

This Tuesday, the Italian state police dismantled a cyber-espionage ring spearheaded by a brother and sister that sought to exert control over public institutions and administrations, professional studios, employers, and politicians. The network was able to access confidential information by installing a virus on victims’ computers, stealing information sensitive to financial institutions and state security.

Among those affected are former Prime Ministers Matteo Renzi and Mario Monti, as well as the president of the Central European Bank, Mario Draghi, as well as other individuals in possession of confidential information. Mayors, cardinals, regional presidents, economists, employers, and law enforcement officials are also on the list.

How Eye Pyramid Works

The investigation has been dubbed “Eye Pyramid”, after the particularly invasive malware that the suspects used to infiltrate the systems of the people they spied on.

These intrusions appear to have first surfaced in 2012, reaching 18,327 users with the theft of 1,793 passwords using a keylogger. This comes out to be around 87GB data. The method of infiltration was simple given the serious nature of the attack: the cybercriminal sent an email, the recipient opened it, and upon opening the email a software was installed on the device, giving access to its secret files.

Older versions of the malware with unknown origins (although possibly linked to Sauron) were probably used in 2008, 2010, 2011, and 2014 in various spear phishing campaigns.

In a hyperconnected world, with mounting tension between cybersecurity and cyber-espionage — we’ve recently seen a crossfire of accusations exchanged between major powers like the US, China, and Russia — these attacks appear to have special relevance to state security and the dangers it faces in the cyber world.

Advanced Persistent Threat, or How to Avoid a Cybernetic Nightmare

This attack, unprecedented in Italy, will continue to be under investigation and, according to authorities, may end up revealing connections to other cyberattacks carried out in other countries.

Protecting your confidential and sensitive data from cybercriminal networks and attacks such as ATPs is crucial in combatting the growing professionalization of cybercrime.

Advanced threats are no longer an issue when you’ve got an advanced cybersecurity solution like Adaptive Defense 360, the platform that connects contextual intelligence with defense operations to stay ahead of malicious behaviors and data theft. Protection systems are triggered and jump into action before the malware even has a chance to run.

Thwarting potential threats before they become a real problem is the only way to rest easy knowing that your information has not ended up falling into the wrong hands.

The post “Eye Pyramid”, the Cyber-Espionage Malware that has Italy Reeling appeared first on Panda Security Mediacenter.

Dridex malware crippled by the FBI

On Tuesday, October 13, The United States Department of Justice announced that they had taken down and seized multiple command-and-control (C&C) servers that were part of a network used by the Dridex trojan to upload stolen information and distribute malware.

U.S. Attorney Hickton said, “Through a technical disruption and criminal indictment we have struck a blow to one of the most pernicious malware threats in the world.”

Dridex, also known as ‘Bugat’ and ‘Cridex’, is a malicious trojan used by criminals to steal bank login credentials from an infected PC, in order to gain access to a victim’s bank account—it’s been quite successful too, with losses in the UK estimated at £20 million and in the US at $10 million.

Dridex is commonly distributed in the form of a phishing email, and often contains an infected Word doc attachment. When a victim opens the Word document they unknowingly infect their PC, thereby allowing attackers to eavesdrop on their computer’s activity and automate the theft of data.

Head of Operations at the National Crime Agency’s National Cyber Crime Unit (NCCU), Mike Hulett, said: “This is a particularly virulent form of malware and we have been working with our international law enforcement partners, as well as key partners from industry, to mitigate the damage it causes. Our investigation is ongoing and we expect further arrests to be made.”

While the FBI and other international agencies continue their investigations, UK’s National Crime Agency (NCA) is still warning UK internet users to be aware of and protect themselves against Dridex.

Even though the distribution network has been crippled, the actual malware still exists and can be used by other criminals.

Mike Hulett goes on to provide sound advice for everyone, “We urge all internet users to take action and update your operating system. Ensure you have up to date security software and think twice before clicking on links or attachments in unsolicited emails”.

If you don’t already have a suitable antivirus solution in place, we recommend you install one today. Download our award-winning AVG Protection for your PC to help prevent malware and viruses.


If you or anybody you know has been affected by cybercrime fraud you can report it to:

Federal Bureau of Investigation, Internet Crime Complaints Center

ActionFruad – National Fraud & Cyber Crime Reporting Centre

ACORN – Australian Cybercrime Online Reporting Network

Attack at LOT leaves 1,400 passengers stranded

The hack happened in the afternoon and targeted the Polish flag carrier LOT. According to a report from Reuters “hackers attacked the airline ground computer systems used to issue flight plans”. The whole situation was resolved a few hours later. Nonetheless 10 national and international flights had to be canceled and even more were delayed. Luckily none of the planes or the airport itself were affected and no one got hurt. LOT took extra care to mention “that it has no influence on plane systems. Aircrafts, that are already airborne will continue their flights. Planes with flight plans already filed will return to Warsaw normally.”

The airline also made it clear that the airport itself was not affected. Once the ‘problem’ was fixed LOT issued the following press release. “The situation after the IT attack on our ground operation system is already under control. We are working on restoring the regularity as soon as possible. Our operating center is already preparing flight plans. We will try to ensure that the largest number of passengers are  informed and continue commenced journeys.”

Spokesman Kubicki said that LOT is using state-of-the-art computer systems, so this could potentially be a threat to others in the industry as well.

The post Attack at LOT leaves 1,400 passengers stranded appeared first on Avira Blog.