Malware

October 8, 2020

In summer 2020 we uncovered a previously unknown multi-module C++ toolset used in highly targeted industrial espionage attacks dating back to 2018. Initially the reason for our interest in this malware was its rarity, the obviously targeted nature of the campaign and the fact that there are no obvious similarities with already known campaigns at ...

October 8, 2020

A freshly discovered botnet dubbed HEH by researchers is casting a wide net, looking to infect any and all devices that use Telnet on ports 23/2323. It’s particularly destructive: It contains code that wipes all data from infected systems. Perhaps ironically, its operators also have a penchant for civil advocacy – a loading of the Universal ...

October 8, 2020

A new iteration of the PoetRAT spyware, sporting improvements to operational security, code efficiency and obfuscation, is making the rounds in Azerbaijan, targeting the public sector and other key organizations as the country’s conflict with Armenia over disputed territory intensifies. Threat intelligence researchers have observed multiple new strikes using the malware that show a “change in ...

October 5, 2020

UEFI (or Unified Extensible Firmware Interface) has become a prominent technology that is embedded within designated chips on modern day computer systems. Replacing the legacy BIOS, it is typically used to facilitate the machine’s boot sequence and load the operating system, while using a feature-rich environment to do so. At the same time, it has ...

October 4, 2020

A new ransomware vaccine program has been created that terminates processes that try to delete volume shadow copies using Microsoft’s vssadmin.exe program, Every day, Windows will create backups of your system and data files and store them in Shadow Volume Copy snapshots. These snapshots can then be used to recover files if they are mistakenly changed or ...

October 3, 2020

University Hospital New Jersey in Newark, New Jersey, paid a $670,000 ransomware demand this month to prevent the publishing of 240 GB of stolen data, including patient info. The attack on the hospital occurred in early September by a ransomware operation known as SunCrypt, who infiltrates a network, steals unencrypted files, and then encrypts all of ...

October 2, 2020

Emotet is now taking part in the United States 2020 Presidential election with a new spam campaign pretending to be from the Democratic National Convention’s Team Blue initiative. When the Emotet gang sends out spam, their main goal is to convince recipients to open the attached malicious document. This is usually done through email themes that ...

October 2, 2020

A freshly discovered family of ransomware called Egregor has been spotted in the wild, using a tactic of siphoning off corporate information and threatening a “mass-media” release of it before encrypting all files. Egregor is an occult term meant to signify the collective energy or force of a group of individuals, especially when the individuals are ...

October 2, 2020

More to the point, Check Point security researchers Itay Cohen and Eyal Itkin were able to track 16 Windows Kernel Local Privilege Escalation (LPE) exploits to two different exploit developers known as Volodya (or BuggiCorp) and PlayBit (or luxor2008). 15 of the exploits Check Point successfully matched to a known exploit dev were created between 2015 ...

September 29, 2020

For many years, the Microsoft Security Intelligence Report has been the gold standard in terms of providing a yearly overview of all the major events and trends in the cyber-security and threat intelligence landscape. While Microsoft unceremoniously retired the old SIR reports back in 2018, the OS maker appears to have realized its mistake, and has ...