Abstract Excel 4.0 (XL4) macros are becoming increasingly popular for attackers, as security vendors struggle to play catchup and detect them properly. This technique provides attackers a simple and reliable method to get a foothold on a target network, as it simply represents an abuse of...
Coronavirus, or COVID-19, continues to dominate the headlines and the cybersecurity landscape. The contagion has sadly infected over 3 million people globally, and nearly 250,000 people have died at the time of this writing. Unsurprisingly, a global pandemic caused by a biological virus has created the...
Nemty is a ransomware that first surfaced in the wild in August 2019, reportedly spreading via RDP with a specific focus on the APAC region. By the end of November 2019 the attack expanded its reach using Phorpiex (also called Trik) by spreading via SMB...
Thanks to massive botnets, attackers can generate large-scale spam campaigns on-demand and immediately use them to spread malware. While digging through some recent spam campaigns that we have detected, it came to our attention that there was some unexpected usage of the C# compiler from...
Since its first attack was discovered nearly a decade ago, Winnti has evolved into an advanced and sophisticated toolkit leveraged by several actors such as APT17, Axiom, Barium, and PassCV, just to name a few. All these actors have been sharing core tactics, techniques, and...
By Quentin Fois and Stefano Ortolani We are just back from Singapore, where we attended the Security Analyst Summit organized by Kaspersky Lab. Believe us, it was a blast! Inspiring talks and perfect location made this event an effective forum to foster collaborations among security professionals. Besides...
The accelerating migration to the cloud is creating an attractive target for cybercriminals. One of the primary offerings is Microsoft Office 365, so we decided to take a closer look. We have provided a brief history of Office 365 attacks, and then we take a...
Introduction As part of our efforts to self-evaluate our backend systems, we closely monitor the behavioral reports produced by our dynamic analysis system. Every detection is, in fact, cross-checked and correlated with several other pieces of information, including the output from a number of static analyzers. A...
Authored by: Alexander Sevtsov Edited by: Stefano Ortolani Introduction It’s not news that the cryptocurrency industry is on the rise. Mining crypto coins offers to anybody a lucrative way to exchange computation resources for profit: every time a miner guesses the solution of a complex mathematical puzzle, he is awarded...
Recently, the ASERT team at Arbor Networks, published a report on an old version of the Absolute Software product, Absolute LoJack for laptops, being illicitly modified by suspected APT28 actors. The LoJack implant, previously known as Computrace and brought into the spotlight in 2014 at...
This is an necessary category.
This is an non-necessary category.
