Nemty is a ransomware that first surfaced in the wild in August 2019, reportedly spreading via RDP with a specific focus on the APAC region. By the end of November 2019 the attack expanded its reach using Phorpiex (also called Trik) by spreading via SMB...
Thanks to massive botnets, attackers can generate large-scale spam campaigns on-demand and immediately use them to spread malware. While digging through some recent spam campaigns that we have detected, it came to our attention that there was some unexpected usage of the C# compiler from...
Since its first attack was discovered nearly a decade ago, Winnti has evolved into an advanced and sophisticated toolkit leveraged by several actors such as APT17, Axiom, Barium, and PassCV, just to name a few. All these actors have been sharing core tactics, techniques, and...
By Quentin Fois and Stefano Ortolani We are just back from Singapore, where we attended the Security Analyst Summit organized by Kaspersky Lab. Believe us, it was a blast! Inspiring talks and perfect location made this event an effective forum to foster collaborations among security professionals. Besides...
The accelerating migration to the cloud is creating an attractive target for cybercriminals. One of the primary offerings is Microsoft Office 365, so we decided to take a closer look. We have provided a brief history of Office 365 attacks, and then we take a...
Introduction As part of our efforts to self-evaluate our backend systems, we closely monitor the behavioral reports produced by our dynamic analysis system. Every detection is, in fact, cross-checked and correlated with several other pieces of information, including the output from a number of static analyzers. A...
Authored by: Alexander Sevtsov Edited by: Stefano Ortolani Introduction It’s not news that the cryptocurrency industry is on the rise. Mining crypto coins offers to anybody a lucrative way to exchange computation resources for profit: every time a miner guesses the solution of a complex mathematical puzzle, he is awarded...
Recently, the ASERT team at Arbor Networks, published a report on an old version of the Absolute Software product, Absolute LoJack for laptops, being illicitly modified by suspected APT28 actors. The LoJack implant, previously known as Computrace and brought into the spotlight in 2014 at...
Introduction During the RSA 2018 conference, Lastline launched Breach Defender, a new solution to facilitate the analysis of suspicious anomalies in monitored networks. As part of our internal product QA leading up to any release, we often coordinate with our partners to carry out tests on...
In 1971 the first known instance of a self-replicating "computer worm" was recorded. Creeper didn't harm computers, but it did propagate through computers over the internet predecessor, ARPANET. By investigating how Creeper worked, a contrasting program — Reaper — was created to stop its spread. Reverse engineering...
This is an necessary category.
This is an non-necessary category.
