As if you haven’t heard it enough from us, the threat landscape is changing. It’s always changing, and usually not for the better. The new malware we see being developed and deployed in the wild have features and techniques that allow them to go beyond what they were originally able to do, either for the purpose of additional infection or evasion of detection. To that end, we decided … [Read more...]
December 5, 2018
November 14, 2018
TrickBot takes over as top business threat
Last quarter brought with it a maddening number of political ads, shocking and divisive news stories on climate change and gun laws, and mosquitoes. We hate mosquitoes. In related unpleasant news, it also apparently ushered in an era of banking Trojans that, as of this moment, shows no signs of slowing down. First it was Emotet. But over the last couple months, Emotet has had some stiff … [Read more...]
September 24, 2018
A week in security (September 17 – 23)
Last week, we took a look at a low level spam campaign on Twitter, explored the signs of falling victim to phishing, and examined a massive WordPress compromise. We also explained some SASL vulnerabilities and covered a breaking Emotet spam campaign. Other cybersecurity news: NewEgg attacked by MageCart (Source: Volexity) UKGOV tackled the talent gap (Source: The Register) Maximum fine touted for … [Read more...]
September 22, 2018
Emotet on the rise with heavy spam campaign
The threat landscape is changing once again, now that the ocean of cryptocurrency miners has shrunk to a small lake. Over the last couple months, we’ve seen cybercriminals lean back on tried and true methods of financial theft and extortion, with the rise of a familiar Banking Trojan: Emotet. However, over the last few days, we’ve noticed a large increase in malicious spam spreading … [Read more...]
June 7, 2018
Malware analysis: decoding Emotet, part 2
In part two of our series on decoding Emotet, (you can catch up on part 1 here), we’ll cover analysis of the PowerShell code. Before we do that, however, it is a good idea to list some of the functions and calls that are used in the code for the execution. System.Runtime.InteropServices.Marshal: used for memory management SecureStringToBSTR: used to convert the secure string to decrypted … [Read more...]
May 28, 2018
A week in security (May 21 – May 27)
Last week we told you about a Mac cryptominer using XMRig, an overview of Dreamcast related scams, part 1 of decoding Emotet, and what to do about bad coding habits that die hard. We also published the results of our second CrackMe contest. Other news How a pioneer of machine learning became one of its sharpest critics. (Source: The Atlantic) The man who cracked the lottery. Spoiler: it was an … [Read more...]
May 25, 2018
Malware analysis: decoding Emotet, part 1
Emotet Banking Trojan malware has been around for quite some time now. As such, infosec researchers have made several attempts to develop tools to de-obfuscate and even decrypt the AES-encrypted code belonging to this malware. The problem with these tools is that they target active versions of the malware. They run into problems when the authors of the malware change the code. The change could be … [Read more...]
