dcsimg

Skimmer acts as payment service provider via rogue iframe

Criminals continue to target online stores to steal payment details from unaware customers at a rapid pace. There are many different ways to go about it, from hacking the shopping site itself, to compromising its supply-chain. A number of online merchants externalize the payment process to a payment service provider (PSP) for various reasons, including peace of mind that transactions will be … [Read more...]

Threat spotlight: CrySIS, aka Dharma ransomware, causing a crisis for businesses

CrySIS, aka Dharma, is a family of ransomware that has been evolving since 2006. We have noticed that this ransomware has become increasingly active lately, increasing by a margin of 148 percent from February until April 2019. The uptick in detections may be due to CrySIS’ effective use of multiple attack vectors. Profile of the CrySIS ransomware CrySIS/Dharma, which Malwarebytes … [Read more...]

Vital infrastructure: Threats target financial institutions, fintech, and cryptocurrencies

With news of a malware attack on accounting firm Wolters Kluwer causing a “quiet panic” in the accounting world this week, our assertion that financial institutions—from banks to brokers—are part of the vital infrastructure of society has been solidified. According to its website, Wolters Kluwer provides software and services to all of the top 100 accounting firms in the United … [Read more...]

Sophisticated threats plague ailing healthcare industry

The healthcare industry is no longer circling the drain, but it’s still in critical condition. While many organizations in healthcare have aimed at or made positive strides toward a more robust cybersecurity and privacy posture, they still have a long way to go. In 2018, healthcare had the highest number of breaches recorded compared to other industries. This is according to … [Read more...]

A week in security (April 22 – 28)

Last week on Labs, we looked at security threats to headphones, privacy options in the world of law, and wandered through the FBI’s 2018 IC3 online crime report. We also explored another MageCart attack, and we released our 2019 Q1 Crime Tactics and Techniques report. Other cybersecurity news Fooling automated surveillance cameras: Bypassing neural network frameworks with colourful abstract … [Read more...]

Labs Cybercrime Tactics and Techniques report finds businesses hit with 235 percent more threats in Q1

The Malwarebytes Labs Cybercrime Tactics and Techniques Q1 2019 report found businesses at the butt end of a bad joke. In just one year, threats aimed at corporate targets have increased by 235 percent, with Trojans, such as Emotet, and ransomware in particular revving up in the first quarter. Included in the report is analysis of sharp declines in consumer cryptomining and other threats, … [Read more...]

“Funky malware format” found in Ocean Lotus sample

Recently, at the SAS conference I talked about “Funky malware formats”—atypical executable formats used by malware that are only loaded by proprietary loaders. Malware authors use them in order to make static detection more difficult, because custom formats are not recognized as executable by AV scanners. Using atypical formats may also slow down the analysis process because the … [Read more...]

Was this really an attempt by the Chinese?

Last weekend, during President Trump’s visit to the Mar-a-Lago resort, a 23-year-old Chinese woman attempted to gain access to the Florida resort by lying and bluffing her way in. After some discussion at the gate, she was escorted to the reception of the resort where it was found out that she was not on the list of people that were allowed to enter. According to the report a search of her … [Read more...]

A week in security (March 25 – 31)

Last week, we looked at plugin vulnerabilities, location tracking app problems, and talked about plain text password woes. We also looked at federal data privacy regulation and took a deep dive into  BatMobi Adware. Other cybersecurity news Poisoned software update headache for ASUS (Source: The Register) Britain’s Huawei oversight board releases its findings (Source: UK.GOV) Trojanised terror … [Read more...]

Norsk Hydro hit by “severe” cyber attack

Aluminium manufacturing giant Norsk Hydro was forced to switch to manual operations following a “severe” ransomware attack on Monday, 18 March.  The Norway-based company, which employs more than 35,000 people in 40 countries, was reportedly hit with ransomware known as LockerGoga.  Several of its plants around the world … [Read more...]