dcsimg

Cybercrime tactics & techniques Q2 2018

A generally slow quarter reflects an overall lull in cybercrime, picking up where Q1 left off with cryptominers continuing to dominate, ransomware continuing to evolve through experimentation, and exploits making a small but significant comeback. In nearly every malware category for both business and consumer detections, we saw a decrease in volume, corroborating our general “Dang, it’s been a … [Read more...]

The Hidden Costs of a Ransomware Attack

When considering the costs associated with a ransomware attack, we tend to assume that the greatest expense is paying the actual ransom. However, this isn’t necessarily the case. There are a number of hidden costs relating to things like forensic investigations, restoring backups, down-time, damage to reputation, lawsuits and fines. It should be noted that it’s generally not a good … [Read more...]

A Year After WannaCry, What Lessons Have Been Learned?

The infamous WannaCry ransomware attack of May 2017, which infected more than 300,000 devices across 150 countries, is still regarded as the most prolific of its kind. Hospitals in the UK were temporarily shut down. Ambulances were diverted, surgeries were cancelled, and appointments were postponed. Yet, despite the widespread damage that was caused by WannaCry, it was by no means the most … [Read more...]

SamSam ransomware: controlled distribution for an elusive malware

SamSam ransomware has been involved in some high profile attacks recently, and remains a somewhat elusive malware. In its time being active, SamSam has gone through a slight evolution, adding more features and alterations into the mix. These changes do not necessarily make the ransomware more dangerous, but they are added to make it just a bit more tricky to detect or track as it is constantly … [Read more...]

A week in security (June 4 – June 10)

Last week on Labs, we took a look at hidden mobile ads, the perils of social media spam, and how to shore up your landline defenses. We also took a deep dive into Emotet malware analysis, and gave you some summertime safety tips. Other news Update your Adobe Flash player if you haven’t already. (source: Adobe) Be careful with your World Cup Wi-Fi. (Source: Securelist) Wannacry ransomware … [Read more...]

5 Ways Ransomware is Changing in 2018

Arguably, one good thing to come out of the recent spate of crippling ransomware attacks is a wider adoption of ransomware detection and prevention solutions. Third-party ransomware specialists are providing quality solutions that help you spot ransomware attacks early and mitigate the damages that they can cause. Unfortunately, as these prevention solutions evolve, so too do the ransomware … [Read more...]

Danish rail network DSB hit by cyber attack

DSB, the Danish state rail operator, was hit by a distributed denial-of-service (DDoS) cyber attack on Sunday, April 13. A DDoS attack attempts to disrupt a host or network from connecting to the Internet in order to render a network or machines unavailable. It meant that passengers were unable to buy tickets on Sunday, and purchases through DSB’s ticket machines, app, website and retail stores … [Read more...]

Week in security (April 30 – May 6)

Last week on Labs, we examined the Spartacus ransomware, reported about a new tactic used by the Necurs malspam campaign, informed you about the recommended Twitter password change, and discussed engaging students to start considering careers in cybersecurity. Other news NTML credentials can be stolen via malicious Portable Document Format (PDF) files without any user interaction. (Source: … [Read more...]

SamSam ransomware: what you need to know

SamSam ransomware is a custom infection used in targeted attacks, often deployed using a wide range of exploits or brute-force tactics. Based on our own run-ins with the infection, we’ve observed that attacks were made on targets via vulnerable JBoss host servers during a previous wave of SamSam attacks in 2016 and 2017. In 2018, SamSam uses either vulnerabilities in remote desktop protocols … [Read more...]

Spartacus ransomware: introduction to a strain of unsophisticated malware

Spartacus ransomware is a new sample that has been circulating in 2018. Written in C#, the original sample is obfuscated, which we will go over as we extract it to its readable state. Spartacus is a relatively straight-forward ransomware sample and uses some similar techniques and code to others we have seen in the past, such as ShiOne, Blackheart, and Satyr. However, there is no sure relationship … [Read more...]