dcsimg
January 28, 2020

Explained: the strengths and weaknesses of the Zero Trust model

In a US court of law, the accused are deemed to be innocent until proven guilty. In a Zero Trust security model, the opposite is true. Everything and everyone must be considered suspect—questioned, investigated, and cross-checked—until we can be absolutely sure it is safe to be allowed. Zero Trust is a concept created by John Kindervag in 2010 during his time as Vice President and Principal … [Read more...]

Filed Under: BYOD, Cloud, Explained, framework, identity management, insider threats, IoT, lateral threat movement, mfa, perimeter, rdp, security, security orchestration, strategy, Zero Trust, zero trust model, zero trust security model
January 10, 2020

Threat spotlight: Phobos ransomware lives up to its name

Ransomware has struck dead on organizations since it became a mainstream tool in cybercriminals’ belts years ago. From massive WannaCry outbreaks in 2017 to industry-focused attacks by Ryuk in 2019, ransomware’s got its hooks in global businesses and shows no signs of stopping. That includes a malware family known as Phobos ransomware, named after the Greek god of fear. Phobos is … [Read more...]

Filed Under: brute force, coveware, crysis, crysis ransomware, dharma, Dharma ransomware, disorganised crime, mfa, Multi-Factor Authorization, Phobos, Phobos NextGen, Phobos NotDharma, Phobos ransomware, raas, ransomware, Ransomware as a Service, rdp, remote desktop protocol, Server Message Block, SMB, Sodinokibi, threat spotlight, virtual private networks, vpn
December 13, 2019

Threat spotlight: The curious case of Ryuk ransomware

Ryuk. A name once unique to a fictional character in a popular Japanese comic book and cartoon series is now a name that appears in several rosters of the nastiest ransomware to ever grace the wild web. For an incredibly young strain—only 15 months old—Ryuk ransomware gaining such notoriety is quite a feat to achieve. Unless the threat actors behind its campaigns call it quits, too—Remember … [Read more...]

Filed Under: AES, average ransom amount, BitPaymer, BitPaymer ransomware, CryptoTech, Death Note, emotet, Far Eastern International Bank, FEIB, Gabriela Nicolao, gandcrab, Hermes, Hermes 2.1, Luciano Martins, pseudo-ransomware, Ransom.Ryuk, rdp, remote desktop protocol, RSA, Russian threat actors, ryuk, Ryuk ransomware, Shinigami’s revenge: the long tail of the Ryuk ransomware, threat spotlight, tribune publishing, trickbot, Wake-on-LAN, Wizard Spider, WoL
May 15, 2019

Microsoft pushes patch to prevent ‘WannaCry’ level vulnerability

This month marks the two-year anniversary since the infamous WannaCry attack. As an anniversary present to the world, Microsoft has pushed out patches to secure a newly-identified Remote Desktop Protocol (RDP) vulnerability found in certain Windows operating systems. The potential damage of the newly-discovered RDP vulnerability matches the same dangers we experienced with the WannaCry … [Read more...]

Filed Under: cybercrime, exploit, Exploits, patching, rdp, remote desktop protocol, vulnerability, WannaCry, Windows 7, Windows 8, windows server 2003, windows server 2008, windows xp, worm
May 15, 2019

Threat spotlight: CrySIS, aka Dharma ransomware, causing a crisis for businesses

CrySIS, aka Dharma, is a family of ransomware that has been evolving since 2006. We have noticed that this ransomware has become increasingly active lately, increasing by a margin of 148 percent from February until April 2019. The uptick in detections may be due to CrySIS’ effective use of multiple attack vectors. Profile of the CrySIS ransomware CrySIS/Dharma, which Malwarebytes … [Read more...]

Filed Under: Anti-Ransomware, crysis, dharma, Malware, ransom, ransomware, rdp, rdp access, Threat analysis
October 8, 2018

A week in security (October 1 – 7)

Last week, Malwarebytes welcomed National Cybersecurity Awareness Month by renewing our pledge to do what we do best: offer the best protection for our customers and promote security awareness for all. On Labs, we raised the question of whether it is a good idea to bring your own security or not, talked a little bit more about fileless malware, homed in on a malware campaign targeting Fortnite … [Read more...]

Filed Under: adobe, Android, anti-swatting, blockchain, bring your own security, byos, Chrome Extension, Fake Fortnite, fortnite, hack the marine corps, IoT, IoT botnet, Lojack, national cybersecurity awareness month, NCSAM, not botnet, password manager, phishing, phishing campaign, rdp, recap, rip attacks, SC Magazine, Security world, swatting, Torii, voice phishing, vulnerabilities, Week in security, weekly blog roundup, ZDNet
August 13, 2018

A week in security (August 6 – 12)

Last week, we published a review of exploit kits, talked about everyday tech that can give you a headache, and showed how to protect RDP access from ransomware. We also published a study on the true cost of cybercrime. Other news: Discovered at Black Hat: WhatsApp “message manipulation” (Source: The Register) Discovered at Black Hat: AI attacks (Source: The Register) Once again, … [Read more...]

Filed Under: botnet, CTNT report, cybercrime, exploit kits, Meltdown, ransomware, rdp, recap, Security world, true cost of cybercrime, twitter bots, Week in security, weekly blog roundup, whatsapp. javascript
August 10, 2018

How to protect your RDP access from ransomware attacks

You didn’t really think that the ransomware wave was coming to an end, did you? You’d be tempted to think so, given the decline in reports about massive ransomware campaigns. But this relative radio silence may be due to some recent developments in the field. Ransomware attacks are getting more targeted to be more effective. And one of the primary attack vectors is the Remote Desktop … [Read more...]

Filed Under: Business, ransomware, rdp, remote access, remote desktop protocol, Security world