HackDig : Dig high-quality web security articles for hackers

Lookalike domains and how to outfox them

Our colleagues already delved into how cybercriminals attack companies through compromised email addresses of employees, and how to protect against such attacks using SPF, DKIM and DMARC technologies. But despite the obvious pluses of these solutions, there is a way to bypass them that we want to discuss. But let’s start from a different angle: how rel
Publish At:2020-11-24 07:37 | Read:78 | Comments:0 | Tags:Featured Security technologies Malicious spam Phishing Secur

IT threat evolution Q3 2020. Non-mobile statistics

These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data. Quarterly figures According to Kaspersky Security Network, in Q3: Kaspersky solutions blocked 1,416,295,227 attacks launched from online resources across the globe. 456,573,467 unique URLs were recognized as malicious by Web
Publish At:2020-11-20 07:18 | Read:84 | Comments:0 | Tags:Featured Malware reports Apple MacOS Financial malware Inter

IT threat evolution Q3 2020

Targeted attacks MATA: Lazarus’s multi-platform targeted malware framework The more sophisticated threat actors are continually developing their TTPs (Tactics, Techniques and Procedures) and the toolsets they use to compromise the systems of their targets. However, malicious toolsets used to target multiple platforms are rare, because they required sig
Publish At:2020-11-20 06:07 | Read:78 | Comments:0 | Tags:Featured Malware reports Backdoor Exploit Kits Malware Descr

IT threat evolution Q3 2020 Mobile statistics

The statistics presented here draw on detection verdicts returned by Kaspersky products and received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, the third quarter saw: 1,189 797 detected malicious installers, of which 39,051 packages were related to mobile banking trojans; 6063 packages
Publish At:2020-11-20 06:07 | Read:81 | Comments:0 | Tags:Featured Malware reports Adware Malware Statistics Ransomwar

Advanced Threat predictions for 2021

Trying to make predictions about the future is a tricky business. However, while we don’t have a crystal ball that can reveal the future, we can try to make educated guesses using the trends that we have observed over the last 12 months to identify areas that attackers are likely to seek to exploit in the near future. Let’s start by reflecting on
Publish At:2020-11-19 06:20 | Read:162 | Comments:0 | Tags:Featured Kaspersky Security Bulletin APT Cybercrime Data lea

Spam and phishing in Q3 2020

Quarterly highlights Worming their way in: cybercriminal tricks of the trade These days, many companies distribute marketing newsletters via online platforms. In terms of capabilities, such platforms are quite diverse: they send out advertising and informational messages, harvest statistics (for example, about clicked links in emails), and the like. At the s
Publish At:2020-11-12 07:00 | Read:153 | Comments:0 | Tags:Featured Spam and phishing reports Phishing websites Spam Le

Ghimob: a Tétrade threat actor moves to infect mobile devices

Guildma, a threat actor that is part of the Tétrade family of banking trojans, has been working on bringing in new techniques, creating new malware and targeting new victims. Recently, their new creation, the Ghimob banking trojan, has been a move toward infecting mobile devices, targeting financial apps from banks, fintechs, exchanges and cryptocurrencies i
Publish At:2020-11-09 06:05 | Read:232 | Comments:0 | Tags:Featured Malware descriptions Brazil Cryptocurrencies Financ

RansomEXX Trojan attacks Linux systems

We recently discovered a new file-encrypting Trojan built as an ELF executable and intended to encrypt data on machines controlled by Linux-based operating systems. After the initial analysis we noticed similarities in the code of the Trojan, the text of the ransom notes and the general approach to extortion, which suggested that we had in fact encountered a
Publish At:2020-11-06 11:47 | Read:153 | Comments:0 | Tags:Featured Malware descriptions Encryption Linux Malware Descr

Attacks on industrial enterprises using RMS and TeamViewer: new data

 Download full report (PDF) Executive Summary In summer 2019, Kaspersky ICS CERT identified a new wave of phishing emails containing various malicious attachments. The emails target companies and organizations from different sectors of the economy that are associated with industrial production in one way or another. We reported these attacks in 2018 in
Publish At:2020-11-05 07:18 | Read:123 | Comments:0 | Tags:Featured Industrial threats Backdoor JavaScript Malware RAT

APT trends report Q3 2020

For more than three years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They
Publish At:2020-11-03 08:30 | Read:172 | Comments:0 | Tags:APT reports Featured APT Chinese-speaking cybercrime Cyber e

DDoS attacks in Q3 2020

News overview Q3 was relatively calm from a DDoS perspective. There were no headline innovations, although cybercriminals did continue to master techniques and develop malware already familiar to us from the last reporting period. For example, another DDoS botnet joined in the assault on Docker environments. The perpetrators infiltrated the target server, cr
Publish At:2020-10-28 07:50 | Read:166 | Comments:0 | Tags:DDoS reports Featured Botnets Cybercrime DDoS-attacks Intern

On the trail of the XMRig miner

As protection methods improve, the developers of miners have had to enhance their own creations, often turning to non-trivial solutions. Several such solutions (previously unseen by us) were detected during our analysis of the open source miner XMRig. How it all began: ransominer Alongside well-known groups that make money from data theft and ransomware (for
Publish At:2020-10-22 07:54 | Read:236 | Comments:0 | Tags:Featured Research Cryptocurrencies Financial malware Miner T

Life of Maze ransomware

In the past year, Maze ransomware has become one of the most notorious malware families threatening businesses and large organizations. Dozens of organizations have fallen victim to this vile malware, including LG, Southwire, and the City of Pensacola. The history of this ransomware began in the first half of 2019, and back then it didn’t have any dist
Publish At:2020-10-21 08:30 | Read:201 | Comments:0 | Tags:Featured Malware descriptions Cybercrime Data leaks Doxing E

GravityRAT: The spy returns

In 2018, researchers at Cisco Talos published a post on the spyware GravityRAT, used to target the Indian armed forces. The Indian Computer Emergency Response Team (CERT-IN) first discovered the Trojan in 2017. Its creators are believed to be Pakistani hacker groups. According to our information, the campaign has been active since at least 2015, and previous
Publish At:2020-10-19 06:59 | Read:301 | Comments:0 | Tags:Featured Research Cyber espionage Phishing Phishing websites

IAmTheKing and the SlothfulMedia malware family

On October 1, 2020, the DHS CISA agency released information about a malware family called SlothfulMedia, which they attribute to a sophisticated threat actor. We have been tracking this set of activity through our private reporting service, and we would like to provide the community with additional context. In June 2018, we published the first report on a n
Publish At:2020-10-15 07:50 | Read:250 | Comments:0 | Tags:APT reports Featured Backdoor Keyloggers Malware Description