HackDig : Dig high-quality web security articles for hacker

A Modern Hypervisor as a Basis for a Sandbox

In the field of information security, sandboxes are used to isolate an insecure external environment from a secure internal environment (or vice versa), to protect against the exploitation of vulnerabilities, and to analyze malicious code. At Kaspersky Lab, we have several sandboxes, including an Android sandbox. In this article, we will look at just one of
Publish At:2017-09-19 11:40 | Read:66 | Comments:0 | Tags:Publications Antivirus Technologies Security technology Targ

An (un)documented Word feature abused by attackers

A little while back we were investigating the malicious activities of the Freakyshelly targeted attack and came across spear phishing emails that had some interesting documents attached to them. They were in OLE2 format and contained no macros, exploits or any other active content. However, a close inspection revealed that they contained several links to PHP
Publish At:2017-09-18 17:05 | Read:76 | Comments:0 | Tags:Featured Research Microsoft Word Targeted Attacks Vulnerabil

Introducing WhiteBear

As a part of our Kaspersky APT Intelligence Reporting subscription, customers received an update in mid-February 2017 on some interesting APT activity that we called WhiteBear. Much of the contents of that report are reproduced here. WhiteBear is a parallel project or second stage of the Skipper Turla cluster of activity documented in another private intelli
Publish At:2017-08-30 19:50 | Read:223 | Comments:0 | Tags:Featured Research APT Cyber espionage Targeted Attacks Turla

ShadowPad in corporate networks

 ShadowPad, part 2: Technical Details (PDF) In July 2017, during an investigation, suspicious DNS requests were identified in a partner’s network. The partner, which is a financial institution, discovered the requests originating on systems involved in the processing of financial transactions. Further investigation showed that the sour
Publish At:2017-08-15 14:15 | Read:366 | Comments:0 | Tags:Featured Research Backdoor DNS Software supply-chain attack

The return of Mamba ransomware

At the end of 2016, there was a major attack against San Francisco’s Municipal Transportation Agency. The attack was done using Mamba ransomware. This ransomware uses a legitimate utility called DiskCryptor for full disk encryption. This month, we noted that the group behind this ransomware has resumed their attacks against corporations. Attack Geogra
Publish At:2017-08-09 10:25 | Read:278 | Comments:0 | Tags:Research Encryption Malware Descriptions Ransomware Targeted

APT Trends report Q2 2017

Introduction Since 2014, Kaspersky Lab’s Global Research and Analysis Team (GReAT) has been providing threat intelligence reports to a wide-range of customers worldwide, leading to the delivery of a full and dedicated private reporting service. Prior to the new service offering, GReAT published research online for the general public in an effort to hel
Publish At:2017-08-08 10:30 | Read:237 | Comments:0 | Tags:Featured Quarterly Malware Reports APT ExPetr fileless malwa

How HTML Attachments and Phishing Are Used In BEC Attacks

Traditionally, BEC attacks have used keyloggers to steal saved account information from target machines. However, using an executable file for the attachment usually flags a user not to click them as there is a high chance that the file is malicious. As a result, we’ve seen a trend wherein the attached files are no longer executable files but HTML pages: Fi
Publish At:2017-07-27 16:35 | Read:243 | Comments:0 | Tags:Social Targeted Attacks BEC HTML attachments phishing

ChessMaster Makes its Move: A Look into the Campaign’s Cyberespionage Arsenal

by Benson Sy, CH Lei, and Kawabata Kohei From gathering intelligence, using the right social engineering lures, and exploiting vulnerabilities to laterally moving within the network, targeted attacks have multifarious tools at their disposal. And like in a game of chess, they are the set pieces that make up their modus operandi. Take for instance the self-na
Publish At:2017-07-27 08:10 | Read:245 | Comments:0 | Tags:Targeted Attacks APT10 ChChes ChessMaster EMDIVI menuPass

Spring Dragon – Updated Activity

Spring Dragon is a long running APT actor that operates on a massive scale. The group has been running campaigns, mostly in countries and territories around the South China Sea, since as early as 2012. The main targets of Spring Dragon attacks are high profile governmental organizations and political parties, education institutions such as universities, as w
Publish At:2017-07-24 17:05 | Read:205 | Comments:0 | Tags:Research APT Targeted Attacks

Webinar: What’s Next for Targeted Attacks?

If there’s one thing that we’ve been repeating almost constantly this year, it’s that malware is evolving. And fast. But it might be more accurate to say that attacks themselves are evolving, and especially targeted attacks. As reported by Verizon in their 2017 Data Breach Investigations Report, malware was used in 51% of the cases in which there was a data
Publish At:2017-06-22 22:25 | Read:324 | Comments:0 | Tags:PandaLabs targeted attacks webinar

Following the Trail of BlackTech’s Cyber Espionage Campaigns

by Lenart Bermejo, Razor Huang, and CH Lei (Threat Solution Team) BlackTech is a cyber espionage group operating against targets in East Asia, particularly Taiwan, and occasionally, Japan and Hong Kong. Based on the mutexes and domain names of some of their C&C servers, BlackTech’s campaigns are likely designed to steal their target’s technology. Followi
Publish At:2017-06-22 19:05 | Read:442 | Comments:0 | Tags:Targeted Attacks BlackTech cyber espionage PLEAD Shrouded Cr

APT Trends report, Q1 2017

Kaspersky Lab is currently tracking more than a hundred threat actors and sophisticated malicious operations targeting commercial and government organizations in over 80 countries. During the first quarter of 2017, there were 33 private reports released to subscribers of our Intelligence Services, with Indicators of Compromise (IOC) data and YARA rules to as
Publish At:2017-04-27 19:15 | Read:743 | Comments:0 | Tags:Analysis Featured Quarterly Malware Reports APT fileless mal

APT Threat Evolution in Q1 2017

Kaspersky Lab is currently tracking more than a hundred threat actors and sophisticated malicious operations targeting commercial and government organizations in over 80 countries. During the first quarter of 2017, there were 33 private reports released to subscribers of our Intelligence Services, with Indicators of Compromise (IOC) data and YARA rules to as
Publish At:2017-04-27 05:40 | Read:453 | Comments:0 | Tags:Analysis Featured Quarterly Malware Reports APT fileless mal

Pawn Storm Abuses Open Authentication in Advanced Social Engineering Attacks

Pawn Storm is an active and aggressive espionage actor group that has been operating since 2004. The group uses different methods and strategies to gain information from their targets, which are covered in our latest research. However, they are particularly known for dangerous credential phishing campaigns. In 2016, the group set up aggressive credential phi
Publish At:2017-04-25 19:50 | Read:551 | Comments:0 | Tags:Targeted Attacks OAuth Pawn Storm

Unraveling the Lamberts Toolkit

Yesterday, our colleagues from Symantec published their analysis of Longhorn, an advanced threat actor that can be easily compared with Regin, ProjectSauron, Equation or Duqu2 in terms of its complexity. Longhorn, which we internally refer to as “The Lamberts”, first came to the attention of the ITSec community in 2014, when our colleagues from F
Publish At:2017-04-16 11:45 | Read:680 | Comments:0 | Tags:Blog Research Backdoor Malware Descriptions Targeted Attacks

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud