HackDig : Dig high-quality web security articles for hackers

Threat spotlight: WastedLocker, customized ransomware

WastedLocker is a new ransomware operated by a malware exploitation gang commonly known as the Evil Corp gang. The same gang that is associated with Dridex and BitPaymer. The attribution is not based on the malware variants as WastedLocker is very different from BitPaymer. What was kept was the ability to add specific modules for different targets. The
Publish At:2020-07-10 15:15 | Read:447 | Comments:0 | Tags:Threat spotlight evil corp Ransom.BinADS ransomware wasted w

Search hijackers change Chrome policy to remote administration

The latest type of installer in the saga of search hijacking changes a Chrome policy which tells users it can’t be removed because the browser is managed from the outside. As you can imagine, that has freaked out quite a few Chrome users. We have talked about the search hijacker’s business model in detail. Suffice to say, it is a billion-dollar indust
Publish At:2020-06-11 12:57 | Read:374 | Comments:0 | Tags:Threat spotlight capita chrome policies chrome policy extens

Maze: the ransomware that introduced an extra twist

An extra way to create leverage against victims of ransomware has been introduced by the developers of the Maze ransomware. If the victim is not convinced that she should pay the criminals because her files are encrypted, there could be an extra method of extortion. Over time, more organizations have found ways to keep safe copies of their important files or
Publish At:2020-05-29 16:05 | Read:563 | Comments:0 | Tags:Threat spotlight data Fallout Maze pulse ransomware Spelevo

Threat spotlight: RobbinHood ransomware takes the driver’s seat

Despite their name, the RobbinHood cybercriminal gang is not stealing from the rich to give to the poor. Instead, these ransomware developers are more like big game hunters—attacking enterprise organizations and critical infrastructure and keeping all the spoils for themselves. In 2019, the RobbinHood ransomware creators successfully attacked and receive
Publish At:2020-02-20 17:07 | Read:890 | Comments:0 | Tags:Threat spotlight .enc_robbinhood Anti-Ransomware baltimore b

Business in the front, party in the back: backdoors in elastic servers expose private data

It seems like every day we read another article about a data breach or leak of cloud storage exposing millions of users’ data. The unfortunate truth is that the majority of these leaks require no actual “hacking” on the part of the attacker. Most of the time, this highly confidential data is just sitting in open databases, ripe for the
Publish At:2020-01-17 16:50 | Read:1177 | Comments:0 | Tags:Threat spotlight aws AWS buckets cloud database cloud databa

Threat spotlight: Phobos ransomware lives up to its name

Ransomware has struck dead on organizations since it became a mainstream tool in cybercriminals’ belts years ago. From massive WannaCry outbreaks in 2017 to industry-focused attacks by Ryuk in 2019, ransomware’s got its hooks in global businesses and shows no signs of stopping. That includes a malware family known as Phobos ransomware, named afte
Publish At:2020-01-10 16:50 | Read:1488 | Comments:0 | Tags:Threat spotlight brute force coveware crysis crysis ransomwa

Threat spotlight: The curious case of Ryuk ransomware

Ryuk. A name once unique to a fictional character in a popular Japanese comic book and cartoon series is now a name that appears in several rosters of the nastiest ransomware to ever grace the wild web. For an incredibly young strain—only 15 months old—Ryuk ransomware gaining such notoriety is quite a feat to achieve. Unless the threat actors behind its
Publish At:2019-12-12 21:50 | Read:1703 | Comments:0 | Tags:Threat spotlight AES average ransom amount BitPaymer BitPaym

Threat Spotlight: Cisco Talos Thwarts Access to Massive International Exploit Kit Generating $60M Annually From Ransomwa

This post was authored by Nick Biasini with contributions from Joel Esler, Nick Hebert, Warren Mercer, Matt Olney, Melissa Taylor, and Craig Williams.Executive SummaryToday, Cisco struck a blow to a group of hackers, disrupting a significant international revenue stream generated by the notorious Angler Exploit Kit.  Angler is one of the largest exploit kit
Publish At:2015-10-06 18:20 | Read:4652 | Comments:0 | Tags:Threat Research angler exploit kit Talos threat spotlight ex

Threat Spotlight: Rombertik – Gazing Past the Smoke, Mirrors, and Trapdoors

This post was authored by Ben Baker and Alex Chiu.Executive SummaryThreat actors and security researchers are constantly looking for ways to better detect and evade each other.  As researchers have become more adept and efficient at malware analysis, malware authors have made an effort to build more evasive samples.  Better static, dynamic, and automated ana
Publish At:2015-05-04 18:05 | Read:6357 | Comments:0 | Tags:Threat Research malware reverse engineering Rombertik Talos

Threat Spotlight: TeslaCrypt – Decrypt It Yourself

This post was authored by: Andrea Allievi, Earl Carter & Emmanuel TacheauAfter the takedown of Cryptolocker, we have seen the rise of Cryptowall. Cryptowall 2 introduced “features” such as advanced anti-debugging techniques, only to have many of those features removed in Cryptowall 3. Ransomware is becoming an extremely lucrative business, leading to man
Publish At:2015-04-27 21:30 | Read:5991 | Comments:0 | Tags:Threat Research ransomware Talos TeslaCrypt threat spotlight

Threat Spotlight: Upatre – Say No to Drones, Say Yes to Malware

This post was authored by Nick Biasini and Joel EslerTalos has observed an explosion of malicious downloaders in 2015 which we’ve documented on several occasions on our blog. These downloaders provide a method for attackers to push different types of malware to endpoint systems easily and effectively. Upatre is an example of a malicious downloader Talos has
Publish At:2015-04-17 16:25 | Read:4245 | Comments:0 | Tags:Threat Research malware Talos threat spotlight upatre

Threat Spotlight: SSHPsychos

This post was authored by Nick Biasini, Matt Olney, & Craig Williams IntroductionTalos has been monitoring a persistent threat for quite some time, a group we refer to as SSHPsychos or Group 93. This group is well known for creating significant amounts of scanning traffic across the Internet. Although our research efforts help inform and protect Cis
Publish At:2015-04-09 15:40 | Read:3493 | Comments:0 | Tags:Threat Research Group 93 SSHPsychos Talos threat spotlight

Threat Spotlight: Spam Served With a Side of Dridex

This post was authored by Nick Biasini with contributions from Kevin BrooksOverviewThe use of macro enabled word documents has exploded over the last year, a primary example payload being Dridex. Last week, Talos researchers identified another short lived spam campaign that was delivering a new variant of Dridex. This particular campaign lasted less than fiv
Publish At:2015-04-06 23:35 | Read:5309 | Comments:0 | Tags:Threat Research Dridex email Talos threat spotlight

Threat Spotlight: “Kyle and Stan” Malvertising Network 9 Times Larger Than Expected

This post was authored by Armin Pelkmann.On September 8th, Cisco’s Talos Security Intelligence & Research Group unveiled the existence of the “Kyle and Stan” Malvertisement Network. The network was responsible for placing malicious advertisements on big websites like amazon.com, ads.yahoo.com, www.winrar.com, youtube.com and 70 other do
Publish At:2014-09-23 02:00 | Read:5125 | Comments:0 | Tags:Security adware AMP Cisco Security CWS esa hacking kyle kyle

Tools

Tag Cloud