by CIRT Team
MALVERTISING CAMPAIGN REDIRECTS BROWSERS TO TERROR EXPLOIT KIT [source: threatpost]
Security experts are warning some “Quit Smoking” and “20 Minute Fat Loss” ads online are delivering more than sales pitches. According to researchers at Zscaler, ads are redirecting browsers to malicious landing pages hosting the Terror exploit kit. The campaigns have been sustained, with the initial blast spotted on Sept. 1 and lasting through Oct. 23. “Terror EK activity has been low throughout the year...
Read More
by CIRT Team
One year after the Dyn DDoS attack, what’s changed? [source: ciodive]
Last October, the internet broke, or stuttered, depending on who you ask. One year later, those vulnerabilities remain and a year from now, connectivity will still be at the mercy of attackers. DDoS attacks have become commonplace, but that doesn’t limit the potential negative impact on businesses. In a domain analysis of the top 100 U.S. websites — which includes companies like Netflix, Twitter, YouTube, Reddit, Amazon.com and...
Read More
by CIRT Team
LOKIBOT – THE FIRST HYBRID ANDROID MALWARE [source: clientsidedetection]
Lately we have been seeing a new variant of Android banking malware which is well-developed and provides numerous unique features such as a ransomware module. Based on the BTC addresses that are used in the source code it seems that the actors behind this new Android malware are successful cybercriminals with over 1.5 million dollars in BTC. It is very unlikely that the actors behind...
Read More
by CIRT Team
DUHK Crypto Attack Recovers Encryption Keys, Exposes VPN [source: bleepingcomputer]
After last week we had the KRACK and ROCA cryptographic attacks, this week has gotten off to a similarly “great” start with the publication of a new crypto attack known as DUHK (Don’t Use Hard-coded Keys). The issue at the heart of the DUHK attack is a combination of two main factors. The first is the usage of the ANSI X9.31 Random Number Generator (RNG). This is an algorithm...
Read More
by CIRT Team
LokiBot Android Banking Trojan Turns Into Ransomware [source: bleepingcomputer]
Security researchers have spotted a new Android banking trojan named LokiBot that turns into ransomware and locks users’ phones when they try to remove its admin privileges. The malware is more banking trojan than ransomware — according to SfyLabs researchers, the ones who discovered it — and is used for this purpose primarily. Just like similar Android banking trojans, LokiBot works by showing fake login...
Read More
by CIRT Team
Crypto Miners – The Silent CPU Killer of 2017 [source: checkpoint]
The Pirate Bay, the world’s largest BitTorrent indexer, is a massive online source for digital content– movies, games and software—and is among the top 100 most popular websites globally, according to Alexa. No stranger to controversy for its role in illegal downloads, a few weeks ago it was discovered that The Pirate Bay operators have begun using the website users’ computer resources to mine the Monero...
Read More
by CIRT Team
Full Decryption of Systems Encrypted by Petya/NotPetya [source: crowdstrike]
Almost the complete Master File Table (MFT) can be decrypted. In this post, we describe our approach to collect more keystream bytes, which eventually leads to decrypt the complete disk. Technical Analysis Encryption of Files MFT records already store the content of a file, if the file is at most 900 bytes in size. This means that the tool decryptPetya.py from our first blog post can already...
Read More
by CIRT Team
Cybercriminals focus on the shipping and cloud storage sectors [source: helpnetsecurity]
The Anti-Phishing Working Group’s latest report found upticks in phishing attacks against companies in the Logistics & Shipping as well Cloud Storage & File Hosting sectors, mounted by cyber gangs against the accounts of both individuals and enterprises. Once they steal usernames and passwords, the criminals can then steal not only funds, but also use services to spend spam mail, order goods for resale, and other...
Read More
by CIRT Team
APT Activity Targeting Energy and Other Critical Infrastructure Sectors [source: us-cert]
Systems Affected Domain Controllers File Servers Email Servers Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides information on advanced persistent threat (APT) actions targeting government entities and organizations in the energy, nuclear, water, aviation, and critical manufacturing sectors. Working with U.S. and international partners,...
Read More
by CIRT Team
Unauthorized Coin Mining in the Browser [source: paloaltonetworks]
Cryptocurrencies have taken the world by storm. From the biggest player Bitcoin to newcomers such as Monero and Ethereum, cryptocurrency mining has become a hot industry due in part to powerful, dedicated mining hardware or by utilizing graphics cards’ parallel computing power. Recently, browser coin mining has taken off, for a lot of different reasons. Although the computing power per instance is much less than...
Read More
