Tag: Threat Analysis

How credential stuffing contributed to 8.3B malicious botnet logins in early 2018

Nearly 300,000 malicious login attempts by one type of botnet occur every hour, according to a new Akamai report. The specific attack vector the study focuses on is credential stuffing, a cyberattack in which botnets try to log into a site and steal a person’s identity, information, or money.

Credential stuffing attacks have been on the rise this year, according to the report. Akamai found 8.3 billion malicious login attempts from bots between May and June 2018, a sharp increase from 6.4 billion in March and April 2018. The US, Russia, and Vietnam are the biggest sources of credential stuffing botnet attacks, said the report.

Read more about the findings of the Akamai report on TechRepublic.

Cryptojackers Grow Dramatically on Enterprise Networks

Cryptojacking — threat actors placing illicit cryptocurrency miners on a victim’s systems — is a growing threat to enterprise IT according to a just-released report from the Cyber Threat Alliance (CTA). CTA members have seen miner detections increase 459% from 2017 through 2018 and there’s no sign that the rate of infection is slowing.

The joint paper, written with contributions from a number of CTA members (including Cisco Talos, Fortinet, McAfee, Rapid7, NTT Security, Sophos, and Palo Alto Networks), points out that there is little unique in the methods cryptojackers use to infect their victims; defending against cryptojackers is identical in almost every respect to defending against other threats.

Read more about the findings of the new report on DarkReading.

Dangerous Pegasus Spyware Has Spread to 45 Countries

The infamous Pegasus spyware, which targets iPhones and Android devices, has allegedly infiltrated 45 different countries across the globe — and six of those countries have used surveillance malware in the past to abuse human rights, a group of researchers claim.

Researchers from The Citizen Lab scanned the internet in a massive project that took place between 2016 and 2018, sniffing out servers associated with the Pegasus mobile spyware, attributed to Israel-based company NSO Group as an offering for state-level actors around the world.

Read more about the malicious Pegasus spyware that has been active since August 2016, on Threatpost.

Cybercrime: Ransomware remains a ‘key’ malware threat says Europol

Ransomware remains the top malware threat to organisations, causing millions of dollars of damage and remaining a potent tool for cyber criminals and nation-state attackers. The rise of highly targeted file-locking malware campaigns and the threat posed by nation-state backed campaigns, means ransomware “remains the key malware threat in both law enforcement and industry reporting,” warns Europol’s 2018 Internet Organised Crime Threat Assessment (IOCTA) report.

Ransomware families like Cerber, Cryptolocker, Crysis, CTBLocker, Dharma and Locky are cited among those most damaging to businesses over the past 12 months.

Read more about the findings of the new Europol report on ZDNet.

Websites Attack Attempts Rose in Q2

New data shows attackers are trying to sneak past malware scanners on websites using stealthy hacks such as cryptojacking and malicious JavaScript.

Website security service provider SiteLock analyzed data from 6 million customer websites for the second quarter of 2018 and found that a website, on average, suffers 58 attack attempts per day – or one every 25 minutes – an increase of 16% since the first quarter of this year. That jump comes after a dip in attack attempts from the fourth quarter of 2017 (63 attempts each day) to Q1 of this year (50 per day).

Read more about the findings of the new SiteLock report on DarkReading.

How lucrative is web-based cryptojacking?

1 out of 500 of the one million most visited websites according to Alexa contains a web-based cryptominer that starts mining as soon as the website has been opened in the browser, researchers from the Braunschweig University of Technology have found.

Still, despite not being rare, web-based cryptojacking is not hugely lucrative. “Based on the configuration of typical desktop computers and statistics about website visits, we estimate the revenue generated by individual miners in the Alexa ranking at a range of a few cents up to 340 USD per day under the current price of the respective cryptocurrencies,” the researchers say.

Read more about the findings of the new research on Help Net Security.

Botnets Serving Up More Multipurpose Malware

In a troubling trend for enterprises, an analysis of botnet activity in the first six months of 2018 shows that multifunctional malware tools are becoming increasingly popular among attackers. Kaspersky Lab inspected more than 150 malware families and their modifications across some 60,000 botnets around the world and found that the share of multipurpose Remote Access Tools has almost doubled on botnets since the beginning of 2017 – from 6.5% to 12.2%.

The three most widespread of these RATs or backdoors—Njrat, DarkComet, and Nanocore—are all malware tools that attackers can relatively easily modify for different purposes or adapt for distribution in specific regions.

Read more about the findings of the new Kaspersky Lab research on DarkReading.

Beware: Hackers are trying to scam your company with this attack

Cybercriminals targeting companies often turn to Business Email Compromise (BEC) scams to steal funds, causing billions of dollars in fraud losses over the past few years, according to a new report from Barracuda. Criminals use BEC attacks to gain access to a business email account and pretend to be the account owner to defraud the company and its employees, customers, or partners, the report noted.

The report examined 3,000 BEC attacks from Barracuda’s Sentinel system. The most common BEC attack involved the hacker trying to trick a recipient to do a wire transfer to a bank account owned by the attacker (47%). Other types of attacks included trying to get a recipient to click a malicious link (40%), establishing rapport with the victim (12%), and stealing PII like W2 forms (1%).

Read more about the findings of the new Barracuda report on DarkReading.

The anatomy of fake news: Rise of the bots

Spreading misinformation has become a mainstream topic to the extent that even the term ‘Twitter bot’ is a well-recognised term establishing itself into the modern lexicon. Whilst the term is well known, it can be argued that the development and inner workings of Twitter bots are less well understood.

A recent study conducted by Social Safeguard analysed the impact and techniques leveraged by such bots, and in particular looked at bots attributed to Russian disinformation campaigns on Twitter. The concept of bot armies is challenged in the research, of the 320,000 accounts identified the bots were divided into thematic categories presenting both sides of the story.

Read more about the findings of the recent study by Social Safeguard on Help Net Security.

Simple but extremely effective: Inside the world’s most prolific mobile banking malware

Asacub is one of the world’s most successful mobile banking trojans, responsible for stealing funds from hundreds of thousands of users worldwide. How did this unremarkable piece of malware become so prolific?

While Asacub initially started life as a form of spyware in the first half of 2015, by the start of the following year, the malware had shifted to stealing funds and banking information – and has kept that focus ever since. To date, Asacub has infected over 225,000 users, almost all of whom are in Russia, although it has also hit victims across the former USSR, as well as Germany, the United States and others, according to researchers at Kasperky Lab.

Read more about the the rise of the Asacub banking trojan on ZDNet.