Alert (TA17-132A)-According to numerous open-source reports, a widespread ransomware campaign is affecting various organizations with reports of tens of thousands of infections in as many as 74 countries, including the United States, United Kingdom, Spain, Russia, Taiwan, France, and Japan. The software can run in as many as 27 different languages. The latest version of this ransomware variant, known as WannaCry, WCry, or Wanna Decryptor, was discovered the morning of May 12, 2017, by an independent security researcher and has spread rapidly over several hours, with initial reports beginning around 4:00 AM EDT, May 12, 2017. Open-source reporting indicates a requested ransom of .1781 bitcoins, roughly $300 U.S. This Alert is the result of efforts between the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI) to highlight known cyber threats. DHS and the FBI continue to pursue related information of threats to federal, state, and local government systems and as such, further releases of technical information may be forthcoming.Minggu, 14 May 2017
Locky Is Back Asking For Unpaid DebtsSudeep Singh, Jonell Baltazar, Joonho Sa, Threat Research Blog (FireEye)On June 21, 2016, FireEye’s Dynamic Threat Intelligence (DTI) identified an increase in JavaScript contained within spam emails. FireEye analysts determined the increase was the result of a new Locky ransomware spam campaign. ...Senin, 01 Aug 2016
How I Cracked a Keylogger and Ended Up in Someone's InboxRodel Mendrez, SpiderLabs Blog (Trustwave)It all started from a spam campaign. Figure 1 shows a campaign we picked up recently from our spam traps with a suspicious document file attachment. ...Senin, 01 Aug 2016
GootKit: Bobbing and Weaving to Avoid Prying EyesLimor Kessem, Security Intelligence (IBM Blog)Discovered in the wild in the summer of 2014, GootKit is believed to be a privately held cybercrime tool that is not sold to other criminals in underground forums and is operated by a closed gang. ....Senin, 01 Aug 2016
Facebook malware: tag me if you canIdo Naor, SecureList (Kaspersky Lab Blog)On the morning of 26th June, news of a phishing campaign hit the Israeli media. Thousands of Facebook users complained that they had been infected by a virus through their accounts after they received a message from a Facebook friend claiming they had mentioned them in a comment. ....Senin, 01 Aug 2016
Espionage toolkit targeting Central and Eastern Europe uncoveredTomáš Gardo?, WeLiveSecurity (ESET Blog)Over the course of the last year, ESET has detected and analyzed several instances of malware used for targeted espionage – dubbed SBDH toolkit. Using powerful filters, various methods of communication with its operators and an interesting persistence technique, it aims to exfiltrate selected files from governmental and public institutions, which are mostly focused on economic growth and cooperation in Central and Eastern Europe."Senin, 01 Aug 2016
Detecting DNS Data ExfiltrationMartin Lee, Jaeson Schultz and Warren Mercer, Talos (Cisco Blog)The recent discovery of Wekby and Point of Sale malware using DNS requests as a command and control channel highlights the need to consider DNS as a potentially malicious channel. Although a skilled analyst may be able to quickly spot unusual activity because they are familiar with their organisation’s normal DNS activity, manually reviewing DNS logs is typically time consuming and tedious. In an environment where it might be unclear what malicious DNS traffic looks like, how can we identify malicious DNS requests? ...Kamis, 14 Jul 2016
Cracking Locky’s New Anti-Sandbox TechniqueFloser Bacurio and Roland Dela Paz, FortinetThe last few weeks saw new variants of the Locky ransomware that employs a new anti-sandbox technique. In these new variants, Locky’s loader code uses a seed parameter from its JavaScript downloader in order to decrypt embedded malicious code and execute it properly. For example, the downloaded Locky executable is executed by the JavaScript in the following manner: ...Kamis, 14 Jul 2016
BEBLOH Expands to Japan in Latest Spam AttackJanus Agcaoili, TrendLabs Security Intelligence Blog (Trend Micro)An old banking Trojan has been operating in Europe on a low level has spiked in activity after migrating to Japan. Cybercriminals are using local brand names such as local ISP providers and legitimate looking addresses to fool users into downloading malware that can steal information by monitoring browsers, file transfer protocol (FTP) clients, and mail clients. Its targets? Mostly rural banks. ...Kamis, 14 Jul 2016
An increase of sophisticated phishing attacks in SwedenDavid Jacoby, SecureList (Kaspersky Lab)Whilst sitting and working in the South African office I receive an email from my Swedish ISP. I quickly look at it and there is something that doesn’t add up. The email states that I need to pay my invoice, but I never receive electronic invoices from this company. ...Kamis, 14 Jul 2016
Disclaimer | Copyright © 2013 - Id-SIRTII/CC
Id-SIRTII/CC - Indonesia Security Incident Response Team on Internet Infrastructure/Coordination Center
Menara Ravindo Lt. 17, Jl. Kebon Sirih No. 75 Jakarta Pusat, 10340, Indonesia
Member of: