According to numerous open-source reports, a widespread ransomware campaign is affecting various organizations with reports of tens of thousands of infections in as many as 74 countries, including the United States, United Kingdom, Spain, Russia, Taiwan, France, and Japan. The software can run in as many as 27 different languages. The latest version of this ransomware variant, known as WannaCry, WCry, or Wanna Decryptor, was discovered the morning of May 12, 2017, by an independent security researcher and has spread rapidly over several hours, with initial reports beginning around 4:00 AM EDT, May 12, 2017. Open-source reporting indicates a requested ransom of .1781 bitcoins, roughly $300 U.S. This Alert is the result of efforts between the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI) to highlight known cyber threats. DHS and the FBI continue to pursue related information of threats to federal, state, and local government systems and as such, further releases of technical information may be forthcoming.
SelengkapnyaOn June 21, 2016, FireEye’s Dynamic Threat Intelligence (DTI) identified an increase in JavaScript contained within spam emails. FireEye analysts determined the increase was the result of a new Locky ransomware spam campaign. ...
SelengkapnyaIt all started from a spam campaign. Figure 1 shows a campaign we picked up recently from our spam traps with a suspicious document file attachment. ...
SelengkapnyaDiscovered in the wild in the summer of 2014, GootKit is believed to be a privately held cybercrime tool that is not sold to other criminals in underground forums and is operated by a closed gang. ....
SelengkapnyaOn the morning of 26th June, news of a phishing campaign hit the Israeli media. Thousands of Facebook users complained that they had been infected by a virus through their accounts after they received a message from a Facebook friend claiming they had mentioned them in a comment. ....
SelengkapnyaOver the course of the last year, ESET has detected and analyzed several instances of malware used for targeted espionage – dubbed SBDH toolkit. Using powerful filters, various methods of communication with its operators and an interesting persistence technique, it aims to exfiltrate selected files from governmental and public institutions, which are mostly focused on economic growth and cooperation in Central and Eastern Europe."
SelengkapnyaThe recent discovery of Wekby and Point of Sale malware using DNS requests as a command and control channel highlights the need to consider DNS as a potentially malicious channel. Although a skilled analyst may be able to quickly spot unusual activity because they are familiar with their organisation’s normal DNS activity, manually reviewing DNS logs is typically time consuming and tedious. In an environment where it might be unclear what malicious DNS traffic looks like, how can we identify malicious DNS requests? ...
SelengkapnyaThe last few weeks saw new variants of the Locky ransomware that employs a new anti-sandbox technique. In these new variants, Locky’s loader code uses a seed parameter from its JavaScript downloader in order to decrypt embedded malicious code and execute it properly. For example, the downloaded Locky executable is executed by the JavaScript in the following manner: ...
SelengkapnyaAn old banking Trojan has been operating in Europe on a low level has spiked in activity after migrating to Japan. Cybercriminals are using local brand names such as local ISP providers and legitimate looking addresses to fool users into downloading malware that can steal information by monitoring browsers, file transfer protocol (FTP) clients, and mail clients. Its targets? Mostly rural banks. ...
SelengkapnyaWhilst sitting and working in the South African office I receive an email from my Swedish ISP. I quickly look at it and there is something that doesn’t add up. The email states that I need to pay my invoice, but I never receive electronic invoices from this company. ...
SelengkapnyaId-SIRTII/CC memiliki tugas pokok melakukan sosialisasi dengan pihak terkait tentang IT security (keamanan sistem informasi), melakukan pemantauan dini, pendeteksian dini, peringatan dini terhadap ancaman terhadap jaringan telekomunikasi dari dalam maupun luar negeri khususnya dalam tindakan pengamanan pemanfaatan jaringan, membuat/menjalankan/mengembangkan dan database log file serta statistik keamanan Internet di Indonesia
