Connecting the Dots Reveals Crimeware Shake-upNick Biasini, Talos (Cisco Blog)For a couple of weeks in June the threat landscape was changed. Several high profile threats fell off the scene, causing a shake-up that hadn't been seen before. For a period of three weeks the internet was safer, if only for a short time. Still to date the Angler exploit kit has not returned and the threat outlook appears to be forever changed. This post will discuss a series of connections tying back to a banking trojan called lurk and a registrant account with ties that were far reaching across crimeware. ...Kamis, 14 Jul 2016
MIRCOP Crypto-Ransomware Channels Guy Fawkes, Claims To Be The Victim InsteadJaaziel Carlos, TrendLabs Security Intelligence Blog (Trend Micro)Detected as RANSOM_MIRCOP.A, MIRCOP places the blame on users and does not give victims instructions on how to pay the ransom. In fact, it assumes that victims already know how to pay them back. .....Selasa, 28 Jun 2016
After Angler: Shift in Exploit Kit Landscape and New Crytpo-Ransomware ActivityJoseph C Chen, TrendLabs Security Intelligence Blog (Trend Micro)After the arrest of 50 people accused of using malware to steal US$25 million, it is interesting to note that Angler basically stopped functioning. With Angler’s reported inactivity, it appears that cybercriminals are scrambling to find new exploit kits to deliver malware. Angler had been the exploit kit of choice because it was the most aggressive in terms of including new exploits and it was able to apply a lot of antivirus evasion techniques such as payload encryption and fileless infection. .....Selasa, 28 Jun 2016
‘PunkeyPOS’: Researchers Discover Ongoing Malware Campaign Targeting US BusinessesMaritza Santillan, The State of Security (Tripwire Blog)Researchers have identified an ongoing campaign that has infected over 200 point-of-sale terminals leveraging ‘PunkeyPOS’ – a malware variant first uncovered in April 2015. .....Selasa, 28 Jun 2016
Tracking Elirks Variants in Japan: Similarities to Previous AttacksKaoru Hayashi, Unit 42 (Paloalto Networks Blog)A recent, well-publicized attack on a Japanese business involved two malware families, PlugX and Elirks, that were found during the investigation. PlugX has been used in a number of attacks since first being discovered in 2012, and we have published several articles related to its use, including an analysis of an attack campaign targeting Japanese companies. ....Selasa, 28 Jun 2016
zCrypt Ransomware: under the hoodMalwarebytes LabsRansomware has become the new norm for cyber-criminals. Every week there are fresh ransomware threats with new functionalities and improvements. .....Selasa, 28 Jun 2016
University pays $20,000 to ransomware hackersBBC NewsThe University of Calgary transferred 20,000 Canadian dollars-worth of bitcoins ($15,780; £10,840) after it was unable to unwind damage caused by a type of attack known as ransomware. ....Senin, 27 Jun 2016
The new RAA Ransomware is created entirely using JavascriptLawrence Abrams, Bleeping ComputerA new ransomware was discovered by security researchers @JAMES_MHT and @benkow_ called RAA that is made 100% from JavaScript. In the past we had seen a ransomware called Ransom32 that was created using NodeJS and packaged inside an executable. RAA is different, because it is is not delivered via an executable, but rather is a standard JS file. ....Senin, 27 Jun 2016
Slicing Into a Point-of-Sale BotnetBrian Krebs, KrebsOnSecurityOver the weekend, I heard from a source who said that since November 2015 he’s been tracking a collection of hacked cash registers. This point-of-sale botnet currently includes more than 100 infected systems, and according to the administrative panel for this crime machine at least half of the compromised systems are running a malicious Microsoft Windows process called cicipos.exe. ...Senin, 27 Jun 2016
Reverse-engineering DUBNIUMmsft-mmpc, Threat Research and Response Blog (Microsoft TechNet)We located multiple variants of multiple-stage droppers and payloads in the last few months, and although they are not really packed or obfuscated in a conventional way, they use their own methods and tactics of obfuscation and distraction ......Senin, 27 Jun 2016
Disclaimer | Copyright © 2013 - Id-SIRTII/CC
Id-SIRTII/CC - Indonesia Security Incident Response Team on Internet Infrastructure/Coordination Center
Menara Ravindo Lt. 17, Jl. Kebon Sirih No. 75 Jakarta Pusat, 10340, Indonesia
Member of: