Connecting the Dots Reveals Crimeware Shake-up

  • Kamis, 14 Jul 2016
  • Penulis: Nick Biasini, Talos (Cisco Blog)

For a couple of weeks in June the threat landscape was changed. Several high profile threats fell off the scene, causing a shake-up that hadn't been seen before. For a period of three weeks the internet was safer, if only for a short time. Still to date the Angler exploit kit has not returned and the threat outlook appears to be forever changed. This post will discuss a series of connections tying back to a banking trojan called lurk and a registrant account with ties that were far reaching across crimeware. ...

Selengkapnya

MIRCOP Crypto-Ransomware Channels Guy Fawkes, Claims To Be The Victim Instead

  • Selasa, 28 Jun 2016
  • Penulis: Jaaziel Carlos, TrendLabs Security Intelligence Blog (Trend Micro)

Detected as RANSOM_MIRCOP.A, MIRCOP places the blame on users and does not give victims instructions on how to pay the ransom. In fact, it assumes that victims already know how to pay them back. .....

Selengkapnya

After Angler: Shift in Exploit Kit Landscape and New Crytpo-Ransomware Activity

  • Selasa, 28 Jun 2016
  • Penulis: Joseph C Chen, TrendLabs Security Intelligence Blog (Trend Micro)

After the arrest of 50 people accused of using malware to steal US$25 million, it is interesting to note that Angler basically stopped functioning. With Angler’s reported inactivity, it appears that cybercriminals are scrambling to find new exploit kits to deliver malware. Angler had been the exploit kit of choice because it was the most aggressive in terms of including new exploits and it was able to apply a lot of antivirus evasion techniques such as payload encryption and fileless infection. .....

Selengkapnya

‘PunkeyPOS’: Researchers Discover Ongoing Malware Campaign Targeting US Businesses

  • Selasa, 28 Jun 2016
  • Penulis: Maritza Santillan, The State of Security (Tripwire Blog)

Researchers have identified an ongoing campaign that has infected over 200 point-of-sale terminals leveraging ‘PunkeyPOS’ – a malware variant first uncovered in April 2015. .....

Selengkapnya

Tracking Elirks Variants in Japan: Similarities to Previous Attacks

  • Selasa, 28 Jun 2016
  • Penulis: Kaoru Hayashi, Unit 42 (Paloalto Networks Blog)

A recent, well-publicized attack on a Japanese business involved two malware families, PlugX and Elirks, that were found during the investigation. PlugX has been used in a number of attacks since first being discovered in 2012, and we have published several articles related to its use, including an analysis of an attack campaign targeting Japanese companies. ....

Selengkapnya

zCrypt Ransomware: under the hood

  • Selasa, 28 Jun 2016
  • Penulis: Malwarebytes Labs

Ransomware has become the new norm for cyber-criminals. Every week there are fresh ransomware threats with new functionalities and improvements. .....

Selengkapnya

University pays $20,000 to ransomware hackers

  • Senin, 27 Jun 2016
  • Penulis: BBC News

The University of Calgary transferred 20,000 Canadian dollars-worth of bitcoins ($15,780; £10,840) after it was unable to unwind damage caused by a type of attack known as ransomware. ....

Selengkapnya

The new RAA Ransomware is created entirely using Javascript

  • Senin, 27 Jun 2016
  • Penulis: Lawrence Abrams, Bleeping Computer

A new ransomware was discovered by security researchers @JAMES_MHT and @benkow_ called RAA that is made 100% from JavaScript. In the past we had seen a ransomware called Ransom32 that was created using NodeJS and packaged inside an executable. RAA is different, because it is is not delivered via an executable, but rather is a standard JS file. ....

Selengkapnya

Slicing Into a Point-of-Sale Botnet

  • Senin, 27 Jun 2016
  • Penulis: Brian Krebs, KrebsOnSecurity

Over the weekend, I heard from a source who said that since November 2015 he’s been tracking a collection of hacked cash registers. This point-of-sale botnet currently includes more than 100 infected systems, and according to the administrative panel for this crime machine at least half of the compromised systems are running a malicious Microsoft Windows process called cicipos.exe. ...

Selengkapnya

Reverse-engineering DUBNIUM

  • Senin, 27 Jun 2016
  • Penulis: msft-mmpc, Threat Research and Response Blog (Microsoft TechNet)

We located multiple variants of multiple-stage droppers and payloads in the last few months, and although they are not really packed or obfuscated in a conventional way, they use their own methods and tactics of obfuscation and distraction ......

Selengkapnya

Pemantauan Trafik Internet Nasional

Laporan pemantauan trafik internet nasional dengan menampilkan laporan trafik mingguan, trafik bulanan dan trafik tahunan.

Peringatan Ancaman Keamanan & Kerentanan Sistem

Kumpulan arikel tentang peringatan dini ancaman keamanan dan kerentanan sistem.

Security News

Kumpulan berita tentang keamanan siber atau IT.

Laporan Insiden

Id-SIRTII/CC menerima pelaporan insiden dari publik untuk kemudian dilakukan koordinasi kepada pihak-pihak yang berkepentingan.