Detecting DNS Data Exfiltration

  • Kamis, 14 Jul 2016
  • Penulis: Martin Lee, Jaeson Schultz and Warren Mercer, Talos (Cisco Blog)

The recent discovery of Wekby and Point of Sale malware using DNS requests as a command and control channel highlights the need to consider DNS as a potentially malicious channel. Although a skilled analyst may be able to quickly spot unusual activity because they are familiar with their organisation’s normal DNS activity, manually reviewing DNS logs is typically time consuming and tedious. In an environment where it might be unclear what malicious DNS traffic looks like, how can we identify malicious DNS requests? ...

Selengkapnya

Cracking Locky’s New Anti-Sandbox Technique

  • Kamis, 14 Jul 2016
  • Penulis: Floser Bacurio and Roland Dela Paz, Fortinet

The last few weeks saw new variants of the Locky ransomware that employs a new anti-sandbox technique. In these new variants, Locky’s loader code uses a seed parameter from its JavaScript downloader in order to decrypt embedded malicious code and execute it properly. For example, the downloaded Locky executable is executed by the JavaScript in the following manner: ...

Selengkapnya

BEBLOH Expands to Japan in Latest Spam Attack

  • Kamis, 14 Jul 2016
  • Penulis: Janus Agcaoili, TrendLabs Security Intelligence Blog (Trend Micro)

An old banking Trojan has been operating in Europe on a low level has spiked in activity after migrating to Japan. Cybercriminals are using local brand names such as local ISP providers and legitimate looking addresses to fool users into downloading malware that can steal information by monitoring browsers, file transfer protocol (FTP) clients, and mail clients. Its targets? Mostly rural banks. ...

Selengkapnya

An increase of sophisticated phishing attacks in Sweden

  • Kamis, 14 Jul 2016
  • Penulis: David Jacoby, SecureList (Kaspersky Lab)

Whilst sitting and working in the South African office I receive an email from my Swedish ISP. I quickly look at it and there is something that doesn’t add up. The email states that I need to pay my invoice, but I never receive electronic invoices from this company. ...

Selengkapnya

Connecting the Dots Reveals Crimeware Shake-up

  • Kamis, 14 Jul 2016
  • Penulis: Nick Biasini, Talos (Cisco Blog)

For a couple of weeks in June the threat landscape was changed. Several high profile threats fell off the scene, causing a shake-up that hadn't been seen before. For a period of three weeks the internet was safer, if only for a short time. Still to date the Angler exploit kit has not returned and the threat outlook appears to be forever changed. This post will discuss a series of connections tying back to a banking trojan called lurk and a registrant account with ties that were far reaching across crimeware. ...

Selengkapnya

MIRCOP Crypto-Ransomware Channels Guy Fawkes, Claims To Be The Victim Instead

  • Selasa, 28 Jun 2016
  • Penulis: Jaaziel Carlos, TrendLabs Security Intelligence Blog (Trend Micro)

Detected as RANSOM_MIRCOP.A, MIRCOP places the blame on users and does not give victims instructions on how to pay the ransom. In fact, it assumes that victims already know how to pay them back. .....

Selengkapnya

After Angler: Shift in Exploit Kit Landscape and New Crytpo-Ransomware Activity

  • Selasa, 28 Jun 2016
  • Penulis: Joseph C Chen, TrendLabs Security Intelligence Blog (Trend Micro)

After the arrest of 50 people accused of using malware to steal US$25 million, it is interesting to note that Angler basically stopped functioning. With Angler’s reported inactivity, it appears that cybercriminals are scrambling to find new exploit kits to deliver malware. Angler had been the exploit kit of choice because it was the most aggressive in terms of including new exploits and it was able to apply a lot of antivirus evasion techniques such as payload encryption and fileless infection. .....

Selengkapnya

‘PunkeyPOS’: Researchers Discover Ongoing Malware Campaign Targeting US Businesses

  • Selasa, 28 Jun 2016
  • Penulis: Maritza Santillan, The State of Security (Tripwire Blog)

Researchers have identified an ongoing campaign that has infected over 200 point-of-sale terminals leveraging ‘PunkeyPOS’ – a malware variant first uncovered in April 2015. .....

Selengkapnya

Tracking Elirks Variants in Japan: Similarities to Previous Attacks

  • Selasa, 28 Jun 2016
  • Penulis: Kaoru Hayashi, Unit 42 (Paloalto Networks Blog)

A recent, well-publicized attack on a Japanese business involved two malware families, PlugX and Elirks, that were found during the investigation. PlugX has been used in a number of attacks since first being discovered in 2012, and we have published several articles related to its use, including an analysis of an attack campaign targeting Japanese companies. ....

Selengkapnya

zCrypt Ransomware: under the hood

  • Selasa, 28 Jun 2016
  • Penulis: Malwarebytes Labs

Ransomware has become the new norm for cyber-criminals. Every week there are fresh ransomware threats with new functionalities and improvements. .....

Selengkapnya

Pemantauan Trafik Internet Nasional

Laporan pemantauan trafik internet nasional dengan menampilkan laporan trafik mingguan, trafik bulanan dan trafik tahunan.

Peringatan Ancaman Keamanan & Kerentanan Sistem

Kumpulan arikel tentang peringatan dini ancaman keamanan dan kerentanan sistem.

Security News

Kumpulan berita tentang keamanan siber atau IT.

Laporan Insiden

Id-SIRTII/CC menerima pelaporan insiden dari publik untuk kemudian dilakukan koordinasi kepada pihak-pihak yang berkepentingan.