Malware

alienvault

Confidence: the perception and reality of cybersecurity threats

At RSA 2019, we conducted a survey that netted 733 respondents along with interviews between Javvad Malik, former security advocate at AT&T Cybersecurity, and security experts. The full results are in his comprehensive and informative research report. Following are a few highlights.

nnt

2 Years after WannaCry Outbreak, Millions Still Remain at Risk

It’s been two years since the initial WannaCry ransomware outbreak, but researchers are warning that hundreds of thousands of incidents are still being detected globally. New research from Malwarebytes claims more than 4,826,682 WannaCry detections have been identified since its first outbreak in May 2017. These detections have decreased substantially since first wreaking havoc, but have far from disappeared.

netskope

SLUB’s the Word: Covert CnC over Slack

In this post, we provide details of the SLUB backdoor, how it uses SaaS apps including Slack as a command and control channel, and how CASB controls can prevent this and similar threats from affecting the enterprise. For traditional firewalls and even for next-gen firewalls and intrusion detection/prevention systems, attacks like these are extremely insidious since they leverage whitelisted services in a malicious way.

nnt

Matrix-Themed Ransomware MegaCortex Spreads

MegaCortex is described by security researchers as a new, highly targeted ransomware variant that contains numerous references to the '90s cult film The Matrix. The ransomware was first discovered at the beginning of 2019 but of the 76 reported attacks, 47 took place last week across the US, Italy, Canada, France, the Netherlands, and Ireland.

netskope

A Malicious Sight in Google Sites

Netskope Threat Research Labs discovered an interesting drive-by download attack in Google. The threat actor involved in this attack initially deployed a Banking Trojan using the file cabinets template in Google sites as a delivery vehicle. The malware dubbed “LoadPCBanker” used SQL as an exfiltration channel to send the compromised victim data to the server.

nnt

Triton Malware Found Inside Second CNI Facility

Security researchers are warning ICS managers that a Russian hacking group linked to an attempt to blow up a Saudi oil plant has been found inside a second critical infrastructure (CNI) facility. The sophisticated Triton hacking group has been active since 2014 and uses several different custom and commodity tools in order to gain access to and maintain their presence inside IT and OT networks of CNI firms. Triton was first identified in a Saudi Arabian oil plan in 2017.

logz.io

The Top 5 Open-Source NIDS Solutions

In a hyper-connected world, the threat landscape is undoubtedly evolving. Ensuring the security of your enterprise networks on a daily basis is essential to protect your business, no matter how big (or small) it is. According to SophosLabs’ 2019 threat report, one dangerous ransomware called SamSam cost companies $6.5 million ($10K to $50K per ransom).