Operations | Monitoring | ITSM | DevOps | Cloud

Malware

Detecting Malware and Watering Hole Attacks with Splunk UBA

You may be surprised to learn that a particular malware is responsible for data theft in over 20% of financial institutions and other verticals in 2019. Watering hole attacks involve a web server that hosts files or applications where the website or files on the site become weaponized with malware. While recent news cycles have shined a spotlight on ransomware and crimeware, malware is not a new concept.

Early Ransomware Detection and Response

The inability to access critical digital assets can be catastrophic to your operations. Ransomware is therefore one the scariest, but also most common online assaults. Join this webinar and learn how Flowmon, a leading network detection and response tool, helps to cover visibility gaps, detect ransomware and respond even prior to locking down digital assets. We will go through Flowmon's features via live demo and show you how to trace attackers’ footprints across the system.

DIY Tool Website Greenworks Hacked by Self-Destructing Web-Skimmer

Whilst researching recent client-side attacks our security team observed a highly-sophisticated self-cleaning and self-destructing skimmer on the popular hardware tool website Greenworks. The hack was first spotted by RapidSpike’s Client-Side Security Scanner on June 8th, and at the time of writing, the hack is still live on www.greenworkstools.com/.

Securing Azure Active Directory from PowerShell abuse

Malware attacks are evolving and once common tactics are becoming a thing of the past. Attack strategies, like using a third-party hacking program or injecting viruses from external sources, are almost obsolete as they leave a distinct footprint. Most antimalware tools can now detect the presence of a foreign program or device and immediately block them.

Ideas for Combatting DoD Mobile Security Threats

In government, mobile devices are both embraced and resisted. The mobility and ease of use afforded by smartphones and tablets helps boost worker productivity even as they open doors for hackers. According to research by Wandera, in 2018 there were 455,121 mobile phishing attacks, 1.9 million Wi-Fi incidents, and 32,846 malware attacks.

Spam In the Browser

A new kind of spam is being observed in the field that uses the browser notification feature to trick users into subscribing to sites that will in turn bombard users with notifications usually related to click or add profit schemes. Subscription notification request seen below: Browser notification subscription requests are a legitimate feature that allows visitors of a site to be notified when there is new content available. It saves users the need to constantly refresh or keep open browser tabs.

Remote Admin Tools (RATs): The Swiss Army Knives of Cybercrime

The cybercrime threatscape is constantly changing as hackers adapt and repurpose the use of many different types of tools and attack vectors, and a recent report by Kaspersky Lab indicates that the use of remote administration tools (RATs) has increased during 2018. RATs are commonly developed as legitimate software suites with bundled functionalities to support system administrators and other power users.

Ransomware: How to Combat a Growing Threat to Your Organization

Ransomware is a serious threat to institutions of all kinds, resulting in mounting costs for organizations that must literally pay ransom to regain access to their essential systems. A ransomware attack takes place when a cybercriminal denies an organization access to the data it needs to conduct business, usually by encrypting the data with a secret key. The attacker then offers to reveal the encryption key in exchange for a payment. The payment can vary in amount or kind.

PowerShell and 'Fileless Attacks'

PowerShell had its beginnings as a way to enable administrators to perform their tasks both locally and remotely with unprecedented access to underlying Windows components, such as COM objects and WMI. Since being included in every major Windows Operating System since Windows 7, PowerShell based tooling is well proliferated for both legitimate and malicious use and includes common tooling such as SharpSploit, PowerSploit, PowerShell Empire, Nishang and Invoke-Obfuscation.

The rise in cyberattacks surrounding the COVID-19 pandemic

Fear, uncertainty, and doubt are powerful emotions, and time and again, hackers attempt to leverage these for their own gain. As the coronavirus develops into a worldwide pandemic, hackers are taking advantage of the fear many of us feel to spread malware. We’re seeing an abundance of coronavirus-themed phishing, business email compromise (BEC), malware, and ransomware attacks targeting different industries, especially in the health sector.