Security News

  • Shedding Skin – Turla’s Fresh Faces


    Turla, also known as Venomous Bear, Waterbug, and Uroboros, may be best known for what was at the time an “ultra complex” snake rootkit focused on NATO-related targets, but their malware set and activity is much broader. Our current focus is on more recent and upcoming activity from this APT.
  • Roaming Mantis part III: iOS crypto-mining and spreading via malicious content delivery system


    In Q2 2018, Kaspersky Lab published two blogposts about Roaming Mantis sharing details of this new cybercriminal campaign. During our research, it became clear that Roaming Mantis has been rather active and has evolved quickly. The group’s malware now supports 27 languages, including multiple countries from Asia and beyond, Europe and the Middle East.
  • USB threats from malware to miners


    In 2016, researchers from the University of Illinois left 297 unlabelled USB flash drives around the university campus to see what would happen. 98% of the dropped drives were picked up by staff and students, and at least half were plugged into a computer in order to view the content. For a hacker trying to infect a computer network, those are pretty irresistible odds.
  • Threats posed by using RATs in ICS


    While conducting audits, penetration tests and incident investigations, we have often come across legitimate remote administration tools (RAT) for PCs installed on operational technology (OT) networks of industrial enterprises. In a number of incidents that we have investigated, threat actors had used RATs to attack industrial organizations.
  • New trends in the world of IoT threats


    Cybercriminals’ interest in IoT devices continues to grow: in H1 2018 we picked up three times as many malware samples attacking smart devices as in the whole of 2017. And in 2017 there were ten times more than in 2016. That doesn’t bode well for the years ahead.
  • LuckyMouse signs malicious NDISProxy driver with certificate of Chinese IT company


    Since March 2018 we have discovered several infections where a previously unknown Trojan was injected into the lsass.exe system process memory. This campaign was active immediately prior to Central Asian high-level meeting and we suppose that actor behind still follows regional political agenda.
  • Threat Landscape for Industrial Automation Systems in H1 2018


    In this report, Kaspersky Lab ICS CERT publishes the findings of its research on the threat landscape for industrial automation systems conducted during the first half of 2018.
  • We know what your kids did this summer


    For many kids and teenagers, summer is all about ditching school books in favor of hobbies and fun. Every year we release a report on children's interests, as reflected in their online activity. This summer, we investigated what they prefer in their free time.
  • What are botnets downloading?


    Every day we intercept numerous file-download commands sent to bots of various types and families. Here we present the results of our botnet activity analysis for H2 2017 and H1 2018.
  • Loki Bot: On a hunt for corporate passwords


    Starting in early July, we have seen malicious spam activity that has targeted corporate mailboxes. Messages discovered so far contain an attachment with an .iso extension, which Kaspersky Lab solutions detect as Loki Bot.

Leave a Reply

Your email address will not be published. Required fields are marked *