At Kaspersky Lab, machine learning can be found in a number of different areas, especially when dealing with the interesting task of spam detection. This particular task is in fact much more challenging than it appears to be at first glance.
In addition to the basic methods and technologies developed to protect corporate networks, there are interactive methods of protection that not only detect an intruder in the infrastructure but also, under certain conditions, receive real-time information about their activities in the corporate network.
Man-in-the-Browser (MITB) attacks can be implemented using various means, including malicious DLLs, rogue extensions, or more complicated malicious code injected into pages in the browser. We're often asked if there are any web injection attacks for Android devices. This is our attempt to investigate and give as full an answer as possible.
On January 10, 2017, a court order was declassified by the Italian police, in regards to a chain of cyberattacks directed at top Italian government members and institutions. The attacks leveraged a malware named "EyePyramid" to target a dozen politicians, bankers, prominent freemasons and law enforcement personalities in Italy.
Last November we conducted a brief analysis of the threat landscape over the holiday period – from October to December in 2014 and 2015. And we made the following prognosis: the same holiday period in 2016 will see a spike in cyberattacks. Now that the holidays are over, it is time to find out how accurate that prediction was.
At SAS 2017, Global Director of GReAT Costin Raiu and Principal Security Researchers Vitaly Kamluk and Sergey Mineev will provide Yara training for incident response specialists and malware researchers, who need an effective arsenal for finding malware.
Every year, the Chaos Communication Congress summons hackers from around the globe, this time again in Hamburg. The four days between Christmas and New year are packed with talks, workshops and events all over the location at the CCH.
While intercepting traffic from a number of infected machines that showed signs of Remote Admin Tool malware known as HawkEye, we stumbled upon an interesting domain. It was registered to a command and control server (C2) which held stolen keylog data from HawkEye RAT victims, but was also being used as a one-stop-shop for purchasing hacking goods.
Recently, in our never-ending quest to protect the world from malware, we found a misbehaving Android trojan. Although malware targeting the Android OS stopped being a novelty quite some time ago, this trojan is quite unique. Instead of attacking a user, it attacks the Wi-Fi network the user is connected to, or, to be precise, the wireless router that serves the network.
The Mirai botnet, which is made up of IoT devices and which was involved in DDoS attacks whose scale broke all possible records, has been extensively covered by the mass media. Given that the botnet's source code has been made publicly available and that the Internet of Things trend is on the rise, no decline in IoT botnet activity should be expected in the near future.