Security News

  • DDoS attacks in Q3 2020

    If Q2 2020 surprised us with an unusually high number of DDoS attacks for this period, the Q3 figures point to a normalization. Judging by the number of unique targets, in comparison with last quarter, cybercriminals were more attracted by European, and less by the Asian countries.
  • On the trail of the XMRig miner

    As protection methods improve, the developers of miners have had to enhance their own creations, often turning to non-trivial solutions. Several such solutions (previously unseen by us) were detected during our analysis of the open source miner XMRig.
  • Life of Maze ransomware

    In the past year, Maze ransomware has become one of the most notorious malware families threatening businesses and large organizations.
  • GravityRAT: The spy returns

    In 2019, on VirusTotal, we encountered a curious piece of Android spyware which, when analyzed, seemed connected to GravityRAT. The cybercriminals had added a spy module to Travel Mate, an Android app for travelers to India, the source code of which is available on Github.
  • IAmTheKing and the SlothfulMedia malware family

    The DHS CISA agency released information about a malware family called SlothfulMedia, which they attribute to a sophisticated threat actor. We have been tracking this set of activity through our private reporting service, and we would like to provide the community with additional context.
  • MontysThree: Industrial espionage with steganography and a Russian accent on both sides

    In summer 2020 we uncovered a previously unknown multi-module C++ toolset used in highly targeted industrial espionage attacks dating back to 2018. The malware authors named the toolset “MT3”; following this abbreviation we have named the toolset “MontysThree”.
  • MosaicRegressor: Lurking in the Shadows of UEFI

    We found a compromised UEFI firmware image that contained a malicious implant. To the best of our knowledge, this is the second known public case where malicious UEFI firmware in use by a threat actor was found in the wild.
  • [email protected] is back this fall

    Now, this unique year presents us with a new surprise: the second SAS in one calendar year! Once again, everyone can visit this online event.
  • Why master YARA: from routine to extreme threat hunting cases. Follow-up

    On 3rd of September, we were hosting our webinar, in which we shared best practices on YARA usage. Due to timing restrictions we were not able to answer all the questions, therefore we’re trying to answer them here.
  • Threat landscape for industrial automation systems. H1 2020 highlights

    Beginning in H2 2019 we have observed a tendency for decreases in the percentages of attacked computers, both in the ICS and in the corporate and personal environments. The internet, removable media and email continue to be the main sources of threats in the ICS environment.

Leave a Reply

Your email address will not be published. Required fields are marked *