Cyber Criminals Calling Victims Ahead to Augment Spear Phishing Attack

phone booth

If you’re in sales, you’ve always known that, when possible, it helps to call ahead and let a prospect know that you’ll be sending an email. Well, per a new PCWorld blog, it turns out that cyber criminals have been paying attention to this tactic and are doing the same thing – with alarming success.

In what Symantec is calling a sophisticated Spear Phishing attack, cyber criminals are calling various accounting and finance department employees in targeted French companies — along with their subsidiaries in Romania and Luxembourg — and asking if they can email over an invoice. Continue reading

How Big Data Fights Back Against APTs and Malware

How big data fights back against APTs and malware

APTs and malware threats are getting harder to spot, as nation states, hacktivists, cybercriminals and adversaries step up their attacks. 

First, the Bad News

The bad news is that this trend is going to continue. Today’s adversaries are extremely well-funded and surprisingly sophisticated. They aren’t merely looking to “flex their intellect” and make the front page news. They’re aiming to go undetected for months or even years, while they steal and manipulate data in order to achieve their malicious and illegal economic, political or social aims. Continue reading

PushDo Malware Domain Generation Adaptation

The advanced malware world is amazingly dynamic. Attackers adapt to the security vendors findings incredibly fast, so much so that sometimes they manage to make adaptations to the malware even before the malware report is public.

Yesterday, Dell SecureWorks and Damballa reported [PDF] that a variant of the PushDo malware added a new feature – a fallback mechanism for situations when the C&C server is not accessible. According to the report, in such cases, the malware will start using a Domain Generation Algorithm (DGA), which generates a list of 1380 .COM domains on a daily basis. Continue reading

Dorkbot Rears its Malicious Head on Facebook

Dorkbot on Facebook

If your enterprise and/or employees use Facebook, then watch out: Dorkbot is back in town. Thanks to the researchers at Bitdefender for spotting this one, and the reporters at CSO for helping sound the alarm.

Dorkbot – which the folks at Facebook have since worked to remove from their site – spreads via a botnet that sends a malicious link to a Facebook user’s friends through the platform’s Internet Relay Chat protocol. The link is made to look like an ordinary image file. However, once clicked, the malware downloads. Continue reading

New Android Malware: Android.TechnoReaper Found on Google Play

Google Play

It hasn’t been a great week for the folks in charge of Google Play’s malware prevention department. One expects that there’s been plenty of overtime, lots of coffee – and more than a few headaches. 

That’s because, after finding that four (now removed) apps had been covertly installing the BadNews malware on up to 9 million Android devices, they’re now scrambling to thwart the latest android malware: Android.TechnoReaper. Kudos to security firm Webroot for catching this one. Continue reading

Linux/Cdorked Malware Attacking Some of the World’s Top Web Servers

Emergency Light

As reported by the IDG News Service, a strain of covert malware called Linux/Cdorked is attacking some of the world’s highest-profile web servers – and to make things even more alarming, nobody’s quite sure yet how it got there…or where it may head next.

The malware alarm bell was set off last week by two security companies, Eset and Sucuri, which discovered (so far) 400 Apache web servers infected with Linux/Cdorked – 50 of which are ranked by Alexa as among the world’s most popular 100,000 websites. Continue reading

19 Hours of Malware Blackout

For over 19 hours the internet in Syria was inaccessible. There was no access to internet resources from within and throughout the country.

This internet blackout was a really bad news for most Syrian citizens, but it was also a malware blackout for some of the cyber criminals, hacktivists, and other adversaries that were not able to control part of their targeted victims – those infected machines that were located in Syria at that time.

Continue reading

DeepPanda in Apparent “Watering Hole” Attack

DeepPanda Watering Hole Attack

It looks as though DeepPanda, a group behind a long going persistent attacks, has struck again with another “Watering Hole” attack — and this time, the target of the China-based malicious campaign is none other than the U.S. Government.

Last week the U.S. Department of Labor’s “Site Exposure Matrices (SEM)” page, which contains information related to the U.S. Department of Energy toxic substances, went offline after reports surfaced that malware embedded on the page was: Continue reading

Big Data and the Fight Against APT Attacks

big data - apt attacks

Malware threats aren’t new, and organizations have been fighting back for years with reasonable success with antivirus software, firewalls, IPS, IDS and Secure Web Gateways. However, with the rise of Advanced Persistent Threats (APTs), the malware threat landscape has dramatically changed – and not for the better.

APT attacks represent an entirely new breed of threat for four fundamental reasons: Continue reading