60% of initial entries into victims’ networks leveraged either previously stolen credentials or known software vulnerabilities, allowing attackers to rely less on deception to gain access, according to a new IBM report exploring the global threat landscape. The top three initial attack vectors Phishing was a successful initial infection vector in less than one-third of incidents (31%) observed, compared to half in 2018. Scanning and exploitation of vulnerabilities resulted in 30% of observed incidents, compared … More
Mac threats growing faster than their Windows counterparts for the first time ever, with nearly twice as many Mac threats detected per endpoint as Windows threats, according to Malwarebytes. In addition, cybercriminals continue to focus on business targets with a diversification of threat types and attack strategies in 2019. Emotet and TrickBot were back in 2019 Trojan-turned-botnets Emotet and TrickBot made a return in 2019 to target organizations alongside new ransomware families, such as Ryuk, … More
The post Mac threats are growing faster than their Windows counterparts appeared first on Help Net Security.
Here’s yet another reason to secure Wi-Fi networks and Windows user accounts with a strong enough password: researchers have spotted and analyzed a variant of the Emotet Trojan that is able to spread to nearby wireless networks and compromise computers on them. Emotet: An old threat Emotet is one of the most versatile malware threats out there. Its ability to download additional malware (more often than not the Trickbot Trojan – another huge enterprise threat) … More
The post Emotet can spread to poorly secured Wi-Fi networks and computers on them appeared first on Help Net Security.
The Wuhan coronavirus continues to spread and create anxiety across the globe, allowing malicious individuals and groups to exploit the situation to spread fake news, malware and phishing emails. Malicious coronavirus-themed campaings IBM X-Force says that Japanese users have been receiving fake notifications about the coronavirus spreading in several prefectures, purportedly sent by a disability welfare service provider and a public health center. The emails contains legitimate information taken from those services’ official websites and … More
The post Wuhan coronavirus exploited to deliver malware, phishing, hoaxes appeared first on Help Net Security.
Security researchers warn of
malspam campaigns aimed at spreading malware that exploits media attention on the coronavirus epidemic.
Unscrupulous cybercriminal groups are attempting to exploit media attention on the
In this scenario, it is quite easy for crooks to use this topic to trick victims into opening
Cybercrime groups who have already started
Mindful of what has happened in the p I have immediately alerted the group of researchers from Cybaze-Yoroi Z-Lab malware laboratory asking them to remain vigilant on any spam campaigns aimed at distributing malicious codes by spreading bait documents that p information about the coronavirus.
While media were confirming the first cases of coronavirus infections, the researchers of Cybaze-Yoroi Z-Lab observed the bait spam emails promising info on the virus, the messages were used to spread of versions of the well-known Emotet malware.
Researchers from Z-Lab confirmed that at the time of their analysis, attackers were using specially-crafted messages to lure victims into opening
According to security firm Kaspersky, attackers are using several types of malicious files, including pdf, mp4 and
The bait documents are used to deliver several types of malware, including banking Trojans, ransomware and worms.
“We have only observed 10 unique
Security experts from IBM X-Force
“X-Force discovered the first campaign of this type, in which the outbreak of a biological virus is used as a means to distribute a computer virus. What makes these attacks rather special, is the fact that they deliver the Emotet trojan, which has shown increased activity recently.” reads the analysis published by IBM. “It achieves this by urging its victims into opening an attached Word document, described as a supposed notice regarding infection prevention measures.”
IBM confirmed that crooks were exploiting the interest on
“The report published by Kaspersky includes signatures collected by its telemetry, come of them confirm the presence of different possible active campaigns delivering other families of malware. Kaspersky researchers have identified only ten unique files, as reported by the malware analyst Anton Ivanov, but obviously this is an indication that several actors are exploiting the attention on the coronavirus topic, and the trend could grow up in the next hours.”
The text of the messages states that there have been reports of
tsusho/ facility related disability welfare service providerWebecome indebted to .Patients were reported about the new type of coronavirus-related pneumonia, mainly in Takeshi, China .In Japan, patients are being reported in Osaka Prefecture ,Along with the anticipated increase in the number of visitors to Japan, a separate notice has been issued .Therefore, please check the attached notice," reads the content of the email.
Following a consolidated infection pattern, once the document has been opened, the user displays the request to enable the macros to view its contents. Unfortunately, by enabling macros, the machine infection process starts, a
“After running the document through a sandbox, we could retrace the infection process. If the attachment of sample 3 has been opened with macros enabled, an obfuscated VBA macro script opens
What will happen in the next few weeks?
In the next weeks, a growing number of threat actors will exploit the
- Do not open suspicious links inviting you to view
coronavirusinformation. These links can be spread through email, instant messaging app messages such as WhatsApp, and also social networks. Always search for coronavirusinformation from reliable and legitimate sources, ignore any unsolicited messages, even if they come from people you trust.
- Keep your software systems up to date, and use a reliable security solutions
onyour desktop and mobile systems.
The post Crooks start exploiting Coronavirus as bait to spread malware appeared first on Security Affairs.
The Shlayer trojan accounted for approximately 30 percent of all of Kaspersky Lab’s malware detections for the macOS platform in 2019. Kaspersky Lab revealed on Securelist that Shlayer has been the most common threat to target its macOS userbase for the past two years. During that time, one in 10 of the security firm’s macOS […]… Read More
The post Shlayer Trojan Accounted for 30 Percent of Detections for macOS in 2019 appeared first on The State of Security.