Backdoor

Kaspersky experts connect SolarWinds attack with Kazuar backdoor

Retrieved on: 
Monday, January 11, 2021

Today, Kaspersky announced that its experts found various specific code similarities between Sunburst and known versions of Kazuar backdoors malware that provides remote access to a victims machine.

Key Points: 
  • Today, Kaspersky announced that its experts found various specific code similarities between Sunburst and known versions of Kazuar backdoors malware that provides remote access to a victims machine.
  • While studying the Sunburst backdoor, Kaspersky experts discovered a number of features that overlap with Kazuar, which has been previously identified as a backdoor written using the .NET framework.
  • Multiple similarities in code suggest a connection between Kazuar and Sunburst, albeit of an undetermined nature.
  • The Kaspersky Threat Intelligence Portal grants access to the companys TI, providing cyberattack data and insights gathered by Kaspersky for more than 20 years.

Q:CYBER spots lateral movement as used in the SolarWinds (Sunburst) calamity

Retrieved on: 
Wednesday, December 23, 2020

U.S. officials allege Russia is behind the breach, in which hackers added malware to software updates, creating a backdoor into targeted computer networks.

Key Points: 
  • U.S. officials allege Russia is behind the breach, in which hackers added malware to software updates, creating a backdoor into targeted computer networks.
  • "QOMPLX is the most comprehensive and accurate tool to detect advanced lateral movement techniques exploiting Active Directory and enterprise authentication via Kerberos forgeries and related attacks," QOMPLX CEO Jason Crabtreesaid.
  • QOMPLX security practitioners are available to answer your questions about the Sunrise attack on SolarWinds and its customer base and to detail how Q:CYBER's offerings rapidly detect the lateral movement stages of such breaches.
  • For more information or to speak with a QOMPLX executive about this breach, contact Melinda Ball, 781-418-2428 or [email protected] .

Cybereason Uncovers New Malware Arsenal Abusing Facebook and Dropbox in Middle East Espionage Campaign

Retrieved on: 
Wednesday, December 9, 2020

Cybereason attributes the espionage campaign to Molerats (aka The Gaza Cybergang), an Arabic-speaking, politically motivated APT group that has operated in the Middle East since 2012.

Key Points: 
  • Cybereason attributes the espionage campaign to Molerats (aka The Gaza Cybergang), an Arabic-speaking, politically motivated APT group that has operated in the Middle East since 2012.
  • This latest campaign leverages two previously unidentified backdoors dubbed SharpStage and DropBook, as well as a downloader dubbed MoleNet.
  • Targeting Across the Middle East: The operation was primarily observed targeting the Palestinian Territories, UAE, Egypt as well as Turkey.
  • Given the nature of the phishing content, Cybereason assesses that the campaign operators seek to target high ranking political figures and government officials in the Middle East.

Avast Identifies APT Group Targeting Government Agencies in East Asia

Retrieved on: 
Wednesday, December 9, 2020

PRAGUE, Dec. 9, 2020 /PRNewswire/ -- Avast (LSE:AVST), a global leader in digital security and privacy products, has identified a new advanced persistent threats (APT) campaign targeting government agencies and a government data center in Mongolia.

Key Points: 
  • PRAGUE, Dec. 9, 2020 /PRNewswire/ -- Avast (LSE:AVST), a global leader in digital security and privacy products, has identified a new advanced persistent threats (APT) campaign targeting government agencies and a government data center in Mongolia.
  • Avast Threat Intelligence researchers found that the APT group planted backdoors and keyloggers to gain long-term access to government networks belonging to the government of Mongolia.
  • Avast researchers consider LuckyMouse, also known as EmissaryPanda and APT27, is likely to be behind the APT campaign.
  • The group, which has previously attacked targets in the area, is well-known for going after national resources and political information on near neighbors.

SparkCognition's DeepArmor®️ Cybersecurity Product Detects PowerPepper Malware

Retrieved on: 
Tuesday, December 8, 2020

The DeepArmor product uses SparkCognition's patented machine learning (ML) technology to defend against zero-day attacks an approach validated by its ability to prevent the never-before-seen PowerPepper malware from delivering its initial payload.

Key Points: 
  • The DeepArmor product uses SparkCognition's patented machine learning (ML) technology to defend against zero-day attacks an approach validated by its ability to prevent the never-before-seen PowerPepper malware from delivering its initial payload.
  • Executed by hack-for-hire group DeathStalker, PowerPepper is a Windows in-memory PowerShell backdoor that can execute remotely sent shell commands, which aim to steal sensitive business information.
  • "Using ML to build cybersecurity products like DeepArmor allows users to stay ahead of such threat actors as DeathStalker, stopping malware before it gets the chance to compromise the target."
  • Instead of using signatures, heuristics, or rules-based approaches, the DeepArmor product exclusively uses AI to prevent file-based and in-memory attacks, enabling it to detect new threats like PowerPepper.

Sophos Uncovers Attackers Targeting Non-Governmental Organizations in Myanmar With New ‘KilllSomeOne’ Backdoor

Retrieved on: 
Wednesday, November 4, 2020

The targeting of these attacksagainst non-governmental organizations and other organizations in Myanmarand other characteristics of the malware suggest that the attackers involved may be a Chinese APT group.

Key Points: 
  • The targeting of these attacksagainst non-governmental organizations and other organizations in Myanmarand other characteristics of the malware suggest that the attackers involved may be a Chinese APT group.
  • The attackers have implemented a spin on the side-loading methods often associated with Chinese threat actors and used in the well known PlugX backdoor .
  • At Sophos, these experts are available through Sophos Managed Threat Response and Sophos Rapid Response services.
  • Sophos also makes its innovative commercial technologies available to consumers via Sophos Home.

IP Technology Labs Announces Partnership with PSA Security Network

Retrieved on: 
Tuesday, October 20, 2020

Securing the security isnt just for IT anymore, and the PSA Security Network is leading the cyber convergence, said Scott Whittle, President of IpTL.

Key Points: 
  • Securing the security isnt just for IT anymore, and the PSA Security Network is leading the cyber convergence, said Scott Whittle, President of IpTL.
  • We are thrilled to serve the PSA Network to enable PSA members to take advantage of the industry-wide digital transformation.
  • IP Technology Labs designs network solutions that eliminate network threats from spoofing, snooping, backdoors and lower costs with increased reliability for site-to-site remote access connectivity.
  • IP Technology Labs endpoint security and remote access makes network communications easy, said Tim Brooks, vice president of sales and vendor management for PSA.

88% of Security Professionals Say World Is in Permanent State of Cyber War

Retrieved on: 
Thursday, March 12, 2020

According to Venafis survey, 88% of security professionals believe the world is in a permanent state of cyber war, with 90% concerned that digital infrastructure will suffer the most damage as a result.

Key Points: 
  • According to Venafis survey, 88% of security professionals believe the world is in a permanent state of cyber war, with 90% concerned that digital infrastructure will suffer the most damage as a result.
  • Security professionals are under constant siege from very sophisticated threat actors targeting government, military and private organizations, said Kevin Bocek, vice president of security strategy and threat intelligence at Venafi.
  • Powerful attack methods, like establishing backdoors with machine identities, are now available as commodity malware, making it harder for security professionals to defend against these attacks.
  • Almost 60% of respondents say power, water, healthcare and transportation are equally vulnerable to a cyberattack that causes physical damage.

ESET to Lead Linux Malware Workshop and Showcase Groundbreaking Amazon Echo KRACK Research at RSA 2020

Retrieved on: 
Thursday, January 23, 2020

ESET Malware Researcher Marc-Etienne M.Leveille will lead a main stage workshop titled Hunting Linux Malware for Fun and Flags.

Key Points: 
  • ESET Malware Researcher Marc-Etienne M.Leveille will lead a main stage workshop titled Hunting Linux Malware for Fun and Flags.
  • Attendees will learn to fight real-world Linux malware targeting server environments, searching for malicious processes and concealed backdoors in a compromised web server.
  • Several examples of malware will be demonstrated with increasing layers of complexity, from scripts to ELF binaries with varying degrees of obfuscation.
  • Senior Malware Researcher Robert Lipovsk will discuss ESETs latest cutting-edge threat research, including Operation Ghost and KRACKing the Amazon Echo.

Ransomware Attack Every 14 Seconds - Prilock Announces $3.99 For 1-Click Protection

Retrieved on: 
Tuesday, January 14, 2020

Without phish testing on a monthly basis and engaging awareness training, your employees will eventually make a fatal click.

Key Points: 
  • Without phish testing on a monthly basis and engaging awareness training, your employees will eventually make a fatal click.
  • The click that installs Ransomware, allows hackers to harvest passwords, or worse yet, plant a permanent backdoor to use at will.
  • Prilock Security is announcing professional phish and security training that's 85% less than comparable products.
  • Only $3.99 per user for a full year of professional phish simulation testing and Security Awareness Training that is fully automated with just 1-Click.