Last month, in reaction to the WannaCry outbreak that affected Windows users all over the world, Microsoft released a patch for Windows XP—an operating system it had stopped supporting in 2014.Read More
Imagine a well-experienced security analyst at a major company going through his normal routine of checking logs at the end of the workday. A quick look at the company’s security solution logs reveal nothing too peculiar or alarming — except for one thing: a higher than normal amount of traffic to the office’s newly introduced third-party chat platform.
He doesn’t give this much thought. After all, the company’s been pushing to have the chat platform as the main office communication tool, so it makes sense that there’d be more traffic than usual. The security analyst calls it a day and goes home.
One the way home, however, he gets an alert: The security scanner has detected a potential security issue. He returns to the office, and finds what appears to be the cause: A machine was flagged downloading known malicious files, which were then caught by the company’s security solution. Again, nothing too strange, but he decides to investigate just what triggered the malicious behavior.Read More
The decline of exploit kit activity—particularly from well-known exploit kits like Magnitude, Nuclear, Neutrino, and Rig during the latter half of 2016—doesn’t mean exploit kits are throwing in the towel just yet. This is the case with Astrum (also known as Stagano), an old and seemingly reticent exploit kit we observed to have been updated multiple times as of late.
Astrum’s recent activities feature several upgrades and shows how it’s starting to move away from the more established malware mentioned above. It appears these changes were done to lay the groundwork for future campaigns, and possibly to broaden its use. With a modus operandi that deters analysis and forensics by abusing the Diffie-Hellman key exchange, it appears Astrum is throwing down the gauntlet.Read More
WannaCry ransomware’s outbreak during the weekend was mitigated by having its kill switch domain registered. It was only a matter of time, however, for other cybercriminals to follow suit. Case in point: the emergence of UIWIX ransomware (detected by Trend Micro as RANSOM_UIWIX.A) and one notable Trojan our sensors detected.Read More