The departure of TeslaCrypt from the ransomware circle has gone and made waves in the cybercriminal world. Bad guys appear to be jumping ships in hopes of getting a chunk out of the share that was previously owned by TeslaCrypt. In line with this recent event, indicators are pointing to a new strong man in the ransomware game: CryptXXX.Read More
Whenever a threat is “localized” to a specific region, it’s a sign that attackers believe there is money to be made. Ransomware has made millions of dollars around the world, and it looks like it’s poking its nose into a new part of the world: China. However, the initial foray into this market made several mistakes.Read More
A multicomponent backdoor and point-of-sale (PoS) malware tandem can lead to stealthier and more flexible attacks. And these can pose greater threats to enterprises and small and medium-sized businesses (SMBs). Add another PoS malware to the mix, and you’ve got even bigger trouble.Read More
We recently came across a cyber attack that used a remote access Trojan (RAT) called Lost Door, a tool currently offered on social media sites. What also struck us the most about this RAT (detected as BKDR_LODORAT.A) is how it abuses the Port Forward feature in routers. Using this feature enables remote systems to connect to a specific computer or service within a private local-area network (LAN). However, when used maliciously, this feature allows remote attackers to mask their activities in the network and avoid immediate detection. Because this RAT is easy to customize, even knowledge of the indicators of compromise (which may change as a result) may not be sufficient in thwarting the threat. Easily customizable RATs like Lost Door can be hard to detect and protect against, posing a challenge to IT administrators.Read More
April 2016 was a great month for putting cybercriminals in prison. On April 12 Paunch, the creator of the infamous Blackhole exploit kit, was sentenced to seven years in a Russian prison. This was soon followed by Aleksandr Panin, the creator of SpyEye: he was sentenced by a United States federal court to nine and a half years in prison for his role in creating SpyEye. One of his partners, Hamza Bendelladj, was sentenced to fifteen years.
The most recent case involved Esthost, a company we know very well from our research. Vladimir Tsastsin became the latest member of the Esthost gang to be sentenced to jail; he will spend more than 7 years in prison. He was also ordered to forfeit more than $2.5 million in property.Read More