You may have heard about the Panama Papers—documents from a Panamanian law firm that revealed politicians, businessmen, and prominent individuals from countries all over the world were using offshore companies to cut their tax bills. It occurred to us to ask: Do cybercriminals avail of these services? Our research revealed that ads for offshore banking can also be found in underground forums. Offshore companies in Panama, the British Virgin Islands, and the Dominican Republic are used to hide the proceeds from cybercrime.Read More
ImageMagick is a popular software suite that is used to display, convert, and edit images. On May 3, security researchers publicly disclosed multiple vulnerabilities in the open-source image processing tool in this suite, one of which could potentially allow remote attackers to take over websites.Read More
We recently came across a cyber attack that used a remote access Trojan (RAT) called Lost Door, a tool currently offered on social media sites. What also struck us the most about this RAT (detected as BKDR_LODORAT.A) is how it abuses the Port Forward feature in routers. Using this feature enables remote systems to connect to a specific computer or service within a private local-area network (LAN). However, when used maliciously, this feature allows remote attackers to mask their activities in the network and avoid immediate detection. Because this RAT is easy to customize, even knowledge of the indicators of compromise (which may change as a result) may not be sufficient in thwarting the threat. Easily customizable RATs like Lost Door can be hard to detect and protect against, posing a challenge to IT administrators.Read More
April 2016 was a great month for putting cybercriminals in prison. On April 12 Paunch, the creator of the infamous Blackhole exploit kit, was sentenced to seven years in a Russian prison. This was soon followed by Aleksandr Panin, the creator of SpyEye: he was sentenced by a United States federal court to nine and a half years in prison for his role in creating SpyEye. One of his partners, Hamza Bendelladj, was sentenced to fifteen years.
The most recent case involved Esthost, a company we know very well from our research. Vladimir Tsastsin became the latest member of the Esthost gang to be sentenced to jail; he will spend more than 7 years in prison. He was also ordered to forfeit more than $2.5 million in property.Read More