Offhand, companies and enterprises being affected by attacks like DDoS against the online gaming industry may be far-fetched. But the gaming industry, being a billion-dollar business with a continuously growing competitive community, is naturally bound to garner attention from cybercriminals. A recent wire fraud case, for instance, allowed a group of hackers to mine $16 million worth of coins in the hugely popular FIFA series and sell them to buyers in Europe and China. And in our research, we found that the sale of such gaming currencies sends ripples of impact to fund cybercrime operations often targeting entities however unrelated to online gaming.Read More
Possibly to maximize the earning potential of Cerber’s developers and their affiliates, the ransomware incorporated a routine with heavier impact to businesses: encrypting database files. These repositories of organized data enable businesses to store, retrieve, sort, analyze, and manage pertinent information. When utilized effectively they help maintain the organization’s efficiency, so holding these mission-critical files hostage can adversely affect the business’s operations and bottom line.
A known ransomware peddled as a turnkey service to budding cybercriminals, Cerber has metamorphosed into a myriad of versions throughout its lifecycle. It picked up more tricks along the way, some of which include integrating a DDoS component, using double-zipped Windows Script Files, and leveraging a cloud productivity platform, even serving as secondary payload for an information-stealing Trojan.Read More
The effectiveness of a zero-day quickly deteriorates as an attack tool after it gets discovered and patched by the affected software vendors. Within the time between the discovery of the vulnerability and the release of the fix, a bad actor might try to get the most out of his previously valuable attack assets. This is exactly what we saw in late October and early November 2016, when the espionage group Pawn Storm (also known as Fancy Bear, APT28, Sofacy, and STRONTIUM) ramped up its spear-phishing campaigns against various governments and embassies around the world. In these campaigns, Pawn Storm used a previously unknown zero-day in Adobe’s Flash (CVE-2016-7855, fixed on October 26, 2016 with an emergency update) in combination with a privilege escalation in Microsoft’s Windows Operating System (CVE-2016-7255) that was fixed on November 8, 2016.Read More
November is the second-to-last Patch Tuesday of 2016, and it brings a slightly higher than typical number of bulletins: six Critical bulletins and eight Important bulletins. The 8th is the earliest date that Patch Tuesday can take place in a month; December’s Patch Tuesday (and the last of 2016) takes place in exactly five weeks. Among the items fixed today was the zero-day vulnerability in Windows that was used in the same attacks at the Adobe Flash Player zero-day in late October.Read More
A new exploit kit has arrived which is spreading different versions of Locky ransomware. We spotted two cases of this new threat, which is based on the earlier Sundown exploit kit. Sundown rose to prominence (together with Rig) after the then-dominant Neutrino exploit kit was neutralized.
Called Bizarro Sundown, the first version was spotted on October 5 with a second sighting two weeks later, on October 19. Users in Taiwan and Korea made up more than half of the victims of this threat. Bizarro Sundown shares some features with its Sundown predecessor but added anti-analysis features. The October 19 attack also changed its URL format to closely resemble legitimate web advertisements. Both versions were used exclusively by the ShadowGate/WordsJS campaign.Read More