At the end of April this year, we found Astrum exploit kit employing Diffie-Hellman key exchange to prevent monitoring tools and researchers from replaying their traffic. As AdGholas started to push the exploit, we saw another evolution: Astrum using HTTPS to further obscure their malicious traffic. We spotted a new AdGholas malvertising campaign using the…
Read More
“Fake news” was relatively unheard of last year—until the U.S. election campaign period started, during which an explosion of misinformation campaigns trended. But despite its seemingly rampant spread, fake news is just one facet of public opinion manipulation and cyber propaganda that we see today. Whether it’s a company trying to promote a brand or a political party pushing an ideal, today’s information wars are often for control of the public’s worldview.
Our latest research paper, “The Fake News Machine: How Propagandists Abuse the Internet and Manipulate the Public”, delves into this phenomenon. It also tackles how a group with means and motivations, use of social media, and online promotion tools and services can effectively spread these campaigns. These are the components of what we call the “Fake News Triangle”, which we’ve found to be the pillars of success for any fake news and public opinion manipulation campaign.
Read More
Last late April a friend of mine had his iPhone stolen in the streets—an unfortunately familiar occurrence in big, metropolitan areas in countries like Brazil. He managed to buy a new one, but kept the same number for convenience. Nothing appeared to be out of the ordinary at first—until he realized the thief changed his Facebook password.
Fortunately, he was able to recover and update it, as his phone number was tied to his Facebook account. But a pickpocket accessing his victim’s Facebook account is quite unusual. After all, why would a crook be interested with his victim’s Facebook account for when the goal is usually to use or sell the stolen device? It didn’t stop there; a day after, my friend curiously received a phishing SMS message on his new phone.
What’s interesting here is the blurred line between traditional felony and cybercrime—in particular, the apparent teamwork between crooks and cybercriminals that results in further—possibly more sophisticated—attacks.
Read More
Fileless infections are exactly what their namesake says: they’re infections that don’t involve malicious files being downloaded or written to the system’s disk. While fileless infections are not necessarily new or rare, it presents a serious threat to enterprises and end users given its capability to gain privileges and persist in the system of interest to an attacker—all while staying under the radar. For instance, fileless infections have been incorporated in a targeted bot delivery, leveraged to deliver ransomware, infect point-of-sale (PoS) systems, and perpetrate click fraud. The key point of the fileless infection for the attacker is to be able to evaluate each compromised system and make a decision whether the infection process should continue or vanish without a trace.
The cybercriminal group Lurk was one of the first to effectively employ fileless infection techniques in large-scale attacks—techniques that arguably became staples for other malefactors.
Read More
Offhand, companies and enterprises being affected by attacks like DDoS against the online gaming industry may be far-fetched. But the gaming industry, being a billion-dollar business with a continuously growing competitive community, is naturally bound to garner attention from cybercriminals. A recent wire fraud case, for instance, allowed a group of hackers to mine $16 million worth of coins in the hugely popular FIFA series and sell them to buyers in Europe and China. And in our research, we found that the sale of such gaming currencies sends ripples of impact to fund cybercrime operations often targeting entities however unrelated to online gaming.
Read More