Threat Lab

Girl Scouts and OpenText empower future leaders of tomorrow with cyber resilience

The transition to a digital-first world enables us to connect, work and live in a realm where information is available at our fingertips. The children of today will be working in an environment of tomorrow that is shaped by hyperconnectivity. Operating in this...

World Backup Day reminds us all just how precious our data is

Think of all the important files sitting on your computer right now. If your computer crashed tomorrow, would you be able to retrieve your important files? Would your business suffer as a result? As more and more of our daily activities incorporate digital and online...

3 Reasons We Forget Small & Midsized Businesses are Major Targets for Ransomware

The ransomware attacks that make headlines and steer conversations among cybersecurity professionals usually involve major ransoms, huge corporations and notorious hacking groups. Kia Motors, Accenture, Acer, JBS…these companies were some of the largest to be...

How Ransomware Sneaks In

Ransomware has officially made the mainstream. Dramatic headlines announce the latest attacks and news outlets highlight the staggeringly high ransoms businesses pay to retrieve their stolen data. And it’s no wonder why – ransomware attacks are on the rise and the...

An MSP and SMB guide to disaster preparation, recovery and remediation

Introduction It’s important for a business to be prepared with an exercised business continuity and disaster recovery (BC/DR) plan plan before its hit with ransomware so that it can resume operations as quickly as possible. Key steps and solutions should be followed...

Podcast: Cyber resilience in a remote work world

The global pandemic that began to send us packing from our offices in March of last year upended our established way of working overnight. We’re still feeling the effects. Many office workers have yet to return to the office in the volumes they worked in pre-pandemic....

5 Tips to get Better Efficacy out of Your IT Security Stack

If you’re an admin, service provider, security executive, or are otherwise affiliated with the world of IT solutions, then you know that one of the biggest challenges to overcome is efficacy. Especially in terms of cybersecurity, efficacy is something of an amorphous...

How Cryptocurrency and Cybercrime Trends Influence One Another

Typically, when cryptocurrency values change, one would expect to see changes in crypto-related cybercrime. In particular, trends in Bitcoin values tend to be the bellwether you can use to predict how other currencies’ values will shift, and there are usually...

Nuclear Exploit Pack goes 2.0

Oct 31, 2012 | Industry Intel, Threat Lab

In times when the market leading Black Hole Exploit Kit continues to gain market share, competing products are prone to emerge. What is the competition up to? Has it managed to differentiate itself from the market leading product or is it basically a “me too” exploit kit lacking any significant features worth emphasizing on?

In this post, I’ll profile the recently advertised Nuclear Exploit Pack v.2.0, elaborate on its features, and discuss whether or not it has the potential to outpace the market leader (Black Hole Exploit Kit) in terms of market share.

More details:

Cybercriminals spamvertise millions of bogus Facebook notifications, serve malware

Oct 30, 2012 | Industry Intel, Threat Lab

Recently, cybercriminals spamvertised yet another massive email campaign, impersonating the world’s most popular social network – Facebook.

It was similar to a previously profiled spam campaign imitating Facebook. However, in this case the cybercriminals behind it relied on attached malicious archives, compared to including exploits and malware serving links in the email.

More details:

Cybercriminals spamvertise millions of British Airways themed e-ticket receipts, serve malware

Oct 29, 2012 | Industry Intel, Threat Lab

Cybercrimianals are currently mass mailing millions of emails in an attempt to trick British Airways customers into executing the malicious attachment found in the spamvertised emails. Upon execution, the malware opens a backdoor on the infected host, allowing the cybercriminals behind the campaign to gain complete control over the infected host.

More details:

Spamvertised ‘BT Business Direct Order’ themed emails lead to malware

Oct 28, 2012 | Industry Intel, Threat Lab

Over the past 24 hours, cybercriminals have been spamvertising millions of emails targeting customers of BT’s Business Direct in an attempt to trick its users into executing the malicious attachment found in the emails. Upon executing it, the malware opens a backdoor on the infected host, allowing the cybercriminals behind the campaign to gain complete access to the affected host.

More details:

Cybercriminals impersonate Verizon Wireless, serve client-side exploits and malware

Oct 27, 2012 | Industry Intel, Threat Lab

Verizon Wireless customers, beware!

For over a week now, cybercriminals have been persistently spamvertising millions of emails impersonating the company, in an attempt to trick current and prospective customers into clicking on the client-side exploits and malware serving links found in the malicious email.

Upon clicking on any of the links, users are exposed to the client-side exploits served by the latest version of the Black Hole Exploit Kit.

More details:

RSA Conference Europe 2012 – recap

Oct 26, 2012 | Industry Intel, Threat Lab

As many of you know, Webroot recently attended Europe’s most prestigious security conference, RSA Europe 2012, where I held a presentation on the topic of “Cyber Jihad vs Cyberterrorism – Separating Hype from Reality“.

Since a picture is worth a thousand words, here are some photos from this year’s RSA Europe conference:

Bogus Skype ‘Password successfully changed’ notifications lead to malware

Oct 26, 2012 | Industry Intel, Threat Lab

Skype users, beware!

Cybercriminals are currently spamvertising millions of emails impersonating Skype, in an attempt to trick Skype users that their password has been successfully changed, and that in order to view their call history and change their account settings, they would need to execute the malicious attachment found in the emails.

More details:

‘Your UPS Invoice is Ready’ themed emails serve malware

Oct 25, 2012 | Industry Intel, Threat Lab

Over the past 24 hours, cybercriminals launched yet another massive spam campaign, impersonating the United Parcel Service (UPS), in an attempt to trick its current and prospective customers into downloading and executing the malicious attachment found in the email. Upon execution, the malware opens a backdoor on the infected host, allowing the cybercriminals behind the campaign to gain complete control over the victim’s host.

More details:

Cybercriminals impersonate Delta Airlines, serve malware

Oct 24, 2012 | Industry Intel, Threat Lab

Following the recently launched malicious campaigns impersonating KLM and American Airlines, cybercriminals are once again busy impersonating yet another company, this time it’s Delta Airlines.

More details:

PayPal ‘Notification of payment received’ themed emails serve malware

Oct 23, 2012 | Industry Intel, Threat Lab

Sticking to their proven tactic of systematically rotating the impersonated brands, cybercriminals are currently spamvertising millions of emails impersonating PayPal, in an attempt to trick its users into downloading and executing the malicious attachment found in the legitimate looking email.

More details:

Russian cybercriminals release new DIY DDoS malware loader

Oct 22, 2012 | Industry Intel, Threat Lab

On a daily basis, new market entrants into the cybercrime ecosystem attempt to monetize their coding skills by releasing and branding new DIY DDoS malware loaders. Largely dominated by “me too” features, these DIY malware loaders are purposely released with prices lower than the prices of competing bots, in an attempt by the cybercriminal behind them to gain market share – a necessary prerequisite for a successful long-term oriented business model.

In this post, I’ll profile a recently released Russian DDoS malware bot.

More details:

‘Regarding your Friendster password’ themed emails lead to Black Hole exploit kit

Oct 19, 2012 | Industry Intel, Threat Lab

Cybercriminals are currently spamvertising millions of emails, impersonating Friendster, in an attempt to trick its current and prospective users into clicking on a malicious link found in the email.

Upon clicking on the link, users are exposed to the client-side exploits served by the latest version of the Black Hole exploit kit.

More details: