Girl Scouts and OpenText empower future leaders of tomorrow with cyber resilience

The transition to a digital-first world enables us to connect, work and live in a realm where information is available at our fingertips. The children of today will be working in an environment of tomorrow that is shaped by hyperconnectivity. Operating in this...

World Backup Day reminds us all just how precious our data is

Think of all the important files sitting on your computer right now. If your computer crashed tomorrow, would you be able to retrieve your important files? Would your business suffer as a result? As more and more of our daily activities incorporate digital and online...

3 Reasons We Forget Small & Midsized Businesses are Major Targets for Ransomware

The ransomware attacks that make headlines and steer conversations among cybersecurity professionals usually involve major ransoms, huge corporations and notorious hacking groups. Kia Motors, Accenture, Acer, JBS…these companies were some of the largest to be...

How Ransomware Sneaks In

Ransomware has officially made the mainstream. Dramatic headlines announce the latest attacks and news outlets highlight the staggeringly high ransoms businesses pay to retrieve their stolen data. And it’s no wonder why – ransomware attacks are on the rise and the...

An MSP and SMB guide to disaster preparation, recovery and remediation

Introduction It’s important for a business to be prepared with an exercised business continuity and disaster recovery (BC/DR) plan plan before its hit with ransomware so that it can resume operations as quickly as possible. Key steps and solutions should be followed...

Podcast: Cyber resilience in a remote work world

The global pandemic that began to send us packing from our offices in March of last year upended our established way of working overnight. We’re still feeling the effects. Many office workers have yet to return to the office in the volumes they worked in pre-pandemic....

5 Tips to get Better Efficacy out of Your IT Security Stack

If you’re an admin, service provider, security executive, or are otherwise affiliated with the world of IT solutions, then you know that one of the biggest challenges to overcome is efficacy. Especially in terms of cybersecurity, efficacy is something of an amorphous...

How Cryptocurrency and Cybercrime Trends Influence One Another

Typically, when cryptocurrency values change, one would expect to see changes in crypto-related cybercrime. In particular, trends in Bitcoin values tend to be the bellwether you can use to predict how other currencies’ values will shift, and there are usually...

Millions of harvested U.S government and U.S military email addresses offered for sale

Remember the underground service offering millions of harvested emails for sale profiled at the Webroot Threat Blog in January?

It appears  that cybercriminals are continuing to innovate in this underground market segment by offering geolocated databases of millions of harvested emails for better targeting in their upcoming spam campaigns.

In this post, I’ll profile yet another cybercrime underground  service selling millions of harvested emails to potential cybercriminals.

read more…

Research: U.S accounts for 72% of fraudulent pharmaceutical orders

Just how profitable is spam? Who’s buying the counterfeit pharmaceutical items advertised so heavily in a huge percentage of the spam campaigns currently circulating in the wild?

According to a newly released report by the University of California at San Diego, although hundreds of thousands of people visit the fraudulent pharmaceutical scam sites, only a small percentage of them is actually purchasing the counterfeit pharmaceutical items.

In this particular case, the United States leads with 72% of total purchases from fraudulent pharmaceutical sites.

More details:

read more…

Spamvertised ‘Your accountant license can be revoked’ emails lead to client-side exploits and malware

Cybercriminals are currently spamvertising a malicious email campaign that’s designed to trick you into clicking on a bogus complaint.pdf link which ultimately leads to client-side exploits and malware.

The campaign is launched by the same gang that launched the “Spamvertised ‘Termination of your CPA license’ ” malicious campaign last month.

More details:

read more…

Research: proper screening could have prevented 67% of abusive domain registrations

On a daily basis, spammers register thousands of new domains across multiple domain registrars, and take advantage of WHOIS privacy services to ensure that security researchers and anti-spam fighters will have hard time taking them down. So what can we do about it?

According to a newly released research by Knujon.com, proper screening could have prevented 67% of those abusive domain registrations.

More details:

read more…

A peek inside the Darkness (Optima) DDoS Bot

With politically motivated DDoS (distributed denial of service attack) attacks proliferating along with the overall increase in the supply of managed “DDoS for hire” services, it’s time to get back the basics, and find out just what makes an average DDoS bot used by cybercriminals successful.

Continuing the “A peek inside…” series, in this post I’ll profile the Darkness X (Optima) DDoS bot, available for purchase at selected cybercrime-friendly online communities since 2009.

More details:

read more…

Evolution of Android Malware “The touch, the feel of being tricked into sending premium SMS messages, the worst feeling of our lives” (Part 3)

by Nathan Collier

Android.SMS.FakeInst is a Trojan that aims to do one thing — trick users into sending premium SMS messages by pretending to be an install for an app.  Here’s how the scam works: The user sends three premium SMS messages in exchange for an app, but there is no guarantee that it will actually install anything after they already have your money.  These malicious apps are getting harder and harder to discern as malicious as the look and feel of these apps get better through newer iterations.  One variant of these Trojan apps, which comes from a known malicious site, looks better with each update.  Let’s start with one of the first iterations of this variant.

The icon looks fairly convincing:

read more…

New service converts malware-infected hosts into anonymization proxies

What happens when a host gets infected with malware? On the majority of occasions, cybercriminals will use it as a launch platform for numerous malicious activities, such as spamming, launching DDoS attacks, harvesting for fresh emails, and account logins. But most interestingly, thanks to the support offered in multiple malware loaders, they will convert the malware-infected hosts into anonymization proxies used by cybercriminals to cover their Web activities.

In this post, I’ll profile a newly launched service, offering thousands of malware-infected hosts as Socks4 and Socks5 servers for anonymizing a cybercriminal’s Web activities.

read more…

An Evolution of Android Malware “When stealing data isn’t enough meet…GoManag …“ (Part 2)

In our continued series of how Android malware authors continue adding functionality to their work we take a look at GoManag. First seen last year, targeting Chinese speakers, GoManag is a Trojan that installs as a service so it can run in the background, collects device information and downloads payloads.  Its odd name comes from part of a URL it attempts to contact to.

Malicious GoManag app running in the background as the name “Google Search (Enhanced)”

read more…

A peek inside the Elite Malware Loader

Just like today’s modern economy, in the cybercrime ecosystem supply, too, meets demand on a regular basis.

With malware coding for hire propositions increasing thanks to the expanding pool of talented programmers looking for ways to enter the cybercrime ecosystem, it shouldn’t be surprising that  cybercriminals are constantly releasing new malware loaders, cryptors, remote access trojans, or issuing updates to web malware exploitation kits on a periodic basis, using the outsourcing market model.

Continuing the “Peek inside…” series, in this post I’ll profile the Elite Malware Loader. In the wild since 2009,  the malware loader is still under active development according to a recently spotted advertisement within the cybercrime ecosystem.

read more…