Girl Scouts and OpenText empower future leaders of tomorrow with cyber resilience

The transition to a digital-first world enables us to connect, work and live in a realm where information is available at our fingertips. The children of today will be working in an environment of tomorrow that is shaped by hyperconnectivity. Operating in this...

World Backup Day reminds us all just how precious our data is

Think of all the important files sitting on your computer right now. If your computer crashed tomorrow, would you be able to retrieve your important files? Would your business suffer as a result? As more and more of our daily activities incorporate digital and online...

3 Reasons We Forget Small & Midsized Businesses are Major Targets for Ransomware

The ransomware attacks that make headlines and steer conversations among cybersecurity professionals usually involve major ransoms, huge corporations and notorious hacking groups. Kia Motors, Accenture, Acer, JBS…these companies were some of the largest to be...

How Ransomware Sneaks In

Ransomware has officially made the mainstream. Dramatic headlines announce the latest attacks and news outlets highlight the staggeringly high ransoms businesses pay to retrieve their stolen data. And it’s no wonder why – ransomware attacks are on the rise and the...

An MSP and SMB guide to disaster preparation, recovery and remediation

Introduction It’s important for a business to be prepared with an exercised business continuity and disaster recovery (BC/DR) plan plan before its hit with ransomware so that it can resume operations as quickly as possible. Key steps and solutions should be followed...

Podcast: Cyber resilience in a remote work world

The global pandemic that began to send us packing from our offices in March of last year upended our established way of working overnight. We’re still feeling the effects. Many office workers have yet to return to the office in the volumes they worked in pre-pandemic....

5 Tips to get Better Efficacy out of Your IT Security Stack

If you’re an admin, service provider, security executive, or are otherwise affiliated with the world of IT solutions, then you know that one of the biggest challenges to overcome is efficacy. Especially in terms of cybersecurity, efficacy is something of an amorphous...

How Cryptocurrency and Cybercrime Trends Influence One Another

Typically, when cryptocurrency values change, one would expect to see changes in crypto-related cybercrime. In particular, trends in Bitcoin values tend to be the bellwether you can use to predict how other currencies’ values will shift, and there are usually...

Cybercrime-friendly service offers access to tens of thousands of compromised accounts

By Dancho Danchev

Among the first things a cybercriminal will (automatically) do, once they gain access to a compromised host, is to retrieve account/credential data.

From compromised FTP credentials, CPanel accounts, portfolios of domains, to hacked PayPal and Steam accounts, cybercriminals are actively utilizing compromised infrastructure as a foundation for the success of their fraudulent or malicious campaigns, as well as for anonymization ‘stepping stones’ tactics in an attempt to forward the risk of getting tracked down through a series of network connections between malware infected hosts located across the globe.

In this post, I’ll highlight the existence of a cybercrime-friendly service that has been supplying virtually anyone who pays for access, with tens of thousands of compromised accounts.

More details: read more…

DIY Java-based RAT (Remote Access Tool) spotted in the wild

While the authors/support teams of some of the market leading Web malware exploitation kits are competing on their way to be the first kit to introduce a new exploit on a mass scale, others, largely influenced by the re-emergence of the DIY (do-it-yourself) trend across the cybercrime ecosystem, continue relying on good old fashioned social engineering attacks.

In this post, I’ll profile a beneath-the-radar type of DIY Java-based botnet building tool, which is served through the usual unsigned, yet malicious Java applet.

More details: read more…

A peek inside the EgyPack Web malware exploitation kit

By Dancho Danchev

On a daily basis we process multiple malicious campaigns that, in 95%+ of cases, rely on the market leading Black Hole Exploit Kit. The fact that this Web malware exploitation kit is the kit of choice for the majority of cybercriminals, speaks for its key differentiation factors/infection rate success compared to the competing exploit kits, like, for instance, the Sweet Orange exploit kit or the Nuclear Exploit pack v2.0.

In this post I’ll profile the EgyPack, a Web malware exploitation kit that was originally advertised on invite-only/vetted cybercrime friendly communities between the period of 2009-2011. List its core features, provide exclusive screenshots of its administration panel, and discuss why its business model failed to scale, leading to its virtually non-existent market share.

More details:

read more…

New DIY RDP-based botnet generating tool leaks in the wild

In times when we’re witnessing the most prolific and systematic abuse of the Internet for fraudulent and purely malicious activities, there are still people who cannot fully grasp the essence of the cybercrime ecosystem in the context of the big picture — economic terrosm — and in fact often deny its existence, describing it as anything else but an underdeveloped sellers/buyers market.

That’s totally wrong.

In this post, I’ll discuss the cybercrime ecosystem events that eventually led to the leakage of a private DIY botnet building and managing platform – with the idea to raise more awareness on the dynamics taking place within the vibrant ecosystem.

More details: read more…

‘Terminated Wire Transfer Notification/ACH File ID” themed malicious campaigns lead to Black Hole Exploit Kit

A couple of days ago our sensors picked up two separate malicious email campaigns, both impersonating Data Processing Services, that upon successful client-side exploitation (courtesy of the Black Hole Exploit Kit), drops an identical piece of malicious software.

Let’s dissect the campaigns, expose the malicious domains portfolio, connect them to previously profiled malicious campaigns, and analyze the behavior of the dropped malware.

More details:

read more…

Malicious ‘BBC Daily Email’ Cyprus bailout themed emails lead to Black Hole Exploit Kit

Cybercriminals are currently spamvertising tens of thousands of malicious emails impersonating BBC News, in an attempt to trick users into thinking that someone has shared a Cyprus bailout themed news item with them. Once users click on any of the links found in the fake emails, they’re automatically exposed to the client-side exploits served by the Black Hole Exploit Kit.

More details:

read more…

Spotted: cybercriminals working on new Western Union based ‘money mule management’ script

Risk-forwarding is an inseparable part of the cybercrime ecosystem.

Whether it’s the use of malware-infected hosts as stepping-stones, the issuing of License Agreements for your latest rootkit release stating that it’s meant to be tested against the customer’s own systems — you wish — or the selling of cheap access to verified PayPal accounts, in an attempt to mitigate the “cash-out” risk by forwarding it to a more experienced cybercriminal, the process of risk-forwarding is visible across the entire ecosystem.

In this post I’ll discuss a recently spotted Wetern Union based money mule management script. While the cybercriminals are currently developing this script, it is evidence of a cybercrime ecosystem trend focusing on the efficiency-centered standardization mentality of sophisticated cybercriminals.

More details: read more…

Fake ‘CNN Breaking News Alerts’ themed emails lead to Black Hole Exploit Kit

By Dancho Danchev

Cybercriminals are currently mass mailing tens of thousands malicious ‘CNN Breaking News’ themed emails, in an attempt to trick users into clicking on the exploit-serving and malware-dropping links found within. Once users click on any of the links found in the bogus emails, they’re automatically exposed to the client-side exploits served by the Black Hole Exploit Kit.

More details:

read more…

Hacked PCs as ‘anonymization stepping-stones’ service operates in the open since 2004

By Dancho Danchev

On the majority of occasions, cybercriminals will take basic OPSEC (Operational Security) precautions when using the Internet, in an attempt to make it harder for law enforcement to keep track of their fraudulent activities. Over the years, these techniques have greatly evolved to include hybrid online anonymity solutions offered exclusively to cybercriminals internationally.

In this post, I’ll profile a cybercrime-friendly service that’s been offering hacked PCs to be converted into “anonymization stepping-stones” since 2004.

More details: read more…