Since June 2018, the Radware Threat Research team has monitored an ongoing APT against the Palestinian authority, featuring an updated version of the Micropsia malware with an advanced surveillance toolkit. This advanced persistent threat began in March 2017 and was reported by Cisco Talos and Check Point Software Technologies, infecting hundreds of machines thus far.
Android platforms are commonly characterized by the presence of Trojan-infected apps that have built-in cryptocurrency mining codes, which means that mobile users are highly susceptible to malicious cryptocurrency mining attacks. It is quite alarming to note that cyber criminals deploy malicious APKs that are delivered through SMS spam and cryptocurrency miners into people’s mobile devices and the modus operandi is similar to that of Windows malware. In fact, attackers find it quite easy to add miners to apps that are already malicious. For example, cyber criminals could easily add miners on apps that were infected with the Loapi Trojan, an SMS Trojan that could deliver ads. Loapi caused a high degree of strain on the processor, which caused overheating of the batteries which, in turn, shortened the lifespan of the Androids.
If you are reading this post, chances are you are aware of internet hacks – you have heard of the company that got all its data stolen, or the CEO whose social media account was compromised. If you work at an enterprise, it’s likely that your enterprise bought and deployed some security products to protect its employees and its intellectual property. However, there are multiple ways to trick such security measures, whether you are at work or when you are browsing from the safety of your own home. In this post I collected four simple rules that can help you stay protected. In the continuous battle between security and usability, following these four rules gives away very little comfort, yet significantly increases the chance you will not be hacked. These rules are good practices and they are enough for most people, chances are they will save you from being hacked. You will not always know if they helped you, but if you make them a habit, they will do you good.
In my last article, I was discussing how malicious cryptocurrency mining is all set to exploit technological as well as human vulnerabilities this year. In this article, I will continue digging deeper and discuss its patterns of invasions.
Legacy perimeter security mechanisms can be evaded very easily. It’s disappointing, but it’s true. Innovatively-designed malware and APTs have the potential to evade even the strongest signature-based security solutions that are currently being deployed across industries. This has encouraged IT companies to think beyond prevention and to design effective detection strategies. In recent times, companies have started analyzing traffic logs through a deployment of technology as well as professional services to detect attacks that are under way. However, even though traffic log analysis can promote the identification of malware activity, companies may not benefit from it much as the on-premises approach is incomplete, inefficient, and expensive at the same time.
Individual research contributed by Adi Raff and Yuval Shapira.
On May 3, 2018, Radware’s cloud malware protection service detected a zero-day malware threat at one of its customers, a global manufacturing firm, by using machine-learning algorithms. This malware campaign is propagating via socially-engineered links on Facebook and is infecting users by abusing a Google Chrome extension (the ‘Nigelify’ application) that performs credential theft, cryptomining, click fraud and more.
On April 12, 2018, Radware’s threat research group detected malicious activity via internal feeds of a group collecting user credentials and payment methods from Facebook users across the globe. The group manipulates victims via phishing emails to download a painting application called ‘Relieve Stress Paint.’ While benign in appearance, it runs a malware dubbed ‘Stresspaint’ in the background. Within a few days, the group had infected over 40,000 users, stealing tens of thousands Facebook user credentials/cookies. This rapid distribution and high infection rate indicates this malware was developed professionally. The group is specifically interested in users who own Facebook pages and that contain stored payment methods. We suspect that the group’s next target is Amazon as they have a dedicated section for it in the attack control panel. Radware will continue to analyze the campaign and monitor the group’s activity. Prior to publication of this alert, Radware has detected another variant of the malware and saw indication of this new version in the control panel.
I do declare, I do not know; if this guest be friend or foe…
Wouldn’t it be nice to be able to turn away malicious network guests before they create havoc and bring all their evil friends to visit your applications, without having to worry about blocking legitimate guests from access to your applications?
Evasive malware has become a key threat to businesses’ sensitive data. Stealing and selling sensitive data on the Darknet is a lucrative business for hackers, who increasingly rely on evasive malware to penetrate corporate networks.
A study by Verizon found that over 50% of data breaches involve the usage of malware in some capacity. Indeed, some of the largest and best-known data breaches on record, such as Target, Anthem Health, The Home Depot and the U.S. Federal Office of Personnel Management (OPM) were the result of evasive malware running undetected in the network over long periods. These organizations all have large security teams, massive IT budgets and multi-layered anti-malware protections. And yet, in each of these cases these defenses were all circumvented by evasive malware.
A new botnet recently started recruiting IoT devices. The botnet uses hosted servers to find and infect new victims leveraging one of two known vulnerabilities that have become popular in IoT botnets recently: