The cybercrime group controlling the Dyre financial fraud Trojan appears to have suffered a major blow following a Russian law enforcement operation in November. Symantec telemetry has confirmed a virtual cessation of the group’s activities. Dyre (detected by Symantec as Infostealer.Dyre) is spread through email spam campaigns and no Dyre-related spam campaigns have been observed since November 18. Detections of the Dyre Trojan and associated malware have also dropped dramatically since mid-Nove
Once T9000 has infected a system, its main goal is to collect information about the targeted victim which is does by compromising Skype video calling software. After the malware has hooked into Skype, it records video calls, audio calls, and chat messages then stores them in a directory specially created by the Trojan called "Intel", which the attackers can mine for data.
At the end of 2015 Kaspersky became aware of an unusual malware program, discovered in an attempted attack on a bank in Singapore. Analysis of the file attached to a spear-phishing email that had been sent to the bank revealed the name of the malware: JSocket. Later on we found that this malware has many names: Adwind RAT (Remote Access Tool), AlienSpy, Frutas, jFrutas, Unrecom, Sockrat, JSocket, jRat. The rich features of the malware, including its ability to run on Windows, Mac OS and Linux, a
Interpol said its agreement with Barclays will broaden joint efforts in cyber-security through intelligence sharing, training and awareness about cyber-threats mitigation, and providing recommendations for public and private institutions on strengthening their cyber-resilience.
The agreement would help to resolve the difficult situation for US Internet companies, which are increasingly under pressure from the UK government to provide intercepts or stored data for domestic investigations of terrorist and criminal activities, but forbidden from doing so by US laws.
Today at the Security Analyst Summit, researchers from Kaspersky Lab Global Research & Analysis Team unveiled details on two new criminal operations that have borrowed heavily from targeted nation-state attacks, and also shared an update on a resurgent Carbanak gang, which last year, it was reported, had allegedly stolen upwards of $1 billion from more than 100 financial companies. - See more at: https://threatpost.com/spree-of-bank-robberies-show-cybercriminals-borrowing-from-apt-attacks/11
The security loophole is named CVE-2016-0603 and the bug fix has been released to address a vulnerability which can be exploited when Java version 6, 7, or 8 is installed on a Windows platform. The weakness is remotely exploitable, allowing attackers to compromise a network without the need for usernames or passwords.
With the Cisco 2016 Annual Security Report, which analyzes advances by security industry and criminals, see how your peers assess security preparedness in their organizations and gain insights into where to strengthen your defenses.
Exploit kits often employ measures to keep security researchers and other unwanted visitors away from their servers, but most of the time these measures are handled on the HTTP level- with web servers redirecting you away or returning fake error codes; implementing this logic on a TCP level as Neutrino did is a fairly smart move on their part: generally speaking when a server doesn't respond to you at all you tend to assume that it's down.