-
Nov 29, 2024 | 
securelist.com | Anton Kivva |Anna Larkina |Vladislav Tushkanov |Roman Dedenok
IT threat evolution in Q3 2024IT threat evolution in Q3 2024. Non-mobile statisticsIT threat evolution in Q3 2024. Mobile statisticsQuarterly figuresAccording to Kaspersky Security Network, in Q3 2024:As many as 6.7 million attacks involving malware, adware or potentially unwanted mobile apps were prevented. Adware was the most common mobile threat, accounting for 36% of all detected threats.
-
Sep 9, 2024 | 
securelist.com | Artem Ushkov |Anton Kivva |David Emm
In July 2024, we discovered the previously unknown Loki backdoor, which was used in a series of targeted attacks. By analyzing the malicious file and open sources, we determined that Loki is a private version of an agent for the open-source Mythic framework. Our solutions detect this threat as Backdoor.Win64.MLoki to differentiate it from other malware families with the same name, such as Loki Bot, Loki Locker, and others.
-
Sep 5, 2024 | 
securelist.com | Sherif Magdy |Anton Kivva |David Emm
Executive summaryTropic Trooper (also known as KeyBoy and Pirate Panda) is an APT group active since 2011. This group has traditionally targeted sectors such as government, healthcare, transportation and high-tech industries in Taiwan, the Philippines and Hong Kong. Our recent investigation has revealed that in 2024 they conducted persistent campaigns targeting a government entity in the Middle East, starting in June 2023.
-
Sep 4, 2024 | 
securelist.com | Fedor Sinitsyn |Yanis Zinchenko |Anton Kivva |David Emm
Mallox is a sophisticated and dangerous family of malicious software that has been causing significant damage to organizations worldwide. In 2023, this ransomware strain demonstrated an uptick in attacks, the overall number of discovered Mallox samples exceeding 700. In the first half of 2024, the malware was still being actively developed, with new versions being released several times a month, while the Mallox RaaS affiliate program advertised on dark web forums was seeking new partners.
-
Jun 25, 2024 | 
securelist.com | Kaspersky ICS CERT |Georgy Kiguradze |Olga Svistunova |Anton Kivva
Small and medium-sized businesses (SMBs) are increasingly targeted by cybercriminals. Despite adopting digital technology for remote work, production, and sales, SMBs often lack robust cybersecurity measures. SMBs face significant cybersecurity challenges . The cost of data breaches can cripple operations, making preventive measures essential. This is a growing tendency that continues to pose a challenge for businesses.
-
Jun 24, 2024 | 
securelist.lat | Sergey Belov |Anderson G. Leite |Anton Kivva |David Emm
Parte 1: Historia del backdoor XZ: Análisis inicialParte 2: Evaluar el porqué y el cómo del incidente ocurrido con XZ UtilsEn nuestro primer artículo sobre el backdoor XZ, hicimos un análisis de su código, desde la infección inicial hasta el hooking de funciones que realiza. Como mencionamos entonces, su objetivo inicial era hacer el hooking de una de las funciones relacionadas con la manipulación de claves RSA.
-
Jun 24, 2024 | 
securelist.lat | Alexey Antonov |Anton Kivva |David Emm |Eduardo Ovalle
La potencia de cálculo de las computadoras no cesa de aumentar, lo que permite a los usuarios resolver tareas cada vez más complejas con mayor rapidez. Esto lleva, entre otras cosas, a que contraseñas que hace unos años eran imposibles de descifrar, hoy en 2024, los atacantes logren descifrarlas en cuestión de segundos.
-
Jun 18, 2024 | 
securelist.com | Alexey Antonov |Olga Svistunova |Anton Kivva |David Emm
The processing power of computers keeps growing, helping users to solve increasingly complex problems faster. A side effect is that passwords that were impossible to guess just a few years ago can be cracked by hackers within mere seconds in 2024. For example, the RTX 4090 GPU is capable of guessing an eight-character password consisting of same-case English letters and digits, or 36 combinable characters, within just 17 seconds.
-
Jun 13, 2024 | 
securelist.com | Kaspersky ICS CERT |Anton Kivva |David Emm |Dmitry Kachan
Modems play an important role in enabling connectivity for a wide range of devices. This includes not only traditional mobile devices and household appliances, but also telecommunication systems in vehicles, ATMs and Automated Process Control Systems (APCS). When integrating the modem, many product developers do not think of protecting their device from a potential modem compromise.
-
Dec 13, 2023 | 
securelist.com | Sergey Puzan |Anton Kivva |Igor Kuznetsov |Anna Pavlovskaya
IntroductionThe crimeware landscape is diverse. Cybercriminals try to capitalize on their victims in every possible way by distributing various types of malware designed for different platforms. In recent months, we have written private reports on a wide range of topics, such as new cross-platform ransomware, macOS stealers and malware distribution campaigns. In this article, we share excerpts from our reports on the FakeSG campaign, the Akira ransomware and the AMOS stealer.
