The early stages of an intrusion usually include initial access, execution, persistence, and command-and-control (C2) beaconing. When structured threats use zero-days, these first two stages are often not detected. It can often be challenging and time-consuming to identify persistence mechanisms left by an advanced adversary as we saw in the 2020 SUNBURST supply chain … [Read more...] about Identifying beaconing malware using Elastic
Malware
Linux-Targeted Malware Increases by 35% in 2021
Malware targeting Linux systems increased by 35% in 2021 compared to 2020 XorDDoS, Mirai and Mozi malware families accounted for over 22% of Linux-targeted threats observed by CrowdStrike in 2021 Ten times more Mozi malware samples were observed in 2021 compared to 2020 Malware targeting Linux-based operating systems, commonly deployed in Internet of Things (IoT) devices, have … [Read more...] about Linux-Targeted Malware Increases by 35% in 2021
Hackers Use Cloud Services to Distribute Nanocore, Netwire, and AsyncRAT Malware
Threat actors are actively incorporating public cloud services from Amazon and Microsoft into their malicious campaigns to deliver commodity remote access trojans (RATs) such as Nanocore, Netwire, and AsyncRAT to siphon sensitive information from compromised systems. The spear-phishing attacks, which commenced in October 2021, have primarily targeted entities located in the … [Read more...] about Hackers Use Cloud Services to Distribute Nanocore, Netwire, and AsyncRAT Malware
Detecting Evasive Malware on IoT Devices Using Electromagnetic Emanations
Cybersecurity researchers have proposed a novel approach that leverages electromagnetic field emanations from the Internet of Things (IoT) devices as a side-channel to glean precise knowledge about the different kinds of malware targeting the embedded systems, even in scenarios where obfuscation techniques have been applied to hinder analysis. With the rapid adoption of IoT … [Read more...] about Detecting Evasive Malware on IoT Devices Using Electromagnetic Emanations
Ongoing Autom Cryptomining Malware Attacks Using Upgraded Evasion Tactics
An ongoing crypto mining campaign has upgraded its arsenal while adding new defense evasion tactics that enable the threat actors to conceal the intrusions and fly under the radar, new research published today has revealed. Since first detected in 2019, a total of 84 attacks against its honeypot servers have been recorded to date, four of which transpired in 2021, according to … [Read more...] about Ongoing Autom Cryptomining Malware Attacks Using Upgraded Evasion Tactics
Expert Details macOS Bug That Could Let Malware Bypass Gatekeeper Security
Apple recently fixed a security vulnerability in the macOS operating system that could be potentially exploited by a threat actor to "trivially and reliably" bypass a "myriad of foundational macOS security mechanisms" and run arbitrary code. Security researcher Patrick Wardle detailed the discovery in a series of tweets on Thursday. Tracked as CVE-2021-30853 (CVSS score: 5.5), … [Read more...] about Expert Details macOS Bug That Could Let Malware Bypass Gatekeeper Security
New BLISTER Malware Using Code Signing Certificates to Evade Detection
Cybersecurity researchers have disclosed details of an evasive malware campaign that makes use of valid code signing certificates to sneak past security defenses and stay under the radar with the goal of deploying Cobalt Strike and BitRAT payloads on compromised systems. The binary, a loader, has been dubbed "Blister" by researchers from Elastic Security, with the malware … [Read more...] about New BLISTER Malware Using Code Signing Certificates to Evade Detection
A New Rust-based Ransomware Malware Spotted in the Wild
Details have emerged about what's the first Rust-language-based ransomware strain spotted in the wild that has already amassed "some victims from different countries" since its launch last month. The ransomware, dubbed BlackCat, was disclosed by MalwareHunterTeam. "Victims can pay with Bitcoin or Monero," the researchers said in a series of tweets detailing the file-encrypting … [Read more...] about A New Rust-based Ransomware Malware Spotted in the Wild
This New Stealthy JavaScript Loader Infecting Computers with Malware
Threat actors have been found using a previously undocumented JavaScript malware strain that functions as a loader to distribute an array of remote access Trojans (RATs) and information stealers. HP Threat Research dubbed the new, evasive loader "RATDispenser," with the malware responsible for deploying at least eight different malware families in 2021. Around 155 samples of … [Read more...] about This New Stealthy JavaScript Loader Infecting Computers with Malware
Hackers Targeting Biomanufacturing Facilities With Tardigrade Malware
An advanced persistent threat (APT) has been linked to cyberattacks on two biomanufacturing companies that occurred this year with the help of a custom malware loader called "Tardigrade." That's according to an advisory published by Bioeconomy Information Sharing and Analysis Center (BIO-ISAC) this week, which noted that the malware is actively spreading across the sector with … [Read more...] about Hackers Targeting Biomanufacturing Facilities With Tardigrade Malware