Crowti ransomware spike In a blog post dated 28/10/2014, Microsoft has warned of an uptick in the rate of detection of Crowti ransomware. According to the post, 71% of affected users were in the US, with Australia taking up second place with 11% of users. As per Figure A, one of the ways Crowti is…
US-CERT warning over Dyre banking malware
US-CERT warning over Dyre banking malware The Dyre phishing campaign is continuing apace, to the extent that the US-CERT has now issued a warning containing specific details of the threat. Dyre is using two old vulnerabilities in Adobe reader to install itself on victim PCs, with a phishing campaign being used as the attack vector.…
SMTP being used for Shellshock attacks
SMTP being used for Shellshock attacks Shellshock is refusing to go away. Over the last few days a new method of attack using Simple Mail Transport Protocol (SMTP) has been detected. The aim of the attackers is to use the Shellshock exploit to conduct Distributed Denial of Service (DDoS) attacks via botnets. The Shellshock vulnerability…
Apple issues warnings on iCloud phishing
Apple issues warnings on iCloud phishing Following a wave of phishing attacks, Apple has issued an advisory for users of its iCloud service. Apple has also stated that they have not detected any breach of security generally in the iCloud service. However, Apple states that it is “aware of intermittent organized network attacks using insecure…
Pawn Storm using spear and website phishing
Pawn Storm using spear and website phishing Yesterday Trend Micro released a white paper detailing comprehensive attacks launched against specific targets including ACADEMI (formerly Blackwater), the French Ministry of Defence, and the Vatican Embassy in Iraq. The attacks used a combination of techniques including spear phishing and website phishing. The aim of the campaign was…
Koler ransomware new version spread via SMS
Koler ransomware new version spread via SMS Koler.A is a form of Android ransomware that was first identified in May 2014. The initial version of the Koler malware would lock a victim’s phone with a message ordering the victim to pay $300 USD ransom to unlock the phone. A new version of Koler has now…
Dyre spam attack
Dyre spam attack Patching systems and software should be a high priority for any organisation. Older vulnerabilities are often easy prey for attackers seeking a way inside an organisation’s defensive perimeter. If proof of the maxim “patch your systems regularly” is needed, then this week’s exploitation of an old vulnerability in Adobe Reader and Adobe…
Dropbox phishing attack
Dropbox phishing attack Dropbox have recently shutdown a fake page that was part of an elaborate phishing campaign. This particular campaign was sophisticated in its execution, as Symantec show in a blog post on the phish. Firstly, a phishing email was sent to the victim. The email contained a link to a Dropbox file. The…
Malware Monday
Malware Monday For all those starting work on Monday and starting to trawl through emails and/or planning the week ahead, here’s something to brighten your day. There is a new malware delivered via phishing emails, but the attackers committed a few errors when crafting their cyber attack. As this article on PhishMe reports, the malware…
New add-ons found in Dyre malware
New add-ons found in Dyre malware Dyre malware re-surfaced recently with a new version that contains several new features that are designed to capture more information from the victim computer and from the organisation targeted. Figure A illustrates how Dyre works. Dyre (also known as Dyreza) was first detected in June 2014. Investigators uncovered it…