Cisco’s research group Talos posted a detailed article on the history and current state of Ransomware HERE. They provided some best practices to protect your organization from being compromised. It is a bit of a long read but worth spending the time to check out.
The rise of ransomware over the past year is an ever growing problem. Businesses often believe that paying the ransom is the most cost effective way of getting their data back – and this may also be the reality. The problem we face is that every single business that pays to recover their files, is directly funding the development of the next generation of ransomware. As a result of this we’re seeing ransomware evolve at an alarming rate. Continue reading →
Cisco Talos wrote a awesome post following a attack campaign that leveraged malware using RAT capabilities. They cover research on how the malware is delivered using phishing via SPAM, what happens when the malware is executed and what they found as they monitored the malware installed in their lab / sandbox systems. I have wrote about another remote access tool (RAT) in the past here here and love how Talos included details on the tool DarkKomet used for this particular campaign. The original post can be found HERE. Its a little longer than the usual posts on here but worth the read.
Talos is constantly observing malicious spam campaigns delivering various different types of payloads. Common payloads include things like Dridex, Upatre, and various versions of Ransomware. One less common payload that Talos analyzes periodically are Remote Access Trojans or RATs. A recently observed spam campaign was using freeware remote access trojan DarkKomet (a.k.a DarkComet). This isn’t a novel approach since threat actors have been leveraging tools like DarkKomet or Hawkeye keylogger for quite sometime. Continue reading →
Cisco’s research team Talos wrote a interesting article on their research on Phishing. The original post can be found HERE. For those that don’t know what Phishing is, its the cyber attack where a malicious party pretends to be a legitimate source with the goal to trick a victim into clicking a email, accessing a website, or just giving up sensitive data. Here is the Talos article. Continue reading →
Earl Carter and Craig Williams from the Cisco Security Blog posted a great article on a recent wave of taxed related spear-phishing attacks (original post found HERE). What is interesting is how attackers leverage current trends as the theme for their malware. For example, we will probably see a bunch of March Madness attacks along with Tax related phishing this month since thats what people are searching for online. This contradictions the old belief that “safe searching” aka not going to adult websites or searching for free software will keep you safe from malware. The reality is the attackers want the most bang for their buck so they will target where the most people are at. In March, thats Tax season and March Madness. Here is the post from Cisco. Continue reading →
There are many methods criminals will use to steal money that fall outside of normal attack channels. I was having dinner with a buddy from work and heard one of the most outrageous social engineering attack methods he recently experienced. To summarize, he had attackers call his home phone and try to get him to install malicious software. He figured out they were full of it yet went along with the scam for 20 minutes to see where they would take things. This post will cover his experience and variations of this attack seen in the wild.
Lesson learned …. don’t trust somebody just because they called you. Make sure to tell your friends and family this message. If you do some Google research, you will find many non-technical people are being tricked by this form of attack.Continue reading →
I wrote about one of my favorite hot-spot honeypot tools known as the WiFI pineapple Mark IV last year HERE. The pineapple only cost $100 dollars and can be found at the HAK5 store.
To summarize what this bad boy does, it is a small portable attack tool that can run things such as Karma used to spoof trusted SSIDs and SSL strip to remove trusted connections while sniffing traffic. So for example, lets say your home network is PUPPYDOG123. When you’re at home, your wireless devices will look for PUPPYDOG123 and connect if they see it. When the pineapple is present and running Karma, it can say back “Hey, I’m PUPPYDOG123 … connect to me”. Your device will think its your network and connect. Traffic will go through the Pineapple so you think you are on a trusted network however the pineapple is between aka a man-in-the-middle attack. Continue reading →
If you are familiar with penetration tools, then you should know Metasploit. For those that love GUIs, there is a fantastic open source GUI management for Metasploit known as Armitage (found HERE). The same developers of Armitage created a more advanced penetration testing package for a $2,500 annual cost. The tool is called cobalt Strike (CS) and can be downloaded at www.advancedpentest.com for a 21day trail. They also have a 4-hour lab that lets you try out the core cobalt Strike features. It is worth spending the time to test the tool and get some lab time even though the lab itself is is pretty easy. Continue reading →
I’ve said this many times before … the Internet is full of bad things. Of those bad things, one of the most common threats is Phishing attacks. Wiki defines phishing as “the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication”. The majority of successful phishing attacks clone popular social networking sources and provide hyperlinks with the hope a target will click the link without questioning the authenticity of the source.
I wrote a post about what to look for regarding fraud email and craiglist sales HERE and 2 example craiglist cons HERE. The concepts are generally the same regarding identifying phishing attackers however in some cases, the attack will be a clone of a real message or website, which makes it very difficult to detect. Best practices is THINK BEFORE YOU CLICK! Here are some examples why this is important. Continue reading →