Threats posed by using RATs in ICS

While conducting audits, penetration tests and incident investigations, we have often come across legitimate remote administration tools (RAT) for PCs installed on operational technology (OT) networks of industrial enterprises. In…

New trends in the world of IoT threats

Cybercriminals’ interest in IoT devices continues to grow: in H1 2018 we picked up three times as many malware samples attacking smart devices as in the whole of 2017. And…

Texas Insider Report: AUSTIN, Texas – Attorney General Ken Paxton today announced that he has appointed current Texas Assistant Solicitor General Kyle Hawkins to serve as Solicitor General. Hawkins succeeds…

LuckyMouse signs malicious NDISProxy driver with certificate of Chinese IT company

What happened? Since March 2018 we have discovered several infections where a previously unknown Trojan was injected into the lsass.exe system process memory. These implants were injected by the digitally…

What are botnets downloading?

Spam mailshots with links to malware and bots downloading other malware are just a couple of botnet deployment scenarios. The choice of infectious payload is limited only by the imagination…

The rise of mobile banker Asacub

We encountered the Trojan-Banker.AndroidOS.Asacub family for the first time in 2015, when the first versions of the malware were detected, analyzed, and found to be more adept at spying than…

Operation AppleJeus: Lazarus hits cryptocurrency exchange with fake installer and macOS malware

Overview Lazarus has been a major threat actor in the APT arena for several years. Alongside goals like cyberespionage and cybersabotage, the attacker has been targeting banks and other financial…

KeyPass ransomware

In the last few days, our anti-ransomware module has been detecting a new variant of malware – KeyPass ransomware. Others in the security community have also noticed that this ransomware…

Last ID Is Released From Deadly Apartment Fire In San Marcos

SAN MARCOS, Texas (AP) – Authorities have identified all five individuals who died last month in a massive fire at two apartment complexes in San Marcos. Officials on Friday announced…

IT threat evolution Q2 2018

Targeted attacks and malware campaigns Operation Parliament In April, we reported the workings of Operation Parliament, a cyber-espionage campaign aimed at high-profile legislative, executive and judicial organizations around the world…

How do file partner programs work?

It’s easy to notice if you’ve fallen victim to an advertising partner program: the system has new apps that you didn’t install, ad pages spontaneously open in the browser, ads…

Attacks on industrial enterprises using RMS and TeamViewer

Main facts Kaspersky Lab ICS CERT has identified a new wave of phishing emails with malicious attachments targeting primarily companies and organizations that are, in one way or another, associated…

The return of Fantomas, or how we deciphered Cryakl

In early February this year, Belgian police seized the C&C servers of the infamous Cryakl cryptor. Soon afterwards, they handed over the private keys to our experts, who used them…

Olympic Destroyer is still alive

In March 2018 we published our research on Olympic Destroyer, an advanced threat actor that hit organizers, suppliers and partners of the Winter Olympic Games 2018 held in Pyeongchang, South…

2018 Fraud World Cup

There are only two weeks to go before the start of the massive soccer event — FIFA World Cup. This championship has already attracted the attention of millions worldwide, including…

I know where your pet is

Kaspersky Lab’s many years of cyberthreat research would suggest that any device with access to the Internet will inevitably be hacked. In recent years, we have seen hacked toys, kettles,…

Roaming Mantis dabbles in mining and phishing multilingually

In April 2018, Kaspersky Lab published a blogpost titled ‘Roaming Mantis uses DNS hijacking to infect Android smartphones’. Roaming Mantis uses Android malware which is designed to spread via DNS…

OPC UA security analysis

This paper discusses our project that involved searching for vulnerabilities in implementations of the OPC UA protocol. In publishing this material, we hope to draw the attention of vendors that…

SynAck targeted ransomware uses the Doppelgänging technique

The Process Doppelgänging technique was first presented in December 2017 at the BlackHat conference. Since the presentation several threat actors have started using this sophisticated technique in an attempt to…

Texas Insider Report: AUSTIN, Texas – Attorney General Ken Paxton today applauded a 2-1 ruling by a three judge panel of the U.S. Court of Appeals for the 5th Circuit…