Martijn Lammerts
My own digital place with a little of everything

Hide and Script: Inserted Malicious URLs within Office Documents’ Embedded Videos

In late October, security researchers from Cymulate showed a proof of concept (PoC) exploiting a logic bug that could allow hackers to abuse the online video feature in Microsoft Office to deliver malware. We indeed identified an in-the-wild sample (detected by Trend Micro as TROJ_EXPLOIT.AOOCAI) in VirusTotal, using this method to deliver the URSNIF information stealer (TSPY_URSNIF.OIBEAO).

Since this kind of attack involves the use of a specially crafted Word document, we can assume that it can arrive on a user’s system through other malware or as an attachment or links/URLs in spam.

The post Hide and Script: Inserted Malicious URLs within Office Documents’ Embedded Videos appeared first on .

Continue reading...

Cryptocurrency Mining Malware uses Various Evasion Techniques, Including Windows Installer, as Part of its Routine

The concept of a stealthy, difficult-to-detect malware operating behind the scenes has proven to be an irresistible proposition for many threat actors, and they're evidently adding even more techniques, as seen in a cryptocurrency miner (detected as Coinminer.Win32.MALXMR.TIAOODAM) we discovered that includes uses multiple obfuscation and packing as part of its routine.

The post Cryptocurrency Mining Malware uses Various Evasion Techniques, Including Windows Installer, as Part of its Routine appeared first on .

Continue reading...

Fake Banking App Found on Google Play Used in SMiShing Scheme

Banks are offering more features and upgrades for their banking apps, and thanks to their convenience more users are adopting mobile banking services around the world. But as new financial technology proliferates and users start to look for apps and other services from their particular bank, opportunities for scammers also increase. One recent example of this is the app Movil Secure. We found this malicious app on Google Play on October 22, as part of a SMiShing scheme targeting Spanish-speaking users.

The post Fake Banking App Found on Google Play Used in SMiShing Scheme appeared first on .

Continue reading...

Perl-Based Shellbot Looks to Target Organizations via C&C

We uncovered an operation of a hacking group, which we’re naming “Outlaw” (translation derived from the Romanian word haiduc, the hacking tool the group primarily uses), involving the use of an IRC bot built with the help of Perl Shellbot. The group distributes the bot by exploiting a common command injection vulnerability on internet of things (IoT) devices and Linux servers. Further research indicates that the threat can also affect Windows-based environments and even Android devices.

The post Perl-Based Shellbot Looks to Target Organizations via C&C appeared first on .

Continue reading...

Gathering Insights on the Reemergence and Evolution of Old Threats Through Managed Detection and Response

Smart Protection Network (SPN) data and observations from Managed Detection and Response (MDR) for the North American region show the persistence of older threats and tactics: delivery methods such as spam emails are still going strong, while ransomware attacks have seen a renewed vigor alongside newer threats such as cryptocurrency mining malware in the third quarter of 2018.

However, the prevalence of these older threats should not be misconstrued as a sign that threat actors are resting on their laurels. In fact, it should be taken as proof that they are constantly improving proven tools and techniques to get ahead in the never-ending cat-and-mouse game between cybercriminals and security providers.

The post Gathering Insights on the Reemergence and Evolution of Old Threats Through Managed Detection and Response appeared first on .

Continue reading...

Disrupting the Flow: Exposed and Vulnerable Water and Energy Infrastructures

by Stephen Hilt, Numaan Huq, Vladimir Kropotov, Robert McArdle, Cedric Pernet, and Roel Reyes Energy and water are two of the most central critical infrastructures (CIs). Both sectors have undergone necessary changes to reflect the latest in technology and improve how natural resources are harnessed and distributed. At present, these changes are heading toward more interconnected...

The post Disrupting the Flow: Exposed and Vulnerable Water and Energy Infrastructures appeared first on .

Continue reading...