A week in security (April 24 -30)

Categories: News

Tags: Lockbit

Tags: cl0p

Tags: papercut

Tags: vmware

Tags: magecart

Tags: fileless

Tags: chatgpt

Tags: apc

Tags: Pupy rat

Tags: guloader

Tags: black basta

Tags: flipper zero

Tags: clickjacking

The most interesting security related news of the week from April 24 till April 30

(Read more…)

The post A week in security (April 24 -30) appeared first on Malwarebytes Labs.

Read more

Cryptojackers growing in numbers and sophistication

Categories: News

Categories: Cryptomining

Tags: Cryptojacking

Tags: fileless

Tags: malware

Tags: LOLBins

Tags: RiskWare.BitCoinMiner

Tags: Trojan.BitCoinMiner

Tags: c2

Tags: mining pools

Probably due to rising energy costs and the volatility in crypto-currencies, we can see a rise in malicious crypto mining, aka cryptojacking.

(Read more…)

The post Cryptojackers growing in numbers and sophistication appeared first on Malwarebytes Labs.

Read more

Insights from one year of tracking a polymorphic threat

Credit to Author: Eric Avena| Date: Tue, 26 Nov 2019 17:00:56 +0000

We discovered the polymoprhic threat Dexphot in October 2018. In the months that followed, we closely tracked the threat as attackers upgraded the malware, targeted new processes, and worked around defensive measures. One year’s worth of intelligence helped us gain insight not only into the goals and motivations of Dexphot’s authors, but of cybercriminals in general.

The post Insights from one year of tracking a polymorphic threat appeared first on Microsoft Security.

Read more

Lemon_Duck PowerShell malware cryptojacks enterprise networks

Credit to Author: rajeshnataraj| Date: Tue, 01 Oct 2019 04:01:09 +0000

SophosLabs are monitoring a significant spike in crypto mining attacks, which spread quickly across enterprise networks. Starting from a single infection, these attacks use a variety of malicious scripts that, eventually, turn an enterprise&#8217;s large pool of CPU resources into efficient cryptocurrency mining slaves. The threat actors behind these campaigns have been using an array [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/jF91Bgk0dso” height=”1″ width=”1″ alt=””/>

Read more

Bring your own LOLBin: Multi-stage, fileless Nodersok campaign delivers rare Node.js-based malware

Credit to Author: Eric Avena| Date: Thu, 26 Sep 2019 17:34:41 +0000

We’ve discussed the challenges that fileless threats pose in security, and how Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) employs advanced strategies to defeat these sophisticated threats. Part of the slyness of fileless malware is their use of living-off-the-land techniques, which refer to the abuse of legitimate tools, also called living-off-the-land binaries (LOLBins), that…

The post Bring your own LOLBin: Multi-stage, fileless Nodersok campaign delivers rare Node.js-based malware appeared first on Microsoft Security.

Read more

Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack

Credit to Author: Eric Avena| Date: Mon, 08 Jul 2019 16:00:51 +0000

Advanced technologies in Microsoft Defender ATP’s Antivirus exposed and defeated a widespread fileless campaign that completely “lived off the land” throughout a complex attack chain that run the info-stealing backdoor Astaroth directly in memory

The post Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack appeared first on Microsoft Security.

Read more

Dismantling a fileless campaign: Microsoft Defender ATP next-gen protection exposes Astaroth attack

Credit to Author: Eric Avena| Date: Mon, 08 Jul 2019 16:00:51 +0000

Advanced technologies in Microsoft Defender ATP next-generation protection exposed and defeated a widespread fileless campaign that completely “lived off the land” throughout a complex attack chain that run the info-stealing backdoor Astaroth directly in memory

The post Dismantling a fileless campaign: Microsoft Defender ATP next-gen protection exposes Astaroth attack appeared first on Microsoft Security.

Read more

Detecting credential theft through memory access modelling with Microsoft Defender ATP

Credit to Author: Eric Avena| Date: Thu, 09 May 2019 17:29:45 +0000

Microsoft Defender ATP instruments memory-related function calls such as VirtualAlloc and VirtualProtect to catch in-memory attack techniques like reflective DLL loading. The same signals can also be used to generically detect malicious credential dumping activities performed by a wide range of different individual tools.

The post Detecting credential theft through memory access modelling with Microsoft Defender ATP appeared first on Microsoft Security.

Read more