Exploit This

Security News, Exploits, and Vulnerabilities.

Neutrino modification for POS-terminals

From time to time authors of effective and long-lived Trojans and viruses create new modifications and forks of them, like any other software authors. One of the brightest examples amongst them is Zeus, which continues to spawn new modifications of itself each year.

Honeypots and the Internet of Things

According to Gartner, there are currently over 6 billion IoT devices on the planet. Such a huge number of potentially vulnerable gadgets could not possibly go unnoticed by cybercriminals. As of May 2017, Kaspersky Lab’s collections included several thousand different malware samples for IoT devices, about half of which were detected in 2017.

Nigerian phishing: Industrial companies under attack

In late 2016, the Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team reported on phishing attacks that were primarily targeting industrial companies from the metallurgy, electric power, construction, engineering and other sectors. As further research demonstrated, this was just part of a bigger story that began much earlier and is unlikely to end any time soon.

SambaCry is coming

Not long ago, news appeared online of a younger sibling for the sensational vulnerability EternalBlue. The story was about a new vulnerability for *nix-based systems – EternalRed (aka SambaCry). On May 30th our honeypots captured the first attack to make use of this particular vulnerability, but the payload in this exploit had nothing in common with the Trojan-Crypt that was EternalBlue and WannaCry.

50 hashes per hour

In this research we’ll be revisiting the USB port – this time in attempts to intercept user authentication data on the system that a microcomputer is connected to. As we discovered, this type of attack successfully allows an intruder to retrieve user authentication data – even when the targeted system is locked.

WannaCry mistakes that can help you restore files after infection

Sometimes ransomware developers make mistakes in their code. These mistakes could help victims regain access to their original files after a ransomware infection. This article is a short description of several errors, which were made by the WannaCry ransomware developers.

WannaCry and Lazarus Group – the missing link?

Moments ago, Neel Mehta, a researcher at Google posted a mysterious message on Twitter. The cryptic message in fact refers to similarity between samples that have shared code between themselves. The two samples Neel refers to post are a Wannacry cryptor sample and a Lazarus APT group sample.

WannaCry FAQ: What you need to know today

Friday May 12th marked the start of the dizzying madness that has been ‘WannaCry’, the largest ransomware infection in history. Defenders have been running around trying to understand the malware’s capabilities. In the process, a lot of wires have gotten crossed and we figured it’s time to sit down and set the record straight on what we know, what we wish we knew, and what the near future might hold for us going forward.

Use of DNS Tunneling for C&C Communications

Often, virus writers don’t even bother to run encryption or mask their communications. However, you do get the occasional off-the-wall approaches that don’t fall into either of the categories. Take, for instance, the case of a Trojan that Kaspersky Lab researchers discovered in mid-March and which establishes a DNS tunnel for communication with the C&C server.

Hajime, the mysterious evolving botnet

Hajime (meaning ‘beginning’ in Japanese) is an IoT worm that was first mentioned on 16 October 2016 in a public report by RapidityNetworks. In this blogpost we outline some of the recent ‘improvements’ to Hajime, some techniques that haven’t been made public, and some statistics about infected IoT devices.

%d bloggers like this: