Category Archives: Modern Malware

Two distinct vulnerabilities dubbed Meltdown and Spectre potentially affect almost every system¹.  In a world that is already saturated with cyberattacks and vulnerabilities, it is easy to succumb to cyber threat fatigue when discussing two new outbreaks.  Even though there have been no confirmed reports of attacks that have taken advantage of these newly exposed vulnerabilities, they are highly concerning.  That is because they involve the CPU, the fundamental building block of the internet, corporate networks and PCs. (more…)

The famous American criminal Willie Sutton was asked once why he robbed banks, to which he is reported to have answered, “Because that’s where the money is”. In similar fashion, cybercriminals such as a hacker group that calls itself “TheDarkOverLord” could be asked why they continued to breach a series of healthcare organizations throughout 2016. They would have probably replied, “because that’s where the personal information is, and personal information equals money!” In fact, it is estimated that personal information is worth ten times more on the black market than a credit card number. As Paul Syverson, Co-creator of the Tor web browser says, “Your medical records have bullseyes on them.” (more…)

By Erik Leach

2016 has proven to be a banner year for Ransomware.  The year kicked off with a series of ransomware attacks on a trio of hospitals including the well-publicized incident at Hollywood Presbyterian Medical Center which forced its IT staff to shut down the network while coerced administration officials agreed to pay a $17,000 bitcoin ransom.  The year is culminating in dramatic fashion as well as thousands of San Francisco commuters got to ride for free as a result of a ransomware attack on the San Francisco Municipal Transportation Agency which infected 2,112 computers and took its light rail transit system offline for more than 24 hours. (more…)

We all remember gazing in wonder at the armies of elite empirical storm troopers as they collectively marched into battle to subdue the rebel forces in those early Star Wars movies. Many of us recall the machines spotlighted in the Terminator series which led the battle against the humans. Science fiction is good at conjuring up creative visions of the technical forces we may combat in the future, but even the most creative science fiction writer couldn’t have come up with the idea of an army of cameras attacking our Internet infrastructure; Yet, that is what happened. (more…)

As threat technology rapidly advances, hackers and threat actors leverage all the means at their disposal to deliver malware and compromise your systems and information. To expose these threat actors, a lot of organizations rely heavily on experts in the cyber security field to perform penetration tests and compromise assessments. (more…)

By Steve Lawn, Senior Consultant

Staying ahead of security threats is no easy task. One threat that should definitely be on your radar is ransomware. From hospital heists to attacks on schools and other businesses, ransomware is costly and is projected to be one of the biggest threats in 2016. According to CNN, the FBI reported that it received 2,453 complaints about ransomware hold-ups last year, costing the victims more than $24 million dollars. And there’s little the FBI can do about it, and so victims pay. (more…)

The modern digital landscape is a battleground rife with adversaries ready and willing to go to great lengths to steal your data. Clever independent attackers and state-sponsored actors alike are deploying increasingly effective versions of cyber-attacks intended to intrude, infect, steal, evade, disrupt and destroy everything they touch. To defend themselves, many businesses are investing in a variety of technologies and techniques to mitigate these threats. Blocking, containing, obfuscating, authenticating, verifying, and filtering are all important control elements of network security. (more…)

Recently the Symantec Corporation uncovered a highly sophisticated, modular piece of malware that has been infecting computers in a variety of countries as far back as 2008. Backdoor.regin has characteristics beyond those of modern malware and is already generally accepted as a product of nation-state cyber espionage. The implant likely took considerable resources and time to create and has several stealth features including multiple levels of encryption and even anti-forensic capabilities, multiple attack vectors, custom surveillance tools, persistence. The works. (more…)

Why read another article on the Shellshock bug when there have been a number of well-written articles and blog posts on it? Because almost all of the articles and blogs are talking about the bug itself, how it can be exploited, and how much of the Internet is open to it. However, what you should really be interested in is the security of your organization. Your response to Shellshock can tell you a great deal about that. (more…)

For those of us in the world of information security, the news of Attorney General Eric Holder bringing a first-of-its-kind criminal cyber-espionage case against Chinese military officials is no surprise at all. For years, the Chinese have been known for launching cyber-attacks on American industrial and military targets to steal prized military secrets and other intellectual property. (more…)