Threat actors attempt to capitalize on coronavirus outbreak
* Coronavirus is dominating the news and threat actors are taking advantage. * Cisco Talos has found multiple malware families being distributed with Coronavirus lures and themes. This includes emotet and several RAT variants. Executive Summary Using the news to try and incr
Breaking down a two-year run of Vivin’s cryptominers
News Summary * There is another large-scale cryptomining attack from an actor we are tracking as "Vivin" that has been active since at least November 2017. * "Vivin" has consistently evolved over the past few years, despite having poor operational security
Emotet is back after a summer break
Emotet is still evolving, five years after its debut as a banking trojan. It is one of the world's most dangerous botnets and malware droppers-for-hire. The malware payloads dropped by Emotet serve to more fully monetize their attacks, and often include additional banking tro
Malvertising: Online advertising's darker side
Executive summary One of the trickiest challenges enterprises face is managing the balance between aggressively blocking malicious advertisements (aka malvertising) and allowing content to remain online, accessible for the average user. The days of installing a basic ad blocker
Welcome Spelevo: New exploit kit full of old tricks
EXECUTIVE SUMMARY Exploit kits are an ever-present and often forgotten threat on the landscape today. Their popularity seemed to peak several years ago with the success and eventual downfall of some of the best compromise platforms ever created, including the Angler Exploit Kit.
10 years of virtual dynamite: A high-level retrospective of ATM malware
ATM malware has evolved to include a number of different families and different actors behind them, ranging from criminal groups to actors affiliated with nation states.
Qakbot levels up with new obfuscation techniques
Executive summary Qakbot, also known as Qbot, is a well-documented banking trojan that has been around since 2008. Recent Qakbot campaigns, however, are utilizing an updated persistence mechanism that can make it harder for users to detect and remove the trojan. Qakbot is known
DNSpionage brings out the Karkoff
Update 4/24: The C2 section below now includes details around the XOR element of the C2 communication system. Executive summary In November 2018, Cisco Talos discovered an attack campaign, called DNSpionage, in which threat actors created a new remote administrative tool that
Sextortion profits decline despite higher volume, new techniques
Sextortion spammers continue blasting away at high volume. The success they experienced with several high-profile campaigns last year has led these attackers to continue transmitting massive amounts of sextortion email. These sextortion spammers have been doing everything they ca