The evolution of malware is being fueled largely by the proliferation of IoT. According to Gartner data, there were about 8 billion connected “things” in 2017. But that number is expected to nearly triple to more than 20 billion in just the next two years, which averages out to roughly three connected devices per person on Earth. Simply put, the opportunity for cybercriminals to enter networks and steal data or hold segments (or the entirety) of the network hostage is growing at an exponential rate, with no signs of slowing down.
We recently received a malware sample recently that had been packed and compiled on Tue Feb 06 2018. After unpacking it, we found that it contained a version of the Dreambot/Ursnif trojan, which had a compilation date of Tue Oct 10 2017, suggesting that existing versions of Dreambot are now being packaged with brand-new droppers.
As cyberattacks become more sophisticated, customers need more robust cybersecurity resources than they have in their toolkit. Learn how providing security services can meet these needs with real-time threat intelligence and more.
At the beginning of February 2018, FortiGuard Labs collected a malicious email with the subject “UPS DELIVERY UPDATE”, as shown in Figure 1. Phishers and scammers traditionally misuse the names of well-known organizations and individuals in order to make their malicious messages seem legitimate, allowing them to more easily trick unsuspecting victims. This email message contains a fake order tracking number with a bogus hyperlink that, rather than connecting the user to a legitimate website, downloads a jar malware. After a quick analysis, I was able to determine that this malware is jRAT/Adwind.
In this blog post, we will discuss the history of sandbox detection. We will then unveil the malware families that KTIS has observed from spear-phishing emails that attempt to bypass the user-mode API hook in order to evade sandbox detection. And finally, we will share the mitigation method we use to harden the Cuckoo sandbox against this bypass technique.
As global cyberattacks persist, cybersecurity is becoming a main focus in the C-suite. Gone are the days where it’s just a concern for IT teams. These rapid, sophisticated attacks across industries have demonstrated that cybersecurity is the responsibility of the entire organization as they seek to avoid the crippling effects associated with data breaches.
There is no doubt that cryptocurrency has been on a steady rise. According to a research paper by the University of Cambridge, the market capitalization of cryptocurrency has increased more than three-fold since early last year and it’s not likely to stop there. With more and more people realizing that cryptocurrency is potentially a significantly profitable investment, this rise is likely to continue for the foreseeable future. And where there is profit, that is where malware attacks will gather. Which is why we have been expecting...