Blueliv
Blog & Resources

Blog

TrickBot banking trojan using EFLAGS as an anti-hook technique

In one of our analyses of the TrickBot banking trojan, we found an interesting anti-sandbox that catches (almost) all user-mode (ring3) sandboxes, and we would like to share it with you. The sample does something like this: lea eax, [ebp+time] ; 1. prepare buffer for GetSystemTime push eax call GetSystemTime ; 2. malware goes straight to Windows API popf eax ; 3. read EFLAGS after GetSystemTime add eax, offset sub_x ; 4. skip EFLAGS bytes from sub_x jmp eax […] Read More

Tweet about this on TwitterShare on LinkedInGoogle+Share on FacebookEmail to someone

Sonic Drive-In | Credit Card Theft Detection Use Case

Photo courtesy Sonic Franchises On September 26, 2017, Sonic [SONC] the U.S. fast-food chain based in Oklahoma City, OK, with about 3,600 locations across 45 states, acknowledged that their payment processor detected some unusual activity. “The first hints of a breach at the Oklahoma City-based fast-food chain came last week,” reported KrebsOnSecurity on his blog last week. “I began hearing from sources at financial institutions about a recent pattern of fraudulent transactions on cards that had all previously been […] Read More

Tweet about this on TwitterShare on LinkedInGoogle+Share on FacebookEmail to someone

Data Breach | Avoid being the next Equifax

Image Courtesy CNN Money On 29 July 2017, Equifax, one of the big-three credit reporting companies, announced the discovery of a data breach exposing an estimated 143M Americans. Unauthorized access took place between mid-May through July 2017. One source has called this a category-5 event.   Details of the data breach The investigators found bad actors exploited the vulnerability in a U.S. website application and made off with Personal Identity Information (PII): Names Social security numbers Dates of birth […] Read More

Tweet about this on TwitterShare on LinkedInGoogle+Share on FacebookEmail to someone

4 Strategies to bolster your 2017 security posture

Is your business prepared for a cyber threat? Here are some considerations to help you understand the important dynamics of your security posture strategies: End users are the number one security risk in any organization Your security strategy needs to be adaptable to a changing threat landscape BYOD, 3rd-party cloud and social media are accelerating risk factors According to a recent analysis by Ponemon Institute, a single cybersecurity attack costs an average of $3.62M US / €4.31M EU. Can […] Read More

Tweet about this on TwitterShare on LinkedInGoogle+Share on FacebookEmail to someone

Threat intelligence to help you avoid toxic rogue mobile apps

Image Courtesy BBC News How did my dad’s Uber account get hacked? Sometime around July 6, 2017, ABC News Brisbane reporter Josh Bavas, received 2 a.m. notification that someone had just accessed his Uber account in Los Angeles and shortly after, someone in Moscow. (He was in Australia.) He tried to get into his account to see the problem, but he had been signed out and his password changed. In a similar story back in May 2015, BBC News […] Read More

Tweet about this on TwitterShare on LinkedInGoogle+Share on FacebookEmail to someone

10 things you need to know about brand abuse and how to stay alerted to them

Brand abuse is a big problem, and it’s getting bigger. Between 2010-2014, the EU, US, and Japanese customs authorities seized and estimated €467.5M EU / $953.2M US / ¥100M JA in counterfeited products from China alone. The next 4 countries–Hong Kong, Turkey, Greece, and Panama–accounted for another third. Brand abuse can come from pirate operators around the globe or from espionage within the walls of your own hijacked systems and breached intelligence. Fraudsters can infiltrate at every stage of […] Read More

Tweet about this on TwitterShare on LinkedInGoogle+Share on FacebookEmail to someone

How banks can protect customers from “Man in the browser attacks”

Criminal groups use a wide range of methods to compromise users and siphon its bank accounts, for this reason, when a user’s computer is infected by a malware, depending on its main goal and its capabilities, it could use multiple methods to obtain sensitive information, such as changing the DNS resolution or proxy pollution to redirect the user to a malicious site, searching on the filesystem for stored passwords, inspecting the main memory, infecting the browsers and/or libraries they […] Read More

Tweet about this on TwitterShare on LinkedInGoogle+Share on FacebookEmail to someone

Targeted Malware Detection

Today’s cyber criminal wants one thing. He wants to get his malware into your IT network because once he’s in, he can go to work–remotely–achieving the myriad of other criminal activities he and his accomplices have in mind. Your best defense against targeted malware is to thwart the criminal actor before he gets to you, your network, or your colleagues. An early warning system is critical to gaining the insight you need to inform end users. People, sadly, are […] Read More

Tweet about this on TwitterShare on LinkedInGoogle+Share on FacebookEmail to someone

Avoid the cost and headache of leaked data (here’s how)

“Leaked data falls into 4 types,” says Peter Gordon from SANS Institute: confidential information, intellectual property, customer data and health records. Data leakage, however, is not limited to deliberate efforts of cyber espionage. In fact, a surprising amount of it tends to be the result of human error–well into the 90th percentile for insider threats. That means a bulk of insider data leakage is unintentional. Regardless of intent, leaked data can have a devastating financial effect on an organization. […] Read More

Tweet about this on TwitterShare on LinkedInGoogle+Share on FacebookEmail to someone

Successful CISO 360 Congress sponsored by Blueliv

Last week, Pulse Conferences hosted the CISO 360 Congress at the Grand Marina hotel in Barcelona; an incomparable frame by the Mediterranean Sea where more than 80 CISOs gathered to discuss the most trendy and relevant cyber security topics. The event went on for 3 days and it gave us a great occasion to learn, exchange with peers and keep ourselves up- to-date with state of art cyber security practices.   Cyber threat landscape high in the agenda This […] Read More

Tweet about this on TwitterShare on LinkedInGoogle+Share on FacebookEmail to someone