Tag selected: Cyber Attacks
Threat Actor activity: a quick recap
In our recent Threat Landscape Report we profiled several active threat actors which have made an impact over the past year. All of the threat actors in this article remain under close observation. Sharing this intelligence is part of our ongoing mission to collaborate with industry peers, enrich the...
Annual Cyberthreat Landscape report shines spotlight on credential theft and expanding Latin America market
Today we launch our Annual Cyberthreat Landscape Report for 2018-19, providing insights into emerging and evolving cybersecurity trends. By sharing intelligence and collaborating with the industry, we are in a much better position to fight cybercrime this year. The report reveals that botnet stolen credentials increased by a staggering fifty...
threat intel industry
Threat Exchange Network blog: July 2018
The Blueliv Threat Exchange Network is a global community of thousands of cybersecurity experts, IT professionals and academics. Each month members publish the latest news, threat data, IOCs and more in order to improve resilience and accelerate incident response. Members can create their own intelligence feeds for free by exporting these...
threat intel industry
Threat Exchange Network blog: June 2018
The Blueliv Threat Exchange Network is a global community of thousands of cybersecurity experts, IT professionals and academics. Each month members publish the latest news, threat data, IOCs and more in order to improve resilience and accelerate incident response. Members can create their own intelligence feeds for free by exporting these...
industry-blog
Threat Exchange Network blog: April 2018
The Blueliv Threat Exchange Network is a global community of thousands of cybersecurity experts, IT professionals and academics. Each month members publish the latest news, threat data, IOCs and more in order to improve resilience and accelerate incident response. Members can create your own intelligence feed for free by...
industry-blog
Threat Exchange Network blog: March 2018
The Blueliv Threat Exchange Network is a global community of thousands of cybersecurity experts, IT professionals and academics. Each month members publish the latest news, threat data, IOCs and more in order to improve resilience and accelerate incident response. Members can create your own intelligence feed for free by...
industry-blog
Threat Exchange Network blog: February 2018
The Blueliv Threat Exchange Network is a global community of thousands of cybersecurity experts, IT professionals and academics. Each month members publish the latest news, threat data, IOCs and more in order to improve resilience and accelerate incident response. Members can create your own intelligence feed for free by...
industry-blog
Threat Exchange Network blog: January 2018
The Blueliv Threat Exchange Network is a global community of thousands of cybersecurity experts, IT professionals and academics. Each month members publish the latest news, threat data, IOCs and more in order to improve resilience and accelerate incident response. Members can create your own intelligence feed for free by...
research-blog
Making the headlines: Bad Rabbit and Reaper malware
Though we process thousands of malware samples per day, very few of them attract the attention of the mainstream media in the way that Bad Rabbit and Reaper have recently. Here’s a quick overview, their potential impact on business and some suggested mitigation techniques to help you and your...
research-blog
TrickBot banking trojan using EFLAGS as an anti-hook technique
In one of our analysis of the TrickBot banking trojan, we found an interesting anti-sandbox that catches (almost) all user-mode (ring3) sandboxes, and we would like to share it with you. hash: 2ebeef906142f328168e7e62e8be7fbaee48e3521853d76ea778005ada6e938a The sample does something like this: lea eax, ; 1. prepare buffer for GetSystemTime push...
sonic-drive-in-credit-card-theft-detection-use-case
Sonic Drive-In | Credit Card Theft Detection Use Case
Photo courtesy Sonic Franchises On September 26, 2017, Sonic the U.S. fast-food chain based in Oklahoma City, OK, with about 3,600 locations across 45 states, acknowledged that their payment processor detected some unusual activity. “The first hints of a breach at the Oklahoma City-based fast-food chain came last...
Avoid-being-the-next-Equifax
Data Breach | Avoid being the next Equifax
Image Courtesy CNN Money On 29 July 2017, Equifax, one of the big-three credit reporting companies, announced the discovery of a data breach exposing an estimated 143M Americans. Unauthorized access took place between mid-May through July 2017. One source has called this a category-5 event.   Details of the...
avoid-toxic-rogue-mobile-apps
Threat intelligence to help you avoid toxic rogue mobile apps
Image Courtesy BBC News How did my dad’s Uber account get hacked? Sometime around July 6, 2017, ABC News Brisbane reporter Josh Bavas, received 2 a.m. notification that someone had just accessed his Uber account in Los Angeles and shortly after, someone in Moscow. (He was in Australia.) He...
brand-abuse
10 things you need to know about brand abuse and how to stay alerted to them
Brand abuse is a big problem, and it’s getting bigger. Between 2010-2014, the EU, US, and Japanese customs authorities seized and estimated €467.5M EU / $953.2M US / ¥100M JA in counterfeited products from China alone. The next 4 countries–Hong Kong, Turkey, Greece, and Panama–accounted for another third. Brand...
Man-in-the-browser
How banks can protect customers from “Man in the browser attacks”
Criminal groups use a wide range of methods to compromise users and siphon its bank accounts, for this reason, when a user’s computer is infected by a malware, depending on its main goal and its capabilities, it could use multiple methods to obtain sensitive information, such as changing the...
Targeted-malware-detection
Targeted Malware Detection
Today’s cyber criminal wants one thing. He wants to get his malware into your IT network because once he’s in, he can go to work–remotely–achieving the myriad of other criminal activities he and his accomplices have in mind. Your best defense against targeted malware is to thwart the criminal...
colors-of-cybersquatting
The many colors of cybersquatting – Do not underestimate them
Blueliv Guest Post | Jean-Jacques Dahan, Managing Director and Expert Consultant for Online Brand Security & Global Domain Strategy at Zeusmark. Cybersquatting is a constant challenge for a company. It is a broad concept involving many aspects of risk, speculation, and fraud. It should not be underestimated as it provides a...
ruthless-cybersquatters
Protect your business against ruthless cybersquatters
Also this week: Blueliv is pleased to announce a featured post on the subject of Cybersquatting from Jean-Jacques Dahan–Managing Director and Expert Consultant for Online Brand Security & Global Domain Strategy, Zeusmark. This article continues the discussion begun with the Phishing module article. Now, the focus will be on...
Petya-ransomware-2
Petya Ransomware cyber attack is spreading across the globe – Part 2
Following our first blog providing an early analysis about Petya, we are sharing further findings of the malware analysis that we have performed. We divided this post into the three areas we have briefly analyzed after the Petya attack: the propagation techniques of the malware, the encryption techniques used,...
Petya-ransomware-1
Petya Ransomware cyber attack is spreading across the globe – Part 1
As you might know, Petya Ransomware is currently devastating Airlines, Banks & Utilities and many other businesses across the globe. Denmark, France, Spain, Ukraine, and the USA are already impacted and many others might be too in the coming hours. So far, it seems that the sample is being...
phishing
Business threat intelligence | Win the fight against phishing attacks
Blueliv has one module that handles two of the main cyber threats targeted at businesses–Phishing and Cybersquatting. This module plugs into our threat monitoring Enterprise Platform Solution. For completeness, we’ll divide these threats into separate articles. First, it’s important to understand the inherent nature of these attacks. Criminals who...
threat-exchange
Blueliv Threat Exchange Network | A community of early cyber responders
Cybercrime has become a socialized industry, and as such criminals employ community knowledge and resources found on the dark web and deep web to intensify efforts. In 2016, Europol identified some startling trends that demonstrate how sophisticated cyber criminals have become. Here are some top specialties and readily available...
honeypots-wannacry
What our honeypots taught us about Wannacry ransomware
WannaCry has been on the lips, and especially in the concerns of everyone these last days. As we have addressed in recent posts, Friday, 12th May, marked the beginning of a massive global campaign to spread the WannaCry ransomware (a.k.a. WCry, WannaCrypt, WCrypt, WannaCrypt0r…). The ransomware spreads through a...
wannacrypt-analysis2
WannaCrypt Malware Analysis
Last Friday, 12th May, a worm targeting outdated Windows machines was detected. The worm in question used leaked NSA exploits to propagate and dropped a variant of a ransomware called WannaCrypt. This post will try to give you an insight into the infection process, as well as the spreading...
wannacry
Wannacry Ransomware used to spread global cyber attacks
A global ransomware attack began impacting companies and hospitals across the United States, Europe, and Asia early Friday morning. Companies in more than 70 countries have reported incidents as of Friday afternoon. Computers all over the world are being locked down by a ransomware called Wannacry/Wanna/Wcry. The British government...
wannacry2
El ransomware ataca contundentemente el IBEX-35
Este viernes ha saltado la noticia de que el ransomware “WannaCry” se ha colado en los sistemas informáticos de algunas de las empresas del IBEX-35 aprovechando una vulnerabilidad de los sistemas Windows. El Gobierno británico por su parte, ha anunciado que un ataque mediante virus bitcoin ha afectado a...
credit-card-theft1
The real cost of credit card theft and how to protect your assets
Sometime in mid-February 2017, anti-fraud teams from multiple financial institutions contacted KrebsOnSecurity for help tracing the source of a credit card fraud happening in high-end restaurants around the U.S. Investigations revealed a vast majority of patrons with compromised cards dined in locations run by Select Restaurants, Inc., a management...
botnets
Peeling back the layers surrounding zombie computer botnets
What is a Botnet? To understand a botnet, you first must begin with a bot. A bot is an automated malware program or roBOT that takes control of a computerized device. That single, infected computer, or connected device, joins a larger roBOT NETwork–or BOTNET. Once hijacked, these devices transform...
corporate-blueliv
Why Vawtrak v2 could be the next major banking Trojan
Neira Jones, Non-Executive Director Cognosec, Partner Global Cyber Alliance and industry influencer shares her thoughts on the evolution of banking Trojans and digital transformation in the finance sector in our new white paper. Think more like a criminal… This came to my attention through the excellent report published by cyber...
industry-blog
Don’t end up in the dark this Black Friday
Don’t end up in the dark this Black Friday! Online sales in the US are predicted to increase by over 13% this Black Friday vs. 2015, surpassing $3billion. Is your IT infrastructure up to the challenge ?   Recently we’ve been blogging about the importance of a resilient network...
industry-blog
Hacking group Shadow Brokers infiltrate NSA Equation Group
Militarization of cyberspace is no longer a novelty. Instances of governments using sophisticated zero-day malware against other nations’ organizations and industry have been seen before now. This week a previously unknown group calling themselves “Shadow Brokers” claimed to have infiltrated a server belonging to Equation Group, a hacking group...
Ransomware chronology
Ransomware – How to defend yourself against it
What is Ransomware? Ransomware is a type of malware that has lately been increasingly in use by the cyber criminals. In order to profit from the distribution of Ransomware, the bad guys have been targeting numerous businesses and large organizations around the world. In essence, the Ransomware malware is...
Cyber-Attacks-Targeting-SWIFT
Cyber Attacks Targeting SWIFT – Recap
SWIFT stands for Society for Worldwide Interbank Financial Telecommunication, and its purpose is to allow banks and financial institutions in general to communicate securely. It is used in the exchange of information between banks, such as transactions. In this post you will get a short summary of the incidents...
industry-blog
How could UBER accounts have been compromised?
Uber is an American company that develops and operates a mobile application that allows users to provide and employ transporting services for people. Motherboard reported last week that thousands of active Uber accounts are for sale in black markets located in the dark web. After investigating the issue, Uber...
research-blog
The Equation Group: a new degree of sophistication in APT attacks
The Equation Group, what do we know so far? The topic of APT’s and state sponsored espionage has been back the news over the last few weeks. Based in the excellent and in-depth report of Kaspersky Labs “Equation Group: Questions and answers“, it seems that the level of sophistication...
research-blog
Blueliv Cyber Threat Intelligence Report. Q3 2014
Here you are the main conclusions of the just analyzed cyber threats that have been apparent on a global level during the third quarter of 2014, comparing them with the second quarter of the year. Once again, the main point is that cyber threats continue to be increasingly more frequent...
research-blog
Measuring the impact of Shellshock in the threat intelligence landscape
Once high profile vulnerability is released to the public, there are a lot of people who will use the opportunity to take advantage on vulnerable machines, even if it is manually or widely exploited using pieces of malware. A clear example is the evolution of Mayhem to take advantage of...
industry-blog
People becoming unfazed to cyber attacks?
When Target was hacked last year the incident made headline news for months. Target reported that their Q4 sales dropped 46% and their stock took an 11% dip. Most recently Home Depot was hacked exposing over 65 Million Credit cards, including yours truly. However, Home Depot stock didn’t take...
industry-blog
Cyber-attack against JPMorgan Chase
A cyber-attack targeting JPMorgan Chase this summer compromised over 75 million household according to a statement recently released by Chase Bank. The data stolen included names, addresses and email addresses, but did not include any credentials or bank account numbers. This attack compromised resources such as Chase.com, JPMorganOnline and...
research-blog
Defining the key elements of a cybersecurity strategy
There is not a day that goes by without some startling revelation about a new threat from emerging from the world of Cyber-Crime. Over the last few months there has been a spate of attacks on online platforms, organisations and even point of sale devices. Attacks seem to be...
research-blog
The week of Russian leaks
This week some important leaks have arisen in on the Internet, all of them related to Russian users: 1.000.000 Yandex addressess and passwords. 4.500.000 Mail.ru addressess and passwords. 5.000.000 GMail addressess, some of them with passwords. All this data was posted in a Russian Bitcoin Forum by a user...
corporate-blueliv
The exponential cyber threat to mobile commerce
As m-commerce grows, recent research reveals that security is a major concern for consumers making payments by smartphone. The security threats against the mobile channel are growing; using the example of a recent malware attack on the mobile services of a bank in the Middle East, we analyze the...
research-blog
Origin of the infections and attacks during the first quarter of 2014
Blueliv has analyzed the main Cyber Threats which have been apparent on a global level during the first quarter of 2014, and in this post we are going to show their origin. MALICIOUS URL GEOLOCALIZATION Some 46% of the malicious URLs analyzed were geolocalized in the United States, while...
research-blog
Behind Point of Sale (PoS) attacks
In this previous article we showed how cybercriminals were trying to infect PoS devices with Dexter malware through pcAnywhere service, port 5631. Now, what we want is to analyze the geolocation of more than a million IPs affected by this attack that appear in the following picture. If we...
research-blog
First million credit cards details released
1 million credit cards details over a set of 800 million was released on Pastebin early this week. Almost 1 million cards were allegedly leaked by Anonymous Ukraine on Pastebin early this week from a set of more than 800 million credit cards that has not been released yet....
research-blog
Uncovering the new modus operandi behind POS infections
In the Cyber Fraud world there are numerous ways of doing business. One of the most well-known fraud activities that has been alive for years is the credit card theft. Like any other business it has evolved and improved its different techniques in order to survive and to maximize...
research-blog
mount.cifs arbitary file identification 0day
Durante el wargame de la rootedcon 2012, además de participar, me dediqué a revisar un poco los sistemas. Puesto que no tenía disponible el /proc/kallsyms, hacer ataques al kernel, supondría ir a ciegas, bruteforcear símbolos … , incluso posiblemente crashear el kernel. De manera que me enfoqué sobretodo a...
research-blog
Meterpreter Cheat Sheet
Con el objetivo de contribuir en la divulgación de conocimiento en materia de seguridad informática y comunicaciones, desde blueliv, hemos desarrollado un “chuletario” de los comandos más relevantes de Meterpreter. Muchos de vosotros, os preguntareis ¿qué es Meterpreter? y ¿para qué sirve?. La respuesta es muy simple, Meterpreter es...
Demo Free Trial Community Newsletter