Cobalt Hacking Group: Tactics and Tools Update

The PT Expert Security Center (PT ESC) has been monitoring the Cobalt group since 2016. Currently the group targets financial organizations around the world. Two years ago, for example, their attacks caused over $14 million in damage. Over the last four years, we have released several reports on attacks linked to the group. Over the last year, the group has not only modified its flagship … Continue reading Cobalt Hacking Group: Tactics and Tools Update

Intel x86 Root of Trust: loss of trust

The scenario that Intel system architects, engineers, and security specialists perhaps feared most is now a reality. A vulnerability has been found in the ROM of the Intel Converged Security and Management Engine (CSME). This vulnerability jeopardizes everything Intel has done to build the root of trust and lay a solid security foundation on the company’s platforms. The problem is not only that it is … Continue reading Intel x86 Root of Trust: loss of trust

Fileless ransomware FTCODE now steals credentials

In 2013, SophosLabs announced infections by a ransomware written in PowerShell. The attack targeted users from Russia. The ransomware encrypted files and renamed them with an extension .FTCODE, whence the name of the virus. The malware arrived as spam containing an HTA file attachment. The ransom demand took the form of a text file with a message in Russian instructing the victim on how to … Continue reading Fileless ransomware FTCODE now steals credentials

Turkish tricks with worms, RATs… and a freelancer

The Positive Technologies Expert Security Center has detected a malicious campaign active since at least mid-January 2018. The operation most focused on users from Brazil, Germany, Hungary, Latvia, the Philippines, Turkey, United Kingdom, and the USA. The long operation included use of a number of tools and techniques for infecting and controlling victim PCs. Here we will detail the stages of infection, utilities and network … Continue reading Turkish tricks with worms, RATs… and a freelancer

Malware creators trying to avoid detection. Spy.GmFUToMitm as an example

Image credit Unsplash Specialists from PT Expert Security Center found an interesting specimen of malware distributed in the Chinese segment of the Internet. Among other things, this malware is used for MITM attacks. Its main peculiar feature is that it combines various techniques of evading detection. We analyzed those to demonstrate how malware creators hide malware activity. How it all began Network traffic analysis system … Continue reading Malware creators trying to avoid detection. Spy.GmFUToMitm as an example

Web application vulnerability report: time to dig into the source code

Introduction Every year, web applications expand their presence in more and more areas. Almost every business has its own web applications for clients and for internal business processes. However, application functionality is often prioritized at the expense of security, which negatively affects the security level of the entire business. As a result, web application vulnerabilities provide massive opportunities for malicious actors. By taking advantage of … Continue reading Web application vulnerability report: time to dig into the source code

Cobalt strikes back: an evolving multinational threat to finance

1. Introduction Bank robbery is perhaps the quintessential crime. The promise of immense, instant riches has lured many a criminal to target banks. And while the methods, tools, and scale of robbery have all changed, two things have stayed the same: the enticement of a hefty payday and the fact that no system is perfectly secure. In the modern digital economy, criminals are becoming ever … Continue reading Cobalt strikes back: an evolving multinational threat to finance

Web application attack trends: government, e-commerce, and finance in the spotlight

Positive Technologies has revealed how hackers attacked web applications throughout 2016. The aim of our research was two-fold: to determine which attacks are most commonly used by hackers in the wild, and to find out which industries are being targeted and how. With this data, organizations can be more aware of digital threats and protect themselves accordingly. Statistics Out of the data analyzed, Government was … Continue reading Web application attack trends: government, e-commerce, and finance in the spotlight

Industrial Control Systems 2016 Report: Connected and Vulnerable

Industrial control systems (ICS) are part and parcel of everyday life, from smart homes to nuclear power stations. ICS bridge the gap between the digital world and the physical world by interpreting the commands that control turbines, switches, valves, and more. Because these systems are complex, critical to infrastructure, and often Internet-connected, they make a very tempting target for hackers. The number of vulnerable ICS … Continue reading Industrial Control Systems 2016 Report: Connected and Vulnerable

Online Banking Vulnerabilities: Authorization Flaws Lead the Way

Online banking (OLB) systems are publicly available web and mobile applications, so they suffer from vulnerabilities typical of both applications and banking systems. Bank-specific threats include theft of funds, unauthorized access to payment card data,  personal data and bank secrets, denial of service and many other attacks that can trigger significant financial and reputation losses. This report synthesizes statistics that were gathered during OLB security … Continue reading Online Banking Vulnerabilities: Authorization Flaws Lead the Way