IT Security Information
Get regular updates on current threats such as ransomware, phishing, CEO fraud and business email compromise.
Clop, Clop! It’s a TA505 HTML malspam analysis
In this article Hornetsecurity’s Security Lab outlines one of the current infection chains by the operators behind the Clop ransomware. The outlined infection chain starts from an email with a malicious HTML attachment. This attachment redirects the victim to an XLS document containing the Get2 loader. This loader then installs a remote access trojan (RAT) on the system, which is used to prepare the victims network for the deployment of the Clop ransomware. The goal of the attack is to encrypt as many systems in the victims organization as possible in order to extort the highest possible ransom. To this end, the attackers also threaten to publish stolen data if the ransom is not paid.
Cyber attacks on automotive sector picking up speed
Autonomous driving, electromobility, connected cars and car sharing – the automotive industry is in a state of upheaval. New technologies and digitalized processes bring numerous advantages to automotive companies, enabling them to meet new customer needs on the one hand and to remain competitive on the other. However, the ongoing digitalization of the industry not only offers advantages, but also provides hackers with an ever greater target for attacks. And cyber criminals are trying to exploit these intensively: The security analysts of the Hornetsecurity Security Lab discovered that the automotive sector, after the energy and logistics industry, is one of the most attacked industries worldwide in the past year…
Be careful with email archiving: Many archiving services are not GDPR-compliant
For some time now, one topic has been on the minds of management boards everywhere: Data protection and the General Data Protection Regulation, which entered into force in May 2018. The European-wide data protection law has been earning the approval and praise of many...
QakBot malspam leading to ProLock: Nothing personal just business
FBI and the German federal CERT [1][2] are warning of current QakBot malspam distributing ProLock ransomware. QakBot is spread via email. In the outlined campaign an email with a link to a ZIP archive containing a VBScript is used to download the QakBot Loader onto victim computers. From there the ProLock ransomware can potentially be loaded by the QakBot operators. The ProLock ransomware uses RC6 to encrypt files on the victims computer. It spares the first 8 KiB of all files. It appends a .proLock extension to encrypted files and leaves a ransom note stating that it is “[n]othing personal just business” and instructions on how to pay the ransom. However, the ransomware also deletes specific files ending with .bac or .bak extensions, so victims that pay will still loose those files.
Trickbot Malspam Leveraging Black Lives Matter as Lure
The Hornetsecurity Security Lab has observed a Malspam campaign distribution Trickbot that uses the Black Lives Matter movement as a lure to entice victims to open a malicious attachment. The Trickbot downloader document first injects shellcode into the WINWORD.EXE process. Then from that shellcode spawns a cmd.exe process into which it again injects more of the same shellcode. This cmd.exe process then downloads the Trickbot DLL and executes it via rundll32.exe.
Cybercrime threatens the future of the logistics industry
As one of the world’s largest and most important industries, the logistics sector is increasingly being targeted by cyberattacks. But how vulnerable is it compared to other industries? What are the purposes of hackers’ attacks on specific companies? What attack techniques are the affected companies exposed to? In the “Cybersecurity Special – Cybercrime threatens the future of the logistics sector” the security experts from Hornetsecurity provide answers to these questions…
Avaddon: From seeking affiliates to in-the-wild in 2 days
On 2020-06-03 it was reported that a new ransomware calling itself Avaddon was seeking partners for their affiliate program, i.e., someone installing the ransomware on victim systems. Just two days later on 2020-06-05 malspam distributing the Avaddon ransomware has been observed…
A Journey Through the History of Cryptography – Part 3
Our journey through the history of cryptography is coming to an end, but we still have a few last stations ahead of us. First we dealt with symmetric encryption and the encryption methods of Data Encryption Standard (DES) and Advanced Encryption Standard (AES), and in the last blog we introduced asymmetric encryption. In our final piece of the Cryptography triology, we will dive deeper into asymmetric encryption. Attack techniques such as man-in-the-middle attacks and brute force attacks will be examined. Finally, we will present a wide view into the future – keyword: quantum cryptography…
Sign Up Hornet News
Suscríbete a las últimas noticas sobre ciberseguridad.The new Cyberthreat Report
Brand new – 1st Cyberthreat Report in 2020
The brand new Cyberthreat Report tells you all about current cyberthreats and gives you access to exclusive numbers and statistics.
