Malware stops you getting infected (…Again)

Malware stops you getting infected (…Again) A new TTP is observed in Smominru malware. Smominru malware was first observed in 2017 primarily used as a cryptomining botnet. Its large payloads allow for many features, including credential theft and wormable capabilities, spreading across Windows 7 and Server 2008. It has been documented to have many propagation … Read more

Emotet Banking Trojan Loves U.S.A Internet Providers

According to new data by TrendMicro, attackers utilising the Emotet banking Trojan predominantly used internet providers located in the U.S.A. to host their Command & Control infrastructure. In a recent blog post, TrendMicro states that the United States of America, with a 45% share, hosts more Emotet C2 infrastructure through Comcast, followed by Mexico and Canada. The top … Read more

State-Sponsored Actors Focus Attacks on Asia

Southeast Asia is the most actively attacked region, accordingly to Cyber Security firm, Group-IB. Their annual Hi-Tech Crime Trends Report 2018 advises, “In just one year, 21 state-sponsored groups were detected in this area, which is more than in the United States and Europe.” Although, not only state-sponsored groups are focusing their attention on this … Read more

Malware Distributors Adopt DKIM to Bypass Mail Filters

In July 2018, US-CERT raised an alert regarding the Emotet banking trojan, which is also being used to distribute a secondary malware known as “Trickbot”. This alert provided recommendations on how businesses can mitigate their exposure to the Trojan. Unfortunately, it looks like criminals are also reading the US-CERT’s warnings as they have adopted new … Read more