Securelist

Our latest APT trends for Q1, 2024 if now live and includes a look at some of the more interesting APT activities revealed during Q1, including Careto APT reappearance, hacktivist activity, and much more.

Full report ⇒ https://kas.pr/gbh9

We take a look at the state of in 2024. From BlackHunt and Rhysida to Mallox and beyond - what are ransomware gangs doing that you and your team need to know about?

Full report ⇒ https://kas.pr/s17t

We have discovered a variant of the DinodasRAT backdoor which seems to be designed to specifically target systems.

This variation has been orchestrating on organizations across China, Taiwan, Turkey, and Uzbekistan.

Full report ⇒ https://kas.pr/1bks

What were the top 10 web application vulnerabilities from 2021 until 2023? From Broken Access Control to Server-Side Request Forgery (SSRF) - we count them down.

Full story 👇

Top 10 web application vulnerabilities in 2021–2023 Our Security assessment team set up rankings that reflected our take on the most widespread and critical web application vulnerabilities as viewed through a prism of eight years' experience.

Our 2023 mobile threat report is now available and it makes for some interesting reading. After two years of 'relative' calm, Android malware & riskware activity has surged, returning to early 2021 levels.

Full story 👇

Kaspersky's report on mobile threats in 2023 This report details statistics and key trends associated with mobile malware: Google Play Trojans, malicious messaging app mods, and others.

We recently discovered a new, hitherto unknown, malware family, which is piggybacking on cracked software.

Full story 👇

A backdoor with a cryptowallet stealer inside cracked macOS software We review a new macOS backdoor that piggybacks on cracked software to replace Bitcoin and Exodus wallets with malware.

Our story of the year: Generative A.I. It seemed to explode from nowhere, taking consumers and businesses by surprise.

From LLM specific vulnerabilities to malicious chatbots & deepfakes - there's a lot to be worried about. But on the flipside, there are also a growing number of GenAI powered defender tools as well.

Read the full story 👇

Impact of generative AI on cybersecurity: facts and predictions Generative AI has become the trendiest technology of 2023. Kaspersky reviews AI-related security concerns, and implementations of this technology in cyberdefense and red teaming, and provides predictions for 2024.

It's a tale as old as time: you download cracked or 'warez' software looking for a free lunch but instead find malware.

That's exactly what we found with our latest research with a trojan-proxy piggybacking inside cracked software.

Full details 👇

Analysis of a new macOS Trojan-Proxy A new macOS Trojan-Proxy is riding on cracked versions of legitimate software; it relies on DNS-over-HTTPS to obtain a C&C (command and control) address.

'Tis the season for scams. With and soon upon us, we've pulled together a report looking at what scammers are doing this year.

Full report 👇

Black Friday threat report 2023 As Black Friday approaches, Kaspersky analyzes phishing and spam activity around major sales events, and reviews statistics on online shopping threats in 2023.

We recently saw the group compromise a software vendor through unpatched legitimate software.

The campaign leverage several components, including SIGNBT & LPEClient malware, which executed in memory only, to avoid detection.

More 👇

A cascade of compromise: unveiling Lazarus' new campaign We unveil a Lazarus campaign exploiting security company products and examine its intricate connections with other campaigns

We've talked about 's stealth previously, however in our latest article, we look in detail at TriangleDB - the main implant.

The level of stealth included using validators to ensure the exploits weren't delivered to security researchers.

Triangulation: validators, post-compromise activity and modules In this report Kaspersky shares insights into the validation components used in Operation Triangulation, TriangleDB implant post-compromise activity, as well as details of some additional modules.

We have uncovered significant developments in the APT group. Our latest research shows how the group is evolving strategies as well as introducing new loaders.

We also uncovered new malware deployed by the group. The malware is designed to collect files of interest and exfiltrate them.

Learn more 👇

ToddyCat: Keep calm and check logs In this article, we’ll describe ToddyCat new toolset, the malware used to steal and exfiltrate data, and the techniques used by this group to move laterally and conduct espionage operations.

The sector, projected to be worth $29B by 2030, is filled with devices such as routers, NAS boxes, cameras & much more.

In our latest research, we uncovered a thriving darknet community, focused almost entirely on either attacking or leveraging them.

IoT threats in 2023 IoT threats: how devices get hacked, what malware is uploaded, and what services are on offer on the dark web in 2023.

Linux is installed on millions of devices, yet research on the platform lags behind that of Windows or Mac.

We recently discovered a malicious campaign targeting Linux devices that went undiscovered for 3 years & is likely part of a supply-chain attack.

Trojanized Free Download Manager found to contain a Linux backdoor Kaspersky researchers analyzed a Linux backdoor disguised as Free Download Manager software that remained under the radar for at least three years.

'Cuba', aka: Tropical Scorpius, ColdDraw, Fidel, V Is Vendetta is a gang known for attacking oil & gas, financial services, gov agencies & healthcare providers.

In our latest report, we deep-dive into this most elusive of gangs 👇

Analysis of Cuba ransomware gang activity and tooling The article analyzes the malicious tactics, techniques and procedures (TTP) used by the operator of the Cuba ransomware, and details a Cuba attack incident.

Threat evolution in Q2 2023, so far:

✔️ Tracking the Lazarus DeathNote campaign
✔️ DoubleFinger used to steal crypto
✔️ Gopuram backdoor deployed through 3CX supply-chain attack
✔️ More on CloudWizard APT
Much more. Read full report 👇

IT threat evolution Q2 2023 Q2 2023 overview: targeted attacks such as Operation Triangulation, CloudWizard and Lazarus activity, Nokoyawa ransomware, and others.

Our APT trends report is now live - in it we look at some of the more prominent activity through Q2:

✔️ Operation Triangulation,
✔️ Newly discovered threat actor - 'Mysterious Elephant'
✔️ Geopolitics remains a key driver of APT development
✔️ Much more

APT trends report Q2 2023 This is our latest summary of the significant events and findings, focusing on activities that we observed during Q2 2023.

We delve into the 2023-23397 vulnerability, including an analysis of the initial attack samples.

Comprehensive analysis of initial attack samples exploiting CVE-2023-23397 vulnerability We will highlight the key points and then focus on the initial use of the CVE-2023-23397 vulnerability by attackers before it became public.

Hot wallets are common-place and always connected to the internet. Due to this, they're often targets of crude phishing attacks.

Cold wallets are disconnected, so inherently more difficult for attackers to gain entry to. That doesn't stop them trying however.

Phishing scams that target hot and cold crypto wallets Here is how email phishing scams targeting hot and cold crypto wallets, such as Trezor and Ledger, work.

According to most estimates, small and medium sized businesses constitute 90% of all businesses globally and contribute 60-70% of all jobs in the world.

Our latest SMB threat report looks at recent data + how business owners can protect themselves 👇

Kaspersky SMB threat report 2023 This report contains statistics on cybersecurity threats to small and medium-sized businesses in 2023, and examples of cyberattacks on SMBs.

Money, as the saying goes, is the root of all evil. To that end, malware developers quickly realised that turning their business into a service, allows them a bigger share of the pie.

In our latest research we take a look at the emerging Malware-as-a-Service (MaaS) model - this model allows malware developers to share the spoils of affiliate attacks and lower the bar [of entry] even further.

In our report, we studied data from various sources, including the and identified 97 families spread by the model - some as far back as 2015.

Of those we found, they were broke down as follows:

➼ ransomware (58%),
➼ infostealers (24%),
➼ remaining were split between , loaders, and backdoors (18%)

Want to learn more? Check the full report here 👇

How the Malware-as-a-Service market works What Malware-as-a-Service includes, on what terms cybercriminals offer it, and what malware they most often distribute under this model

Satacom downloader (aka: LegionLoader) is a well-known family that was discovered back in 2019. Usually distributed via third-party websites via malicious ad injections.

We take look at a recent campaign spreading the malware to steal 👇

Recent Satacom campaign delivers cryptocurrency-stealing addon A recent campaign by Satacom downloader is delivering a cryptocurrency-stealing extension for Chromium-based browsers, such as Chrome, Brave and Opera.

New research has added another piece to the hacking group puzzle. The research shows that some of the cloud infrastructure & malware the group was using, had similarities to espionage campaigns in Ukraine that identified back in 2016.

Analysis of the CloudWizard APT framework Kaspersky analysis of the CloudWizard APT framework used in a campaign in the region of the Russo-Ukrainian conflict.

Our incident response report for 2022 is now live. In our report:

✔️ Most attacked orgs were based in Russia & CIS, followed by Middle-East,
✔️ We offered help to government (19%), financial (18%), and industrial (17%) orgs most frequently.

More 👇

Kaspersky Incident Response report 2022 Kaspersky Incident Response report for 2022: incident response statistics, key trends and conclusions, expert recommendations.

Take a look back at what happened in 2022 as well as predictions for 2023 with our latest report. The report includes:

✔️ Driver abuse
✔️ Malware code cross-over
✔️ Increased embedded functionality
✔️ Much more

Read the full report ⇒ https://kas.pr/s8b6

First Jocker, then Harly - now Fleckpe: another trojan subscription app in the Play store which hides as a photo editing app or even as a smartphone wallpaper app.

Check the full report 👇

Subscription Trojans on Google Play The new Trojan family, Fleckpe, spreads via Google Play inside photo editors and wallpapers, subscribing the unaware user to paid services.

From Tomiris to TargetPlug and MuddyWater, our Q1 2023 report is out now. Also in the report:

✔️ Turla, MuddyWater, Winnti & Lazarus continue to evolve
✔️ Geo-locations of targets continues to shift
✔️ Victims are also equally diverse

Full story 👇

APT trends report Q1 2023 For more than five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have publish...

Our team recently discovered a new variant of the , which now features an updated C&C protocol & enhanced anti-analysis techniques.

The malware is targeting business emails & uses infected machines to steal sensitive data.

Learn more ⇒ https://kas.pr/3qn2

Part 2 of our report reveals some uncommon infection methods, highlighting the evolving tactics used by in order to infiltrate systems and steal sensitive data.

Check the full report out here 👇

Kaspersky crimeware report: uncommon infection methods Kaspersky researchers discuss infection methods used by Mirai-based RapperBot, Rhadamantys stealer, and CUEMiner: smart brute forcing, malvertising, and distribution through BitTorrent and OneDrive.

In February 2023, detected the which uses a Windows in order to gain network access. The exploit is believed to be part of a larger attack framework called "Devil Shadow Botnet".

Read our exclusive report 👇

Nokoyawa ransomware attacks with Windows zero-day In February 2023, we found a zero-day exploit, supporting different versions and builds of Windows, including Windows 11. This particular zero-day was used by a sophisticated cybercrime group that carries out ransomware attacks.