Anomali Blog
Phishing Scam Spoofs Canadian eTA and U.S. ESTA Websites To Target Visa-Exempt Foreign Travelers
On January 16, 2019, Anomali Labs detected two suspicious domains gov-canada-eta[.]com and canada-etavisa[.]info targeting foreign nationals interested in applying for a Canadian electronic travel authorization (eTA). Hosted on this domain is a replica website that spoofs the Government of Canada Electronic Travel Authorization (eTA) application site used by tourists, business...
Read More
Weekly Threat Briefing: NASA Jira Server Leaked Internal Project And Employee Data
The intelligence in this week's iteration discuss the following threats: Adware, Backdoor, CryptoMix, Data breaches, DNS hijacking, FlawedGrace, ICEPick-3PC, MageCart, Malware, Phishing, Ransomware, ServHelper, Side-channel attack, TA505, TEMP.MixMaster, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing...
Read More
Phishing Scam Lures Australian Government Contractors Into Disclosing Account Credentials
On January 9, 2019, Anomali Labs observed a new tender-themed phishing scam targeting companies allegedly selected by the Australian Government to submit tenders for commercial projects. The document purports to be from the Secretary of Infrastructure and Regional Development, Dr. Steven Kennedy. The premise behind the scam is to lure users into...
Read More
2019 Attack Predictions for the Payment Sector
Anomali Labs published this week a report, “Cyber Crime in the Payments Industry,” that examines threat trends affecting this sector. The report, available for download, details attacks and techniques, and provides recommendations for organizations that process credit card transactions.The payments industry, including retail, hospitality, restaurants and payment...
Read More
Weekly Threat Briefing: Another Windows 10 Zero-Day Bug Could Allow Overwriting Files With Random Data
The intelligence in this weekís iteration discuss the following threats: APT28, Danabot, Data breaches, Miori, Phishing, RATs, Ransomware, Roma225, The Dark Overlord, Vulnerabilities, and Zebrocy. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your...
Read More
Destructive Shamoon Malware Continues its Return with a New Anti-American Message
Anomali Labs in its continued hunt for the destructive Shamoon malware, has identified a new Shamoon malware sample that uses an image of a burning US Dollar as part of its destructive attack. Historic versions of the Shamoon destructive wiper have utilized images of a burning American flag and the...
Read More
Cyber Threat Intelligence Malware
Holiday Shopping Increases Threat Actor Activity in 2018—Be Vigilant and Jolly
OverviewAs the weather grows colder and holiday shopping seasons encroaches, so too, increases the opportunities for data and monetary theft for a threat actor. Every year it seems as if companies are moving their “deals” earlier and earlier than the well-known Black Friday and Cyber Monday shopping...
Read More
Weekly Threat Briefing: Save the Children Hit by $1m BEC Scam
The intelligence in this weekís iteration discuss the following threats: Android trojan, BEC, Charming Kitten, Coblat Group, Exploit kit, Malware, Novidade, Phishing, Seedworm, SplitSpectre, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check...
Read More
Cyber Threat Intelligence Malware Research
New Shamoon V3 Malware Targets Oil and Gas Sector in the Middle East and Europe
A new version of destructive wiper malware Shamoon was first identified by security researchers on December 5, 2018. This malware dubbed Shamoon V3, appears to be a new version of the destructive malware, which has historically been associated with advanced persistent threat actors aligned with the interests of the Iranian state. It...
Read More
The Power of Active Collaboration in ISACs, ISAOs and Security Interest Groups
During DefCon 26 held in August 2018, on the subject of “Securing our Nation's Election Infrastructure”, Jeanette Manfra, Assistant Secretary, Office of Cybersecurity and Communications from the Department of Homeland Security (DHS) emphasized the need for public and private sector collaboration and the importance of sharing information. Ms....
Read More
Weekly Threat Briefing: Massive Botnet Chews Through 20,000 WordPress Sites
The intelligence in this week’s iteration discuss the following threats: APT, Banking trojan, Botnet, BEC, Data theft, Malspam, Phishing, Targeted attacks, Threat group, Vulnerabilities and Website compromise. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to...
Read More
Cyber Threat Intelligence Malware
Pulling Linux Rabbit/Rabbot Malware Out of a Hat
OverviewCyber threat researchers from Anomali Labs have discovered a new malware, called “Linux Rabbit,” that targeted Linux servers and Internet-of-Things (IoT) devices in a campaign that began in August 2018 and continued until October 2018. The campaign targeted devices in Russia, South Korea, the UK, and the US. The...
Read More
Weekly Threat Briefing: Hackers Could Exploit a Zoom App Vulnerability to Disrupt Conferences
The intelligence in this week’s iteration discuss the following threats: BEC, Data breach, Data theft, Exposed PII, Malicious applications, Phishing, Spear phishing, RAT, Targeted attacks, Unauthorized access, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be...
Read More
What is MITRE ATT&CK™?
MITRE introduced ATT&CK (Adversarial Tactics, Techniques & Common Knowledge) in 2013 as a way to describe and categorize adversarial behaviors based on real-world observations. ATT&CK is a structured list of known attacker behaviors that have been compiled into tactics and techniques and expressed in a handful of...
Read More
Weekly Threat Briefing: US Postal Service Left 60 Million Users Data Exposed For Over a Year
The intelligence in this week’s iteration discuss the following threats: Cannon Trojan, Keyloggers, Lazarus Group, L0rdix, Mirai, OceanLotus, Sofacy and Zebrocy. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential...
Read More
Cyber Threat Intelligence Research
Is Magecart Checking Out Your Secure Online Transactions?
With Online Holiday Sales Projected at $123B: How Secure are Your Transactions? There is a projected $123B in online purchases this holiday season, according to commerce site shopify.com. Millions of online transactions will occur between now and December 25th. How secure do you feel entering your credit or...
Read More
Weekly Threat Briefing: Russian APT Comes Back to Life with New US Spear-phishing Campaign
The intelligence in this weekís iteration discuss the following threats: APT29, Cryptominers, Data breaches, MageCart, Malware, Misconfigured Docker, Phishing, Remote access trojans, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check...
Read More
Cyber Threat Intelligence Research
Staying Safe Online During Black Friday and Cyber Monday
IntroductionThe countdown to Black Friday and Cyber Monday 2018 is well underway as consumers prepare for the sales frenzy that will kick off on Friday, November 23rd and Monday, November 26th. Black Friday and Cyber Monday have arguably become two of the most important and notable days in the...
Read More
The Importance of Managing Threat Intelligence
Data. Data. Data. Threat data can feel like a constant rushing waterfall that can overwhelm an analyst. After all, what good is one more set of data if there’s not an applicable and manageable use case for it. Some people look at threat intelligence (note not threat data)...
Read More
Weekly Threat Briefing: Adobe ColdFusion Servers Under Attack from APT Group
The intelligence in this weekís iteration discuss the following threats: APT, Data breaches, DDoS, Lazarus group, Malicious mobile applications, Malicious documents, PortSmash, SMiShing, Spear phishing, Trickbot, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used...
Read More
