Anomali Blog

Anomali Blog

Research

Phishing Scam Spoofs Canadian eTA and U.S. ESTA Websites To Target Visa-Exempt Foreign Travelers

On January 16, 2019, Anomali Labs detected two suspicious domains gov-canada-eta[.]com and canada-etavisa[.]info targeting foreign nationals interested in applying for a Canadian electronic travel authorization (eTA). Hosted on this domain is a replica website that spoofs the Government of Canada Electronic Travel Authorization (eTA) application site used by tourists, business...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: NASA Jira Server Leaked Internal Project And Employee Data

The intelligence in this week's iteration discuss the following threats: Adware, Backdoor, CryptoMix, Data breaches, DNS hijacking, FlawedGrace, ICEPick-3PC, MageCart, Malware, Phishing, Ransomware, ServHelper, Side-channel attack, TA505, TEMP.MixMaster, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing...
Read More


Research

Phishing Scam Lures Australian Government Contractors Into Disclosing Account Credentials

On January 9, 2019, Anomali Labs observed a new tender-themed phishing scam targeting companies allegedly selected by the Australian Government to submit tenders for commercial projects. The document purports to be from the Secretary of Infrastructure and Regional Development, Dr. Steven Kennedy. The premise behind the scam is to lure users into...
Read More


Malware Research

2019 Attack Predictions for the Payment Sector

Anomali Labs published this week a report, “Cyber Crime in the Payments Industry,” that examines threat trends affecting this sector. The report, available for download, details attacks and techniques, and provides recommendations for organizations that process credit card transactions.The payments industry, including retail, hospitality, restaurants and payment...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Another Windows 10 Zero-Day Bug Could Allow Overwriting Files With Random Data

The intelligence in this weekís iteration discuss the following threats: APT28, Danabot, Data breaches, Miori, Phishing, RATs, Ransomware, Roma225, The Dark Overlord, Vulnerabilities, and Zebrocy. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your...
Read More


Malware Research

Destructive Shamoon Malware Continues its Return with a New Anti-American Message

Anomali Labs in its continued hunt for the destructive Shamoon malware, has identified a new Shamoon malware sample that uses an image of a burning US Dollar as part of its destructive attack. Historic versions of the Shamoon destructive wiper have utilized images of a burning American flag and the...
Read More


Cyber Threat Intelligence Malware

Holiday Shopping Increases Threat Actor Activity in 2018—Be Vigilant and Jolly

OverviewAs the weather grows colder and holiday shopping seasons encroaches, so too, increases the opportunities for data and monetary theft for a threat actor. Every year it seems as if companies are moving their “deals” earlier and earlier than the well-known Black Friday and Cyber Monday shopping...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Save the Children Hit by $1m BEC Scam

The intelligence in this weekís iteration discuss the following threats: Android trojan, BEC, Charming Kitten, Coblat Group, Exploit kit, Malware, Novidade, Phishing, Seedworm, SplitSpectre, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check...
Read More


Cyber Threat Intelligence Malware Research

New Shamoon V3 Malware Targets Oil and Gas Sector in the Middle East and Europe

A new version of destructive wiper malware Shamoon was first identified by security researchers on December 5, 2018. This malware dubbed Shamoon V3, appears to be a new version of the destructive malware, which has historically been associated with advanced persistent threat actors aligned with the interests of the Iranian state. It...
Read More


Cyber Threat Intelligence

The Power of Active Collaboration in ISACs, ISAOs and Security Interest Groups

During DefCon 26 held in August 2018, on the subject of “Securing our Nation's Election Infrastructure”, Jeanette Manfra, Assistant Secretary, Office of Cybersecurity and Communications from the Department of Homeland Security (DHS) emphasized the need for public and private sector collaboration and the importance of sharing information.  Ms....
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Massive Botnet Chews Through 20,000 WordPress Sites

The intelligence in this week’s iteration discuss the following threats: APT, Banking trojan, Botnet, BEC, Data theft, Malspam, Phishing, Targeted attacks, Threat group, Vulnerabilities and Website compromise. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to...
Read More


Cyber Threat Intelligence Malware

Pulling Linux Rabbit/Rabbot Malware Out of a Hat

OverviewCyber threat researchers from Anomali Labs have discovered a new malware, called “Linux Rabbit,” that targeted Linux servers and Internet-of-Things (IoT) devices in a campaign that began in August 2018 and continued until October 2018. The campaign targeted devices in Russia, South Korea, the UK, and the US. The...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Hackers Could Exploit a Zoom App Vulnerability to Disrupt Conferences

The intelligence in this week’s iteration discuss the following threats: BEC, Data breach, Data theft, Exposed PII, Malicious applications, Phishing, Spear phishing, RAT, Targeted attacks, Unauthorized access, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be...
Read More


Cyber Threat Intelligence

What is MITRE ATT&CK™?

MITRE introduced ATT&CK (Adversarial Tactics, Techniques & Common Knowledge) in 2013 as a way to describe and categorize adversarial behaviors based on real-world observations. ATT&CK is a structured list of known attacker behaviors that have been compiled into tactics and techniques and expressed in a handful of...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: US Postal Service Left 60 Million Users Data Exposed For Over a Year

The intelligence in this week’s iteration discuss the following threats: Cannon Trojan, Keyloggers, Lazarus Group, L0rdix, Mirai, OceanLotus, Sofacy and Zebrocy. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential...
Read More


Cyber Threat Intelligence Research

Is Magecart Checking Out Your Secure Online Transactions?

With Online Holiday Sales Projected at $123B: How Secure are Your Transactions? There is a projected $123B in online purchases this holiday season, according to commerce site shopify.com. Millions of online transactions will occur between now and December 25th. How secure do you feel entering your credit or...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Russian APT Comes Back to Life with New US Spear-phishing Campaign

The intelligence in this weekís iteration discuss the following threats: APT29, Cryptominers, Data breaches, MageCart, Malware, Misconfigured Docker, Phishing, Remote access trojans, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check...
Read More


Cyber Threat Intelligence Research

Staying Safe Online During Black Friday and Cyber Monday

IntroductionThe countdown to Black Friday and Cyber Monday 2018 is well underway as consumers prepare for the sales frenzy that will kick off on Friday, November 23rd and Monday, November 26th.  Black Friday and Cyber Monday have arguably become two of the most important and notable days in the...
Read More


Threat Intelligence Platform

The Importance of Managing Threat Intelligence

Data. Data. Data. Threat data can feel like a constant rushing waterfall that can overwhelm an analyst. After all, what good is one more set of data if there’s not an applicable and manageable use case for it. Some people look at threat intelligence (note not threat data)...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Adobe ColdFusion Servers Under Attack from APT Group

The intelligence in this weekís iteration discuss the following threats: APT, Data breaches, DDoS, Lazarus group, Malicious mobile applications, Malicious documents, PortSmash, SMiShing, Spear phishing, Trickbot, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used...
Read More


Get the latest threat intelligence news in your email.