BLOG
Category: Malware
2019 Attack Predictions for the Payment Sector
Anomali Labs published this week a report, “Cyber Crime in the Payments Industry,” that examines threat trends affecting this sector. The report, available for download, details attacks and techniques, and provides recommendations for organizations that process credit card transactions.The payments industry, including retail, hospitality, restaurants and payment...
Read More
Destructive Shamoon Malware Continues its Return with a New Anti-American Message
Anomali Labs in its continued hunt for the destructive Shamoon malware, has identified a new Shamoon malware sample that uses an image of a burning US Dollar as part of its destructive attack. Historic versions of the Shamoon destructive wiper have utilized images of a burning American flag and the...
Read More
Cyber Threat Intelligence Malware
Holiday Shopping Increases Threat Actor Activity in 2018—Be Vigilant and Jolly
OverviewAs the weather grows colder and holiday shopping seasons encroaches, so too, increases the opportunities for data and monetary theft for a threat actor. Every year it seems as if companies are moving their “deals” earlier and earlier than the well-known Black Friday and Cyber Monday shopping...
Read More
Cyber Threat Intelligence Malware Research
New Shamoon V3 Malware Targets Oil and Gas Sector in the Middle East and Europe
A new version of destructive wiper malware Shamoon was first identified by security researchers on December 5, 2018. This malware dubbed Shamoon V3, appears to be a new version of the destructive malware, which has historically been associated with advanced persistent threat actors aligned with the interests of the Iranian state. It...
Read More
Cyber Threat Intelligence Malware
Pulling Linux Rabbit/Rabbot Malware Out of a Hat
OverviewCyber threat researchers from Anomali Labs have discovered a new malware, called “Linux Rabbit,” that targeted Linux servers and Internet-of-Things (IoT) devices in a campaign that began in August 2018 and continued until October 2018. The campaign targeted devices in Russia, South Korea, the UK, and the US. The...
Read More
Cyber Threat Intelligence Malware Research
Evaluating the Threatscape One Year After NotPetya Ransomware Attack
The NotPetya cyber-attack occurred a little over a month after WannaCry, targeting Ukrainian organisations.The attack was initiated utilising a corrupted update for an accounting and tax software that was almost exclusively used throughout every organisation, private and public, in the country. The malware employed the same SMB exploit that...
Read More
Cyber Threat Intelligence Malware Research Threat Intelligence Platform
Analyzing WannaCry a Year After the Ransomware Attack
The cyber-attack known as WannaCry first broke out in May of 2017 and was unprecedented in its scope and impact. It utilized a Microsoft Windows vulnerability that was leaked by a cyber threat group, the Shadow Brokers, and despite Microsoft releasing a patch for the vulnerability, many organizations failed to apply...
Read More
Cyber Threat Intelligence Malware Research
APT 29 - Put up your Dukes
Have you ever heard the phrase “put up your dukes” and wondered how on Earth that could equate to putting up your fists for a fight? You wouldn’t be alone in wondering. Etymologists studying this phrase have concluded that this expression, like many others that are...
Read More
Cyber Threat Intelligence Malware Research ThreatStream
A Timeline of APT28 Activity
APT28 (aka Fancy Bear, aka Pawn Storm, aka Sednit, aka Sofacy, aka Group 74, aka Sednit, aka Sofacy, aka Strontium, aka Threat Group-4127) finds its way into the news with some regularity. Most recently the group claimed to have released documents from the International Luge Federation. APT28 is probably best known...
Read More
Cyber Threat Intelligence Malware Research
Welcoming Draft 2, version 1.1 of the NIST Cybersecurity Framework
The NIST Cybersecurity Framework (CSF) is a set of standards, best practices, and recommendations for improving cybersecurity and managing cybersecurity risk at the organizational level. Since original publication in 2014, the Framework, although voluntarily for the private sector and enterprise, has been widely adopted across the globe. Research by NIST...
Read More
The Rise of Malware Using Legitimate Services for Communications
Malware often includes the ability to communicate with attacker controlled systems on the Internet from within compromised networks. This gives the attacker several important capabilities.Some examples of this communication include:Receive “heartbeats” to maintain an inventory of compromised systems
Send Remote control commands and receive the results...
Read More
Cyber Threat Intelligence Malware Research
12 Days of Threats
On the first day of Christmas a hacker stole from me,
Thousands in my favorite cryptocurrency…
On the second day of Christmas a hacker stole from me,
Two plain-text passwords and thousands in my favorite cryptocurrency...We’re sure by now you’ve heard too much Christmas...
Read More
Anomali Enterprise Cyber Threat Intelligence Malware SIEM ThreatStream
What I’ve Learned as a Part-Time Cyber Threat Analyst Using Anomali Enterprise
A few months ago I wrote a post detailing how Anomali Enterprise helped me to identify a malware threat to my home network. Many have since emailed me asking how they can do the same (please keep them coming!).Since writing that post, my router has generated millions of logs...
Read More
How Ransomware has become an ‘Ethical’ Dilemma in the Eastern European Underground
By Vitali Kremez, Flashpoint and Travis Farral, AnomaliIt’s no secret that the Deep & Dark Web (DDW) is home to illicit marketplaces and forums, as well as an array of cybercriminal communications. Less obvious, however, are the nuances of these communications, the unspoken code of conduct that...
Read More
Hacker Tactics - Part 2: Supply Chain Attacks
Adversaries are constantly changing and improving how they attack us. In this six-part series we'll explore new or advanced tactics used by threat actors to circumvent even the most cutting-edge defenses.On June 27th, 2017, the NotPetya malware campaign initiated in Ukraine and rapidly spread around the globe. NotPetya devastated...
Read More
Hacker Tactics - Part 1: Domain Generation Algorithms
Coauthored by Evan Wright and Payton BushAdversaries are constantly changing and improving how they attack us. In this six-part series we'll explore new or advanced tactics used by threat actors to circumvent even the most cutting-edge defenses.What are DGAs?DGAs are code that programmatically produce a list...
Read More
Malware Weekly Threat Briefing
WTB: US Arrests Chinese Man Involved With Sakula Malware Used in OPM and Anthem Hacks
The intelligence in this week’s iteration discuss the following threats: APTs, Cybercriminals, Data leaks, Exploit kits, Malspam, Malware, Mobile, Ransomware, Vulnerabilities. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending ThreatsUS Arrests...
Read More
Halt the Sidecar Bear’s infrastructure with Intel 471 and Anomali Threatstream
By Mark Arena, Intel 471 and Travis Farral, AnomaliWe’ve all seen the research into Fancy Bear (aka APT28, Sofacy etc) which is likely a group sponsored by or a part of the Russian government. They even have their own website. Research into these groups is predominantly reactive.Typical...
Read More
How Threat Hunting Can Help Defend Against Malware Attacks
By Kris Merritt (Vector8) and Justin Swisher (Anomali)Since the outbreak of Petya some days ago many articles have been written dissecting the malware, its purpose, and its attribution. These articles used reverse engineering and malware analysis to conduct post incident analysis. Vector8 and Anomali viewed the Petya outbreak differently,...
Read More
Petya (NotPetya, Petrwrap)
DetailsA malware strain that appears to be based off of the “Petya” ransomware began targeting and infecting governments and businesses worldwide on June 27th, 2017. Since dubbed “NotPetya” by some researchers, and “Nyetya” by others, this malware has spread across Europe and North America...
Read More
