Research Categories | Anomali Blog

BLOG

Category: Research

Research

Phishing Scam Lures Australian Government Contractors Into Disclosing Account Credentials

On January 9, 2019, Anomali Labs observed a new tender-themed phishing scam targeting companies allegedly selected by the Australian Government to submit tenders for commercial projects. The document purports to be from the Secretary of Infrastructure and Regional Development, Dr. Steven Kennedy. The premise behind the scam is to lure users into...
Read More


Malware Research

2019 Attack Predictions for the Payment Sector

Anomali Labs published this week a report, “Cyber Crime in the Payments Industry,” that examines threat trends affecting this sector. The report, available for download, details attacks and techniques, and provides recommendations for organizations that process credit card transactions.The payments industry, including retail, hospitality, restaurants and payment...
Read More


Malware Research

Destructive Shamoon Malware Continues its Return with a New Anti-American Message

Anomali Labs in its continued hunt for the destructive Shamoon malware, has identified a new Shamoon malware sample that uses an image of a burning US Dollar as part of its destructive attack. Historic versions of the Shamoon destructive wiper have utilized images of a burning American flag and the...
Read More


Cyber Threat Intelligence Malware Research

New Shamoon V3 Malware Targets Oil and Gas Sector in the Middle East and Europe

A new version of destructive wiper malware Shamoon was first identified by security researchers on December 5, 2018. This malware dubbed Shamoon V3, appears to be a new version of the destructive malware, which has historically been associated with advanced persistent threat actors aligned with the interests of the Iranian state. It...
Read More


Cyber Threat Intelligence Research

Is Magecart Checking Out Your Secure Online Transactions?

With Online Holiday Sales Projected at $123B: How Secure are Your Transactions? There is a projected $123B in online purchases this holiday season, according to commerce site shopify.com. Millions of online transactions will occur between now and December 25th. How secure do you feel entering your credit or...
Read More


Cyber Threat Intelligence Research

Staying Safe Online During Black Friday and Cyber Monday

IntroductionThe countdown to Black Friday and Cyber Monday 2018 is well underway as consumers prepare for the sales frenzy that will kick off on Friday, November 23rd and Monday, November 26th.  Black Friday and Cyber Monday have arguably become two of the most important and notable days in the...
Read More


Cyber Threat Intelligence Research

Threatscape of the US Election

Cyber attacks and political elections within the US are frequently heard together in the same sentence following the 2016 presidential election. Media outlets are ramping up their efforts to cover the 2018 midterm elections for the 115th Congress, often including online mediums such as social media. This can create an information overload...
Read More


Cyber Threat Intelligence Research

Cyber Countdown to November 6…

Securing US State and Territory Voter Registration and Information WebsitesExecutive SummaryLess than a week away from November 6, 2018, US midterm elections is arguably one of the most important election cycles in history where political parties battle for control of the two chambers of Congress. Additionally, thirty-six state governors,...
Read More


Cyber Threat Intelligence Research

New .republican and .democrat Domains Offer New Ways to Fake Out Voters

IntroductionElection cycles in the US are widely publicized on various forms of media sources but this publicity brings with it inherent risk. A campaign’s online presence is critical as more voters turn to the Internet to learn about candidates, compare positions, and prepare to vote. However, this...
Read More


Research

Estimated 35 Million Voter Records For Sale on Popular Hacking Forum

Anomali Labs researchers in close partnership with Intel 471, a leading cybercrime intelligence provider, have uncovered a widespread unauthorized information disclosure of US voter registration databases. To be clear, this voter information is made generally available to the public for legitimate uses. Anomali and Intel 471 researchers discovered dark web communications offering...
Read More


Cyber Threat Intelligence Malware Research

Evaluating the Threatscape One Year After NotPetya Ransomware Attack

The NotPetya cyber-attack occurred a little over a month after WannaCry, targeting Ukrainian organisations.The attack was initiated utilising a corrupted update for an accounting and tax software that was almost exclusively used throughout every organisation, private and public, in the country. The malware employed the same SMB exploit that...
Read More


Cyber Threat Intelligence Research

Anomali Labs Research Shows Email-Based Attacks Continue to Threaten Election Security

The Anomali Labs team today published research on the potential for email-based attacks against election infrastructure. The new report, “Can Lightning Strike the US Elections Twice?: Email Spoofing Threat to the 2018 US Midterm Elections,” reveals that most US states have vulnerabilities that would allow email spoofing...
Read More


Cyber Threat Intelligence Research

What the US-Turkey Escalation Means for Cybersecurity

The recent escalation in US-Turkish political relations has important implications and will likely result in cybersecurity responses. The Anomali Labs research team has published a report providing an overview of the crisis, the key players involved, and analysis of potential cybersecurity reactions.The political tension between the US and Turkey...
Read More


Cyber Threat Intelligence Malware Research Threat Intelligence Platform

Analyzing WannaCry a Year After the Ransomware Attack

The cyber-attack known as WannaCry first broke out in May of 2017 and was unprecedented in its scope and impact. It utilized a Microsoft Windows vulnerability that was leaked by a cyber threat group, the Shadow Brokers, and despite Microsoft releasing a patch for the vulnerability, many organizations failed to apply...
Read More


Cyber Threat Intelligence Research

Cyber Threats Lurk at Large Events: Prepare for the 2018 FIFA World Cup

From Maradona’s “Hand of God,” to USA’s “Dos a Cero” defeat over Mexico, to Zidane’s infamous head-butt, the World Cup never ceases to amaze. With many of the world’s top players looking to take the field and make...
Read More


Anomali Enterprise Cyber Threat Intelligence Research

DreamBot Campaign Dreams Big

SummaryBeginning late April, Anomali Labs observed a phishing campaign distributing malicious documents containing macros to download DreamBot, a variant of Ursnif. The downloaded DreamBot payload turned out to be a stealthy keylogger, contrary to previously observed behavior from this malware family. The campaign, which lasted several weeks, continually rotated...
Read More


Cyber Threat Intelligence Malware Research

APT 29 - Put up your Dukes

Have you ever heard the phrase “put up your dukes” and wondered how on Earth that could equate to putting up your fists for a fight? You wouldn’t be alone in wondering. Etymologists studying this phrase have concluded that this expression, like many others that are...
Read More


Cyber Threat Intelligence Research

Research: Potential and Realized Threats to the United Kingdom

Anomali recently conducted research to assess the threat landscape of the United Kingdom and determine where adversaries may choose to focus their attention. The report examines various Critical National Infrastructures such as communications, defence, civil nuclear, etc. and identifies past and potential attacks.Findings indicate that diversification of companies, largely...
Read More


Cyber Threat Intelligence Malware Research ThreatStream

A Timeline of APT28 Activity

APT28 (aka Fancy Bear, aka Pawn Storm, aka Sednit, aka Sofacy, aka Group 74, aka Sednit, aka Sofacy, aka Strontium, aka Threat Group-4127) finds its way into the news with some regularity. Most recently the group claimed to have released documents from the International Luge Federation. APT28 is probably best known...
Read More


Cyber Threat Intelligence Research

Taking the cyber No-Fly list to the skies

In our last post, we talked about how companies can use the concept of a No-Fly list to keep malicious actors out of their networks. So how does a cyber No-Fly list work in a real situation? We spoke with one of our customers, Alaska Airlines, about how they make...
Read More


Get the latest threat intelligence news in your email.