BLOG

Category: Research

Anomali Enterprise Cyber Threat Intelligence Research

DreamBot Campaign Dreams Big

SummaryBeginning late April, Anomali Labs observed a phishing campaign distributing malicious documents containing macros to download DreamBot, a variant of Ursnif. The downloaded DreamBot payload turned out to be a stealthy keylogger, contrary to previously observed behavior from this malware family. The campaign, which lasted several weeks, continually rotated...
Read More


Cyber Threat Intelligence Malware Research

APT 29 - Put up your Dukes

Have you ever heard the phrase “put up your dukes” and wondered how on Earth that could equate to putting up your fists for a fight? You wouldn’t be alone in wondering. Etymologists studying this phrase have concluded that this expression, like many others that are...
Read More


Cyber Threat Intelligence Research

Research: Potential and Realized Threats to the United Kingdom

Anomali recently conducted research to assess the threat landscape of the United Kingdom and determine where adversaries may choose to focus their attention. The report examines various Critical National Infrastructures such as communications, defence, civil nuclear, etc. and identifies past and potential attacks.Findings indicate that diversification of companies, largely...
Read More


Cyber Threat Intelligence Malware Research ThreatStream

A Timeline of APT28 Activity

APT28 (aka Fancy Bear, aka Pawn Storm, aka Sednit, aka Sofacy, aka Group 74, aka Sednit, aka Sofacy, aka Strontium, aka Threat Group-4127) finds its way into the news with some regularity. Most recently the group claimed to have released documents from the International Luge Federation. APT28 is probably best known...
Read More


Cyber Threat Intelligence Research

Taking the cyber No-Fly list to the skies

In our last post, we talked about how companies can use the concept of a No-Fly list to keep malicious actors out of their networks. So how does a cyber No-Fly list work in a real situation? We spoke with one of our customers, Alaska Airlines, about how they make...
Read More


Research

North Korean Cybersecurity Profile

North Korea, or more formally, the Democratic People’s Republic of North Korea (DPRK), is no stranger to international headlines. Most notably, it has captured attention in recent years for its nuclear testing and ballistic missile launches. Events in the cyber landscape have brought negative attention to North Korea...
Read More


Cyber Threat Intelligence Research

How the No-Fly List Approach Can Be Used to Improve Cybersecurity

We’ve all heard of the No-Fly List. Managed by the FBI’s Terrorist Screening Center, the list bans people on it from boarding commercial aircraft within, into, or out of the United States. The No-Fly List is only one tactic that the U.S. uses in its...
Read More


Research

The 2018 Winter Olympics in PyeongChang, South Korea and Impact to the Cyber Threat Landscape

Major events like the Winter Olympics attract a lot of attention from fans all around the world.  For three weeks fans will watch in person, on televisions, and online to follow the various competitive events. This attention is attractive to advertisers but it’s also attractive to cyber...
Read More


Cyber Threat Intelligence Malware Research

Welcoming Draft 2, version 1.1 of the NIST Cybersecurity Framework

The NIST Cybersecurity Framework (CSF) is a set of standards, best practices, and recommendations for improving cybersecurity and managing cybersecurity risk at the organizational level. Since original publication in 2014, the Framework, although voluntarily for the private sector and enterprise, has been widely adopted across the globe. Research by NIST...
Read More


Malware Research

The Rise of Malware Using Legitimate Services for Communications

Malware often includes the ability to communicate with attacker controlled systems on the Internet from within compromised networks. This gives the attacker several important capabilities.Some examples of this communication include:Receive “heartbeats” to maintain an inventory of compromised systems Send Remote control commands and receive the results...
Read More


Cyber Threat Intelligence Malware Research

12 Days of Threats

On the first day of Christmas a hacker stole from me, Thousands in my favorite cryptocurrency… On the second day of Christmas a hacker stole from me, Two plain-text passwords and thousands in my favorite cryptocurrency...We’re sure by now you’ve heard too much Christmas...
Read More


Research

A Very Malicious Christmas

In 2017, Americans are projected to spend $906 million on gifts, up from $785 in 2016. A significant chunk of that total will be spent online. As consumers turn to the internet, those looking to exploit them are increasing at a similar rate.Over the last 5 years, the festive season has seen...
Read More


Cyber Threat Intelligence Research

FTSE 100 Report: Targeted Brand Attacks and Mass Credential Exposures

The Anomali Labs team conducted research to identify suspicious domain registrations and potentially compromised credentials that could be used as part of an attack against the Financial Times Stock Exchange 100 (FTSE 100). Both methods of attack pose a significant threat not only to corporate brands but also to the corporations themselves....
Read More


Research

Russian Federation Cybersecurity Report

Whether the perpetrators or the victims, the Russian Federation is often linked to cyber activities in the news. The Russian Federation was recently hit with a ransomware attack called Bad Rabbit, which security professionals theorize was a retaliation for ransomware known as Petya. Evidence was also recently released indicating that...
Read More


Cyber Threat Intelligence Research

Bad Rabbit Ransomware Outbreak in Russia and Ukraine

OverviewOn October 24, 2017, security firms and media organization began reporting about an active ransomware campaign that, as of this writing, has primarily targeted entities in Russia and Eastern Europe. The infections are believed to have initiated on October 24 at approximately 12:16 UTC, evidenced by an infected company’s tweet...
Read More


Malware Research

How Ransomware has become an ‘Ethical’ Dilemma in the Eastern European Underground

By Vitali Kremez, Flashpoint and Travis Farral, AnomaliIt’s no secret that the Deep & Dark Web (DDW) is home to illicit marketplaces and forums, as well as an array of cybercriminal communications. Less obvious, however, are the nuances of these communications, the unspoken code of conduct that...
Read More


Malware Research

How Threat Hunting Can Help Defend Against Malware Attacks

By Kris Merritt (Vector8) and Justin Swisher (Anomali)Since the outbreak of Petya some days ago many articles have been written dissecting the malware, its purpose, and its attribution. These articles used reverse engineering and malware analysis to conduct post incident analysis. Vector8 and Anomali viewed the Petya outbreak differently,...
Read More


Malware Research

Petya (NotPetya, Petrwrap)

DetailsA malware strain that appears to be based off of the “Petya” ransomware began targeting and infecting governments and businesses worldwide on June 27th, 2017. Since dubbed “NotPetya” by some researchers, and “Nyetya” by others, this malware has spread across Europe and North America...
Read More


Malware Research

Ukraine hit hard as Petya Ransomware Variant Spreads around the world

[updated 6/28/2017 1:29pm ET] We will be updating this page with additional information. Please check back for the latest.While initial reports have only centered on the Ukraine being hit by a new stream of ransomware known as Petya, this is a global attack. Just like WannaCry, this might be leveraging...
Read More


Research

Anomali Begins Education Outreach Initiative

The cybersecurity industry is facing a critical issue, and it’s not the cyber criminals. There is a growing shortage of workers to fill the rising demand for cyber security professionals, with a projected 3.5 million positions left unfilled by 2021.In response to this growing demand, Anomali is beginning an...
Read More


Get the latest threat intelligence news in your email.