Three Malware Predictions for the Remainder of 2014

Posted by Hugh Docherty on Mon, Aug 25, '14

As summer is drawing to a close, it is useful to take a quick look ahead to the end of the year to determine what we can expect on the malware front. After all, 2014 has brought about many new developments in malware. In this blog post, we explore a few malware predictions for the balance of the year.

Read More

Topics: Malware

Black Hat USA Roundup: Our Favorite Stories from This Week’s Security Conference

Posted by Malcovery Security on Fri, Aug 8, '14

The infamous benchmark-setting security conference, Black Hat, completed its 17th year this week in Las Vegas. Here are a few of our favorite stories and tweets that came out of this year’s conference:

From the Web...

How (& why) feds killed a talk on Tor-hacking at Black Hat (exclusive)

Two Carnegie Mellon University researchers from the school’s Software Engineering Institute, or SEI,  were set to present an abstract on Tor at Black Hat today. Alexander Volynkin and Michael McCord’s talk was to center on how adversaries could “de-anonymize hundreds of thousands Tor clients and thousands of hidden services within a couple of months,” and do so cheaply.

Read More

Topics: Cybersecurity

Malaysian Boeing 777: Cybercriminals Capitalize on Tragedy Once Again

Posted by Brendan Griffin on Thu, Jul 24, '14

It’s not the first time, and unfortunately, it won’t be the last time. Cybercriminals have once again exploited a tragic situation in order to expand their reach in malware distribution. 

News stories with a high level of public interest are most vulnerable for this type of activity. We’ve seen it before: the Boston Marathon bombing, the Texas fertilizer plant explosion and (much happier news) the birth of the royal baby

Read More

Topics: Malware

Top Phished Brands: Why Q2 Was So Busy for Cybercriminals

Posted by Malcovery Security on Tue, Jul 22, '14

Phishing and malicious spam continue to threaten networks and brands.

The second quarter of 2014 turned out to be a very busy time for phishing activity. The uptick in activity was not limited to overall volume. There was an increase in the diversity of attack types as well as well as the scale of individual attacks.

In the past, many industry conversations about threats centered around GameOver Zeus, “public enemy number one” to the corporate cybersecurity world. After the popular banking Trojan became dysfunctional, cybercriminals scrambled to fill the void with new threats before ultimately attempting a GameOver Zeus revival.

Read More

Topics: Phishing

ASProx Responsible for Several Attacks, Including E-ZPass, Court Case

Posted by Brendan Griffin on Wed, Jul 16, '14

Last week, we talked about a spam campaign targeting the E-ZPass brand, which provides electronic toll collection to several state departments of transportation. Given the high level of interest in this threat, we’re here with an update which will provide some additional context on this threat. 

ASProx, the malware behind the E-ZPass threat has used at least a half dozen email templates over the past nine months. Both malicious URLs and hostile attachments have been utilized to distribute the malware. Several brands have been falsely represented in this attempt to deliver ASProx. Cybercriminals sent email campaigns appearing to be sent from WhatsApp, several large retailers, airlines and even the US District Court Systems and other legal entities, such as law firms. This effort began in Fall of 2013 and continued into the first part of this year. The shift toward legal notices began in January 2014. Most prolifically, this malware claims to deliver a notice of a court date that the recipient must attend after completing the attached legal documents.

Read More

Topics: Malware

What We Learned From Analyzing Over 40 Million Spam Messages

Posted by Malcovery Security on Tue, Jul 8, '14

Earlier today we announced yet another major milestone at Malcovery: over 47 million spam messages processed and seven thousand email-based attacks identified in one month. In addition, we achieved record automated analysis with auto-classification of 92% of phishing URLs.

As you can imagine, we’re quite pleased to have reached this major milestone as a company. However, the biggest achievement is the lessons that we’ve learned along the way.

Read More

Topics: Email-based Threat Intelligence

How Spammers Are Filling the Gameover Zeus Void

Posted by Brendan Griffin on Mon, Jul 7, '14

Spammers are filling the Gameover Zeus void by deploying other malware varieties—many of which represent threats which have not previously utilized spam email as their vector for distribution.

Malcovery’s analysts identified one such threat on June 18, 2014. The new malware was distributed using a number of common spam email templates associated with the notorious Cutwail spamming botnet. The attacker also utilized a sophisticated attack vector by implementing a PDF document designed to silently download and install a botnet malware which was in turn used to distribute the new malware. This first botnet malware was deployed as a means to sneak any number of additional malware binaries through defenses and execute it within the already-infected environment.

Read More

Topics: Malware

Is Threat Intelligence a Must-Have or a Nice-to-Have?

Posted by Malcovery Security on Mon, Jun 30, '14

Ultimately, only you can answer the question displayed in the title of this article. Obviously, as providers of email-based threat intelligence solutions, Team Malcovery is in the “must have” camp. However, despite the fact that threat intelligence is receiving a lot of industry attention these days, it is your decision as to whether or not your should allocated limited budget toward it.

In this blog post, we present a few points for you to consider if you are exploring potential threat intelligence solutions.

#1:  Wait, what is the true meaning of threat intelligence?

Read More

How Modern Cybercrime is Like an Episode of Scooby Doo

Posted by Malcovery Security on Wed, Jun 11, '14

“And I would have gotten away with it, too, if it weren't for you meddling kids."

This was always one of the last lines of every Scooby Doo cartoon.  This line was always delivered right after the bad guy’s mask was taken off, revealing the criminal.  All of the bad guys in the Scooby Doo cartoons used deception in attempt to make their evil, though overly complex, plan work.  As kids, we would watch very closely from the beginning of the episode, trying to figure out who the bad guy was.  Each clue was analyzed, every person examined.  However, until the gang in The Mystery Machine van took off the mask, you never knew for sure. 

Today’s cyber criminal is no different then the criminals that Fred, Velma, and the gang unmasked. The number one tool that is utilized is deception. Instead of acting like monsters and terrorizing a town, they are terrorizing your email inbox. 

In order to fight the modern cybercrime, we don’t need a cool van and a talking Great Dane. Instead, we need to know how the criminal is acting and how he has acted in the past.  In order to solve the case, we need to be able to gather the clues behind the attack. Threat intelligence provides the ability to look at patterns, trends, and behaviors of emerging cyber-criminals. Any device or person that is taking on this fight needs the most actionable information possible.  Threat intelligence provides both the investigators and the security devices with this information. Just like Scooby Doo, without the proper clues and experience solving crimes, the criminal will never be un-masked.

Threat Intelligence can unmask the cyber thief hiding behind your email.  And he can say “I would have gotten away with it, if it wasn’t for Threat Intelligence.”

Scooby Dooby Doo: are you ready to put your threat intelligence hat on?

Threat Intelligence:  Don't Add Servers, Add Smarts View Now

Read More

Topics: Email-based Threat Intelligence

How Email Content Distributes Malware

Posted by Brendan Griffin on Thu, Jun 5, '14

A cybercriminal has successfully delivered a hostile spam email. What happens next? The unknowing victim must allow his machine to be infected with the malware sample. In this post, we explore how email content distributes malware.

Read More

Topics: Malware

View Webinar Now