Windows Security Twisted to Block Security Tools

TrendMicro is reporting that bad guys in Japan are abusing Microsoft's security functionality, Software Restriction Policies, to disable security tools. The malware, termed BKDR_VAWTRAK, searches for commonly used security applications.  If a security application is detected, the malware modifies the registry keys such that Software Restriction Policies will run the security software in a restricted state -- rendering it useless. The malware is distributed using malicious emails and compromised websites.  This malware is being used to facilitate unauthorized banking transactions in Japan.  Quoting TrendMicro, [The Japanese] National Police Agency mentioned that the current estimated total cost of unauthorized transactions suffered by [...]

Molerats Attack

FireEye is reporting on several new Molerats attacks which are targeting at least on major US financial institution and several European government organizations.  FireEye has linked these attacks to what it calls the "Gaza Hackers Team."  Spearphising bait used in the attacks uses items of interest to theMiddle East region, such as this biography of the new Egyptian President  Abdel Fattah el-Sisi:     FireEye reports that the Molerats are expanding their target list beyond Israeli and Palestinian targets. Targets now include: Palestinian and Israeli surveillance targets Government departments in Israel, Turkey, Slovenia, Macedonia, New Zealand, Latvia, the U.S., and the UK [...]

2017-01-07T17:35:15-05:00June 17th, 2014|SP Guard, spear phishing, Uncategorized|

Fake Friends – Spearphishing Made Easy

iSIGHT Partners has discovered a long-running cyberespionage operation in which Iranians are creating fake personas on popular social network sites.  The attackers use the fake personas to create trusted relationships with intended victims.   iSIGHT elaborates: iSIGHT has recently uncovered activity, which we call NEWSCASTER, that has quietly carried out cyber espionage since 2011, while eschewing methods preferred by many of its peers. NEWSCASTER is distinctive for its reliance on social networks, and the intricate network of false personas that exists on several of these platforms. Most notably, several of these personas are legitimized by a front news organization called NewsOnAir.org. These [...]

2017-01-07T17:35:15-05:00June 6th, 2014|Cybersecurity - General, SP Guard, spear phishing|