keylogger

Research Exposes Attacks on Military, Diplomats, Executives

Researchers from Blue Coat Systems said on Wednesday that they have identified an online attack framework that is being used in highly targeted attacks on executives in industries like oil, finance and engineering as well as military officers, diplomats and government officials. The attacks are designed to steal sensitive information and Blue Coat, in a report, said that the attackers went to extreme lengths to cover their tracks: routing all communications between the hackers and the compromised systems they controlled through a “convoluted network of router proxies and rented hosts” in countries like South Korea. The framework, dubbed “Inception” is global in scope, but appears to have started out targeting individuals in Russia. Attacks spread via phishing e-mail messages that contained malicious attachments, including key logging tools and remote access Trojan horse programs, BlueCoat said. The company has released a full report on the incident, which can be found here. (PDF) [Read more Security Ledger coverage […]

Discrete Malware Lures Execs At High-End Hotels

Kaspersky Lab has a fascinating write-up of malware it is calling “DarkHotel.” The information-stealing software is believed to target traveling executives. Curiously, Kaspersky says the malware may be almost a decade old and is found only on the wireless networks and business centers of select, high-end hotels. Reports about targeted attacks on traveling executives are nothing new. However, the Kaspersky report (PDF version here) may be the most detailed yet on a specific malicious software family that is devoted to hacking senior corporate executives. According to Kaspersky, the DarkHotel malicious software maintained a presence on hotel networks for years, with evidence of its operation going back as far as 2007. The malware used that persistent access to target select hotel guests, leveraging check-in/check-out and identity information on guests to limit attacks to high value targets. Targeted guests were presented with iFrame based attacks that were launched from the hotel’s website, […]

Dusting For Malware’s Bloody Prints

Podcast: Play in new window | Download () | EmbedSubscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | RSS | https://www.securityledger.com/subscribeMalicious software is nothing new. Computer viruses and worms have been around for decades, as have most other families of malware like remote access tools (RATs) and key loggers. But all our experience with malware hasn’t made the job of knowing when our organization has been hit by it any easier. In fact, recent news stories about breaches at Home Depot, Target, Staples and other organizations makes it clear that even sophisticated and wealthy corporations can easily overlook both the initial compromise and endemic malware infections – and at great cost. That may be why phrases like “dwell time” or “time to discovery” seem to pop up again and again in discussions of breach response. There’s no longer any shame in getting “popped.” The shame […]

Europol Warns of Internet of Things Risk

In a newly released report, Europol’s European Cybercrime Center (EC3) warns that the growth of the Internet of Things (IoT) threatens to strengthen the hand of organized cyber criminal groups and make life much more difficult for police and governments that wish to pursue them. EC3’s latest Internet Organized Crime Threat Assessment (iOCTA) says the “Internet of Everything” will greatly complicate the work of law enforcement creating “new opportunities for everything from cyber criminals to state actors to child abusers. The growing numbers of connected devices will greatly expand the “attack surface” available for cyber criminal activity, the EC3 warns. Cyber criminals may co-opt connected devices for use in common criminal activity (like denial of service attacks and spam campaigns). However, advancements like connected (“smart”) vehicles and infrastructure create openings for large scale and disruptive attacks. The report, which was published late last months, is a high level position paper and pulls data mostly […]

SRLabs-BadUSB

Unpatchable USB Malware Now Open Source | WIRED

Andy Greenberg over at Wired has an interesting piece of news coming out of last week’s Derbycon hacker conference in Louisville, Kentucky. According to Greenberg and Wired, researchers Adam Caudill and Brandon Wilson showed off their own version of Karsten Nohl and Jakob Lell’s BadUSB malware, and that they’d released the code on Github.   Their presentation raises the stakes for USB manufacturers to fix the BadUSB problem or leave hundreds of millions of users vulnerable, Greenberg writes. At a presentation at the Black Hat Briefings in August, Nohl and Lell, both of Security Research Labs (SRLabs), showed how the controller chips inside common USB devices can be reprogrammed, allowing USB peripherals to impersonate other kinds of devices.  Among other things, Nohl demonstrated how a BadUSB infected device could emulate a USB keyboard, issuing commands to a connected machine using the permissions of the logged-in user. Alternatively, an infected USB could spoof a […]