IcedID is a banking trojan, it is designed to be stealthy and built to collect financial information. IcedID harvests user credentials and banking sessions to commit financial crimes, including carding, money laundering, and transferring of funds to foreign financial institutions. In recent research published by Splunk Threat Research Team (STRT) the inclusion of cryptocurrency exchange information was also included by Trickbot in the web inject code.

Malware analysis is a fundamental factor in the improvement of the incident detection and resolution systems of any company. The Sysdig Security Research team is going to cover how this Shellbot malware works and how to detect it. Shellbot malware is still widespread. We recorded numerous incidents despite this being a relatively old and known attack that is also available on open Github repositories.

The common theme across ransomware, insider threats, and data theft is the exfiltration of data. While threat research labs usually publish the process steps of ransomware encryption, keys, and disk clean-up, the parts about accessing the data and exfiltration are often left out. Also, one security solution does not solve the problem itself, making partner integrations vital to the success of security solution stacks.

A few months ago, the largest U.S. pipeline operator, Colonial Pipeline, was forced to halt operations for nearly a week due to a ransomware attack. While it ultimately didn’t stop consumers from buying gasoline, the incident forced the company to pay $4.4 million in ransom payment and illustrated just how vulnerable energy organizations are to cyberattacks.

Defending against loader-type malware is crucial to avoid a potential ransomware incident, given the fact that is the foothold of the attack kill-chain related to ransomware tactics, techniques and procedures (TTPs). Two of the most recent malware loaders to emerge are SquirrelWaffle and MirrorBlast. While SquirrelWaffle delivers Cobalt Strike payloads to victims, MirrorBlast uses novel techniques to gather intelligence and drop malicious payloads onto devices.

Security researchers at the Lookout Threat Lab have identified a new rooting malware distributed on Google Play and prominent third-party stores such as the Amazon Appstore and the Samsung Galaxy Store. We named the malware “AbstractEmu” after its use of code abstraction and anti-emulation checks to avoid running while under analysis. A total of 19 related applications were uncovered, seven of which contain rooting functionality, including one on Play that had more than 10,000 downloads.

The FBI has warned that over 30 US-based companies had been hit by the Ranzy Locker ransomware by July this year, in a flash alert to other organisations who may be at risk. According to the alert, issued with the Cybersecurity and Infrastructure Security Agency (CISA), most of the victims were compromised after brute force credential attacks targeting Remote Desktop Protocol (RDP) to gain access to targets’ networks.

With the continuing rise of ransomware, malware defenses are more critical than ever before with regard to securing the enterprise. Anti-Malware technologies have become an afterthought in many organizations, a technology that they’ve always had, always used, and never really thought about. This control serves as a reminder that this technology is as critical as it ever was and lays out the minimum requirements for ensuring your malware defenses are up to the task.

While organisations frequently focus their security strategy on external risks, the trend of company employees being targeted by threat actors to help provide access is on the rise. In this blog post, we explore the growing issue, outline some recent examples and provide some key steps to take in response.

Viruses are the hot topic of 2021. We’re not just talking about the COVID-19 virus. Computer viruses, identity theft, and threat actors are no longer just the subject of sci-fi films and crime shows, but a reality of running a business. More than ever, cybersecurity is top of mind for business leaders. Whether you are a Fortune-500 Company or just launching your first venture, no business is too big or too small to escape the realities of today’s cyber threats.