Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Malware

Ransomware experiences and why IT security professionals have a lot on their minds

Every year we survey visitors to our booth at Black Hat about trending topics. This year, we asked about ransomware and the ever-increasing complexity of our cybersecurity environment. The results are very interesting - things may be getting much better, or we may all be collectively in denial. Let's break it down.

Block newly-registered domains to reduce security threats in your organisation

It’s no secret that there are a lot of websites on the internet hosting malicious content whether they be phishing pages, scams or malware itself. Every day we hear of new attacks, there’s a common denominator of either a user having clicked on a link to a fraudulent website or a site having played host to code that pulled a malicious payload down from a third-party server.

Anatomy of a ransomware attack

Ransomware isn’t a new phenomenon, but it’s effects are starting to be felt more widely, and more deeply than ever before. Behemoths like Sony, Nissan, FedEx, Kraft Foods and Deutsche Bank have all been hit in recent years, and the list is growing. The ongoing saga of the ransomware attack in Baltimore, MD has left citizens unable to pay parking tickets or finalize property sales. American small businesses may bear the brunt of the impact of ransomware’s global spread.

Psychological Tricks of the Malware Trade

As a Professional Services Consultant, I have the pleasure of traveling all around the globe meeting clients and talking to a wide variety of IT security professionals who form the front line of defence against malware. One of my favorite topics is how people got their start in their careers in IT, but when I start discussing my own early years and touch upon my university studies, I’m often surprised by the number of people who do a double take when I share my chosen subject.

What's the Difference between Malware and Viruses?

If you’re not in the IT industry, all the technical terms for malicious attacks on computer network systems can be confusing. It’s also pretty easy to think you know what you’re talking about but actually have not got it right. In today’s blog post, we’re going to tackle viruses and malware, a couple of the most-used terms when talking about email threat protection, and figure out how you can address them.

Thousands of NHS computers are still running Windows XP from beyond the grave

Two years after the WannaCry ransomware outbreak shone a light on the computer security of the UK’s National Health Service, and five years after Microsoft said it would no longer release patches for Windows XP, the NHS still has 2300 PCs running the outdated operating system. The worrying statistic came to light in the response to a parliamentary question asked by shadow minister Jo Platt MP. The fact that 2,300 NHS computers are still running Windows XP is, obviously, not great news.

Newly identified StrongPity operations

Alien Labs has identified an unreported and ongoing malware campaign, which we attribute with high confidence to the adversary publicly reported as “StrongPity”. Based on compilation times, infrastructure, and public distribution of samples - we assess the campaign operated from the second half of 2018 into today (July 2019). This post details new malware and new infrastructure which is used to control compromised machines.

A peek into malware analysis tools

With the commercialization of cybercrime, malware variations continue to increase at an alarming rate, and this is putting many a defender on their back foot. Malware analysis — the basis for understanding the inner workings and intentions of malicious programs — has grown into a complex mix of technologies in data science and human interpretation. This has made the cost of maintaining a malware analysis program generally out of reach for the average organization.

What is Ryuk and will it be holding you to ransom?

According to Google, Ryuk is ‘a fictional character in the manga series Death Note’. I have no idea what this is, but I imagine it’s significantly less interesting than the Ryuk ransomware campaign that’s currently hitting businesses right across the world. The UK’s NSCS is investigating such campaigns and has recently published an advisory on it, and we’re no strangers to Ryuk at Bulletproof either.