Malware Watch - W/E - 101918
Crypto Mining Attacks Soared Significantly in Late September (10/15/2018)
Check Point Software's researchers detected a near-400% increase in crypto mining malware attacks against iPhones in the last two weeks of September - a period when attacks against users of the Safari browser also rose significantly. These attacks used the Coinhive mining malware. Check Point's latest Global Threat Index revealed that Coinhive, Dorkbot, Cryptoloot, Andromeda, and Jsecoin were the top five most wanted types of malware during the month of September.
Check Point Software's researchers detected a near-400% increase in crypto mining malware attacks against iPhones in the last two weeks of September - a period when attacks against users of the Safari browser also rose significantly. These attacks used the Coinhive mining malware. Check Point's latest Global Threat Index revealed that Coinhive, Dorkbot, Cryptoloot, Andromeda, and Jsecoin were the top five most wanted types of malware during the month of September.
Octopus Trojan Masquerading as Messenger App to Spy on Central Asian Entities (10/15/2018)
Central Asian diplomatic organizations have been the target for a cyber espionage campaign that is using a Trojan called "Octopus," which has been disguised as a version of a popular and legitimate online messenger. Once installed, Octopus provided attackers with remote access to victims' computers. Using Kaspersky Lab algorithms that recognize similarities in software code, researchers discovered that Octopus could have links to DustSquad - a Russian-speaking cyber-espionage actor previously detected in former USSR countries in Central Asia and Afghanistan since 2014.
Central Asian diplomatic organizations have been the target for a cyber espionage campaign that is using a Trojan called "Octopus," which has been disguised as a version of a popular and legitimate online messenger. Once installed, Octopus provided attackers with remote access to victims' computers. Using Kaspersky Lab algorithms that recognize similarities in software code, researchers discovered that Octopus could have links to DustSquad - a Russian-speaking cyber-espionage actor previously detected in former USSR countries in Central Asia and Afghanistan since 2014.
Researchers Evaluates Dangerous GreyEnergy Cyber Espionage Group (10/17/2018)
The researchers at ESET have disclosed information about an entity called "GreyEnergy" and its attacks on energy companies and other high-value targets in Ukraine and Poland for several years. While ESET was assessing BlackEnergy, the threat group that caused outages in Ukraine in 2015, it came upon GreyEnergy, which has similar interests but has operated under the radar and has not been as destructive. GreyEnergy uses cyber espionage and reconnaissance tactics which could be gathering information for future attacks. GreyEnergy's malware framework bears many similarities to BlackEnergy and has connections to the Telebots threat group, an entity that was involved in the NotPetya ransomware attacks in 2017. ESET has been evaluating the connections between BlackEnergy, GreyEnergy, and Telebots and posted several blog posts about its findings.
The researchers at ESET have disclosed information about an entity called "GreyEnergy" and its attacks on energy companies and other high-value targets in Ukraine and Poland for several years. While ESET was assessing BlackEnergy, the threat group that caused outages in Ukraine in 2015, it came upon GreyEnergy, which has similar interests but has operated under the radar and has not been as destructive. GreyEnergy uses cyber espionage and reconnaissance tactics which could be gathering information for future attacks. GreyEnergy's malware framework bears many similarities to BlackEnergy and has connections to the Telebots threat group, an entity that was involved in the NotPetya ransomware attacks in 2017. ESET has been evaluating the connections between BlackEnergy, GreyEnergy, and Telebots and posted several blog posts about its findings.