Tag: medium

The SessionManager IIS backdoor

The SessionManager IIS backdoor

Following on from our earlier Owowa discovery, we continued to hunt for more backdoors potentially set up as malicious modules within IIS, a popular web server edited by Microsoft. And we didn’t come back empty-handed… In 2021, we noticed a...

/ June 30, 2022
The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs

The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs

These days ransomware analysis gets a lot of coverage in commercial and public reports, with vendors issuing dozens of ransomware-related publications each year. These reports provide analysis on specific malware families or new samples, describe the activities of a particular...

/ June 23, 2022
APT ToddyCat

APT ToddyCat

ToddyCat is a relatively new APT actor that we have not been able to relate to other known actors, responsible for multiple sets of attacks detected since December 2020 against high-profile entities in Europe and Asia. We still have little...

/ June 21, 2022
‘Unpacking’ technical attribution and challenges for ensuring stability in cyberspace

‘Unpacking’ technical attribution and challenges for ensuring stability in cyberspace

Introduction When reports of a cyberattack appear in the headlines, questions abound regarding who launched it and why. Even if an attacker has what are to it perfectly rational reasons for conducting such an attack, these reasons are often known...

/ June 20, 2022

How much does access to corporate infrastructure cost?

Division of labor Money has been and remains the main motivator for cybercriminals. The most widespread techniques of monetizing cyberattacks include selling stolen databases, extortion (using ransomware) and carding. However, there is demand on the dark web not only for...

/ June 15, 2022

Router security in 2021

A router is a gateway from the internet to a home or office —  despite being conceived quite the opposite. Routers are forever being hacked and infected, and used to infiltrate local networks. Keeping this gate locked so that no...

/ June 8, 2022

CVE-2022-30190 (Follina) vulnerability in MSDT: description and counteraction

At the end of May, researchers from the nao_sec team reported a new zero-day vulnerability in Microsoft Support Diagnostic Tool (MSDT) that can be exploited using Microsoft Office documents. It allowed attackers to remotely execute code on Windows systems, while...

/ June 6, 2022

WinDealer dealing on the side

Introduction LuoYu is a lesser-known threat actor that has been active since 2008. It primarily goes after targets located in China, such as foreign diplomatic organizations established in the country, members of the academic community, or companies from the defense,...

/ June 2, 2022

IT threat evolution in Q1 2022. Mobile statistics

These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q1 2022: 6,463,414 mobile malware, adware and riskware attacks were blocked. The largest...

/ May 27, 2022

IT threat evolution Q1 2022

Targeted attacks MoonBounce: the dark side of UEFI firmware Late last year, we became aware of a UEFI firmware-level compromise through logs from our firmware scanner (integrated into Kaspersky products at the start of 2019). Further analysis revealed that the...

/ May 27, 2022

IT threat evolution in Q1 2022. Non-mobile statistics

These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q1 2022: Kaspersky solutions blocked 1,216,350,437 attacks from online resources across...

/ May 27, 2022

Managed detection and response in 2021

Kaspersky Managed Detection and Response (MDR) helps organizations to complement existing detection capabilities or to expand limited in-house resources to protect their infrastructure from the growing number and complexity of threats in real time. We collect telemetry from clients’ networks...

/ May 26, 2022