Tag: medium

APT trends report Q2 2021

For more than four years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of...

/ July 29, 2021

DDoS attacks in Q2 2021

News overview In terms of big news, Q2 2021 was relatively calm, but not completely eventless. For example, April saw the active distribution of a new DDoS botnet called Simps — the name under which it introduced itself to owners of infected...

/ July 28, 2021

Managed Detection and Response in Q4 2020

 Download full report (PDF) As cyberattacks become more sophisticated, and security solutions require more resources to analyze the huge amount of data gathered every day, many organizations feel the need for advanced security services that can deal with this growing...

/ July 21, 2021

Arrests of members of Tetrade seed groups Grandoreiro and Melcoz

Spain’s Ministry of the Interior has announced the arrest of 16 individuals connected to the Grandoreiro and Melcoz (also known as Mekotio) cybercrime groups. Both are originally from Brazil and form part of the Tetrade umbrella, operating for a few...

/ July 14, 2021

LuminousMoth APT: Sweeping attacks for the chosen few

APT actors are known for the frequently targeted nature of their attacks. Typically, they will handpick a set of targets that in turn are handled with almost surgical precision, with infection vectors, malicious implants and payloads being tailored to the...

/ July 14, 2021

Quick look at CVE-2021-1675 & CVE-2021-34527 (aka PrintNightmare)

Summary Last week Microsoft warned Windows users about vulnerabilities in the Windows Print Spooler service – CVE-2021-1675 and CVE-2021-34527 (also known as PrintNightmare). Both vulnerabilities can be used by an attacker with a regular user account to take control of...

/ July 8, 2021

Wildpressure targets the macOS platform

New findings Our previous story regarding WildPressure was dedicated to their campaign against industrial-related targets in the Middle East. By keeping track of their malware in spring 2021, we were able to find a newer version. It contains the C++...

/ July 7, 2021

REvil ransomware attack against MSPs and its clients around the world

An attack perpetrated by REvil aka Sodinokibi ransomware gang against Managed Service Providers (MSPs) and their clients was discovered on July 2. Some of the victims have reportedly been compromised through a popular MSP software which led to encryption of...

/ July 5, 2021

Do cybercriminals play cyber games in quarantine? A look one year later

Last year, we decided to take a look at how the pandemic influenced the gaming industry and what new threats gamers could be facing. What we found was that, with the transition to remote work and remote learning, the number...

/ July 1, 2021

Remote dating: How do the apps safeguard our data?

The pandemic and the restrictions that came with it have led to an increase in the popularity of dating apps. For example, the total number of swipes on Tinder increased by 11% last year, with the daily number of swipes...

/ June 29, 2021

Detecting unknown threats: a honeypot how-to

Catching threats is tricky business, especially in today’s threat landscape. To tackle this problem, for many years сybersecurity researchers have been using honeypots – a well-known deception technique in the industry. Dan Demeter, Senior Security Researcher with Kaspersky’s Global Research...

/ June 28, 2021

Malicious spam campaigns delivering banking Trojans

In mid-March 2021, we observed two new spam campaigns. The messages in both cases were written in English and contained ZIP attachments or links to ZIP files. Further research revealed that both campaigns ultimately aimed to distribute banking Trojans. The...

/ June 24, 2021