Showing posts with label Malware Analysis. Show all posts
Showing posts with label Malware Analysis. Show all posts

Friday, 12 May 2017

Ransomware outbreak at a global scale | #wannacry

Approximately 74 countries are currently under an ongoing cyber-attack. The NHS in the UK has been massively affected, along with major companies worldwide. 

Computer systems are being infected with the ransomware known as WanaCrypt0r 2.0 (known as WCry and WannaCry). The malicious file targets a known computer vulnerability (MS17-010). 

System Administrators:
- Ensure systems are fully patched, especially by addressing the MS17-010 vulnerability. 
- Disable SMBv1.
- Firewall protect ports: 139/445 & 3389
- Make sure you have a backup of your data and it is also stored offline. 
- Ensure Antivirus is installed and active.

Legacy systems should be isolated and any systems which are infected, consider removing them from the network. 

Under Attack?
  • Customers in the healthcare sector should follow the national guidance as instructed by the NHS and the National Cyber Security Centre (NCSC).
  • UK customers consult the Cyber Information Sharing Platform (CiSP).
  • DeepRecce customers requiring further advice or information should contact our 24/7 incident response line www.deeprecce.com

--
Repository of information:
WannaCry|WannaDecrypt0r NSA-Cybereweapon-Powered Ransomware Worm
https://gist.github.com/pcostesi/87a04a3bbbdbc4aeb8b787f45eb21197 

Microsoft released notes:
https://blogs.technet.microsoft.com/mmpc/2017/05/12/wannacrypt-ransomware-worm-targets-out-of-date-systems/

Tuesday, 26 May 2015

NitlovePOS - POS terminals being targeted through phishing emails

Cyber-criminals and fraudsters have started targeting employees working on Point-of-Sales terminals in order to get their hands on card details. 

There is now evidence that social engineering and spear phishing emails are actively being used and have become the next attack method against employees who have access to payment applications, virtual terminals and electronic cash registries. 
The new malware is named NitlovePOS [Virus Total Detection Rate] and it targets track one and track two data by scanning the processes running. In other words, it is yet another memory-scraping malware that sends the captured data to a remote server over SSL.


Saturday, 9 May 2015

{ } YARA - The pattern matching swiss knife for malware researchers

This is a blog post about YARA, the pattern matching tool which allows malware researchers to identify and classify malware samples. It is a very interesting tool and fairly easy to get the hand of it. In a few lines of code you can create descriptions of malware families (or anything else you would like to describe) based on textual or binary patters. 

You can create simple rules or more complex ones, depending on what you trying to do. It supports wild-cards, case-insensitive strings, regular expressions, special operators and has a number of additional features to play with. 

YARA is also multi-platform! It can be run on Windows, Linux and Mac OS X. It can be used through its command-line interface or from your own Python scripts with the yara-python extension.