Threat Intelligence

28 05, 2018

VPNFilter Malware: What we know so far on the router threat

By |2019-03-08T12:58:10-07:00May 28th, 2018|Threat Intelligence|

Recently, a malware known as “VPNFilter” was discovered infecting various types of routers. VPNFilter is a modular, multi-stage malware that works mainly on home or small office routers. Since 2016, when the malware was initially introduced, it has compromised more than 500,000 home and small office routers and NAS boxes. Infection of such a large [...]

10 05, 2018

Double Kill Exploit Jumps From MS Office to Internet Explorer

By |2018-05-10T14:57:32-07:00May 10th, 2018|Threat Intelligence|

This week, Microsoft released a patch for the zero-day vulnerability (CVE-2018-8174) — central to the Double Kill exploit — affecting VBScript Engine. In this coordinated release, Qihoo 360 researchers discovered that it was exploited in the wild as early as April 18, 2018, allowing code execution by remote attackers. The vulnerability was used to install [...]

26 04, 2018

Drupalgeddon2 Attack Puts Sites at Risk Worldwide

By |2018-04-26T17:01:53-07:00April 26th, 2018|Threat Intelligence|

Drupal, a popular open-source content management system (CMS) used by more than a million sites worldwide, published yesterday another security advisory rated as highly critical in response to the Drupalgeddon2 attack. This is the third security advisory from Drupal within the last 30 days. Drupalgeddon2 Vulnerability On March 28, Drupal published CVE-2018-7600. Dubbed Drupalgeddon2, the [...]

12 04, 2018

Hackers Disrupt Critical Infrastructure Network Using Cisco Smart Install Flaw

By |2018-04-12T15:29:36-07:00April 12th, 2018|Threat Intelligence, Vulnerability & Threat Management|

During the past week, Cisco’s Smart Install Client tool had been compromised by attackers, causing disruptions of the communication infrastructure of approximately 200,000 Cisco routers worldwide. Cisco’s Smart Install Client is a piece of software which allows customers to deploy new switches remotely with no additional configuration requirements. The vulnerability allows for the misuse of [...]

29 03, 2018

The Cryptomining Malware Family

By |2018-03-29T11:54:39-07:00March 29th, 2018|Threat Intelligence|

Cryptominers have become their own class of malware, growing in popularity as a low-risk, high-reward way for cybercriminals to make an easy crypto-buck. In this post, we’ll look at the members of the cryptomining malware family and their techniques. Browser-Based Cryptomining Software CoinHive, Crypto-Loot and JSEcoin allow website owners to legitimately monetize website traffic. Favoring [...]

28 03, 2018

Cryptominers More Lucrative, Lower Risk Than Ransomware

By |2018-03-29T11:56:41-07:00March 28th, 2018|Threat Intelligence|

If 2017 was the year of high-profile data breaches and ransomware attacks, 2018 seems to be the year of cryptocurrency-related malware. Cryptominers managed to impact 23 percent of organizations globally. Cryptomining is relatively new, and not all of it is purely malicious. Some cryptominers are considered to be legitimate techniques to gain cryptocurrency, akin to [...]

20 02, 2018

Triton Malware Can Remotely Target Critical Infrastructure

By |2018-02-20T13:46:44-07:00February 20th, 2018|Threat Intelligence|

Triton malware (aka TRISIS) has joined the limited list of publicly identified malware targeted at operational technology (OT) networks. Other occupants of this small-but-mighty category include Stuxnet (2010), Shamoon (2012), Shamoon 2 (2016) and Industroyer (2016). In August of 2017, the Triton malware was observed to be targeting Schneider Electric’s Triconex safety instrumented system (SIS) [...]