Hacking the Hacker

 
  How We Cracked the Code on DirCrypt Ransomware Ransomware has become a top computer security threat over the past few years, with a rapid evolution of variants and techniques. It is perhaps the most purely ‘evil’ form of malware in that it uses scare tactics to apply psychological pressure on the victim. Victims Don't Know What to Do - Except Pay the Ransom  In a typical ransomware attack, cybercriminals block access to a user’s computer completely or encrypt files so the user can’t access them. Just like a kidnapper, the cybercriminal then demands that the user pay a ransom to regain control of their PC and data. Typically, payment must be made through Bitcoin, MoneyPak ...

Mobile Security Weekly – Are iOS and Android full of holes or is it just Gamma Group?

 
Questions continue to be raised, both by users and now governments, regarding the safety of mobile devices. With news items going both ways, it’s hard to keep up and make sure that your enterprise is aware of all the relevant risks. In light of the recent Gamma Group leak, is iOS that much safer, or not? In today’s mobile landscape, Apple loves to highlight the fact that Android phones are more susceptible to malware while the iPhone is considered more secure. Now, leaked documents from Gamma Group, one of the world's leading surveillance companies, seem to have reaffirmed the idea, or did they? ...

Mobile Security Weekly – Bringing the Hammer Down on Mobile Threats

 
  The world of mobile security is constantly absorbing and adopting new trends. This week’s summary highlights just that. It’s evident just how unsecure even the most “secure” devices are - despite several companies attempting to create an “impregnable” device. On the flip side, we see more examples of mobile security being taken seriously - whether by Google or governments.   British Information Watchdog warns of £500,000 fines for putting clients’ data at risk. The Information Commissioner's ...

Practical Attacks Against VDI and Augmenting Mobile Security

 
The following content "Practical Attacks Against VDI and Augmenting Mobile Security" was part of a Black Hat USA 2014 Presentation Last week at Black Hat, Michael Shaulov, CEO and CoFounder of Lacoon and Daniel Brodie, Sr Security Researcher of Lacoon presented to a packed room of several hundred people on the topic of “Practical Attacks Against VDI.” During the presentation they were clear that they weren't destroying the myth about VDI, but rather opining out how to evaluate and quantify the mobile security aspects when moving forward with mobility initiatives. Key points highlighted in the session included: What are the ...

Are Malicious Configuration Profiles iOS’ Achilles Heel?

 
As part of our ongoing efforts to protect our clients from all types of mobile threats, Lacoon researches Malicious iOS Configuration Profiles. We have been able to gain many insights from this research and to share this, we recorded a podcast episode with one of the senior security researchers at Lacoon Mobile Security, Dan Koretsky.   You can hear the podcast here in our new Mobile Security Talk Podcast Channel.   For those that prefer the written word, we summed up our conversation with Dan: What exactly is an iOS configuration profile? Configuration profiles are ...

Mobile Security Weekly – Android Threats Stack Up

 
On the heels of BlackHat USA, perhaps it’s hardly surprising that this week has been especially full of malware. Much like the demonstrations and presentations at Blackhat, this week’s stories highlight attackers’ technical prowess as well as effectiveness and practicality. Researchers in Russia have discovered that half a million devices have been infected with a form of banking malware. 541,000 smartphones running on Android in Russia, Europe and the US are already infected with malware that grants the perpetrators full access to people’s mobile devices. A recurring trend, this attack is based on a large scale SMS ...

Check Point Protects from the HAVEX Malware Targeting ICS/SCADA Systems

 
Dragonfly Cyber Espionage campaign overview Havex is a Remote Administration Tool (RAT) used recently by the “dragonfly” cyber espionage group. They were using the Havex malware to target Industrial Control Systems (ICS) and SCADA systems at energy companies across Europe and the US. Several methods were used to infect computers with the Havex RAT, such as spear phishing or a watering hole attack. For example, using a watering hole attack, the group would take control of ICS/SCADA vendor’s website and infect software that customers downloaded. One of the many malicious samples that were analyzed by the Check Point security research group is software named “MB ...

GOZ – Is it game over, Zeus?

 
Overview Zeus is a highly sophisticated family of Trojans that seeks to steal banking information and accounts from victims. Zeus targets popular operating systems such as Windows and Android and is usually distributed to end-users through social engineering tactics such drive-by downloads and phishing emails. Although Zeus was discovered back in 2007, it remains popular by introducing new variants to the market via Trojan-building toolkits that can be easily purchased online. One Zeus variant, known as Gameover Zeus (or GOZ) gained further popularity by its ability to distribute the Cryptolocker ransomware (See: Defeating Cryptolocker with ThreatCloud and Gateway Threat Prevention). GOZ ...

Protecting computers from the damages of RAMDO Click Fraud Trojan

 
Details Ramdo is a family of Trojan horses which performs click fraud. This type of Trojan program is used to increase the number of visits on certain websites or to boost the number of hits for online ads. Ramdo installs itself by using an exploit kit, copies itself onto the system and creates an encrypted DLL file containing the Trojan’s payload which is injected to a new system process. It also stores its configuration data (User Agent, C&C related information and the RC4 key used for decrypting data from the C&C) in the system's registry. Network Analysis First of all, Ramdo generates an HTTP get request to Google for connectivity testing purposes. The ...

Don’t Become the Next Code Spaces: Learn best practices for using cloud services securely

 
Overview Code Spaces, which offered source code repositories and project management services hosted in Amazon’s Web Services for developers, was forced to cease operations in June after failing to meet the demands of cyber-extortionists. The company was first hit with a Distributed Denial of Service (DDoS) attack, followed by a devastating cyber breach that, in an instant, destroyed the intellectual property of the business. Code Spaces’ problems began with a DDoS attack on June 17th. However, the DDoS attack was a smokescreen for a broader attack aimed at accessing Code Spaces’ systems. The attacker took over Code Spaces’ panel access and the company explained in a blog post, ...