During a recent analysis of a business email compromise (BEC) scam, we observed a lure attempting to install the Olympic Vision Keylogger. Further research determined that this keylogger and the accompanying Olympic Vision Crypter were used in a larger campaign, targeting multiple organizations using a variety of different lures, including invoice lures and shipment confirmation lures. This campaign appears to be originating out of South Africa, utilizing both maliciously registered free domains as well as compromised domains.
You’ve done it.
After months of nagging, security awareness training, and constant reminders, your employees have started reporting phishing emails. Take a moment to pat yourselves on the back, because this is no mean feat.
But… now what? What do you actually do with all these reported emails?
About Parts One and Two This post is a conclusion to a three-part blog analyzing "Marcher" malware that targets the Android platform. Read part one
here and part two
here. To round out the discussion, let’s cover the network and host indicators associated with this trojan.
The recently discovered bug, Shellshock, also known as the “bash bug” was made public on September 24, 2014, causing widespread anxiety as bug patches failed to remediate all vulnerabilities. The bug is found in Bash – an almost ubiquitous system software used in millions of computers, Linux-based machines and even Mac computers. Essentially, the vulnerability allows for remote execution of arbitrary commands on web servers and computers with no authentication required.
We're pleased to announce that VirusTotal has joined our global network of cybercrime intelligence partners. Intelligence sharing is a vital part of the fight against cybercrime, providing threat visibility and insight to aggressively mitigate attacks and protect our clients. Our partnership with VirusTotal provides an additional layer of intelligence, expanding our threat visibility.
Vawtrak is the security industry's name for the latest version the 64-bit compatible Gozi Prinimalka Trojan, a family of malware first conceived in the mid-2000's. Recently, PhishLabs’ R.A.I.D (Research, Analysis, and Intelligence Division) has uncovered new developments in the latest Vawtrak configurations that indicate it is a much more substantial threat than it was a few months ago.
What You Need to Know
Last week, researchers at Proofpoint reported an attack campaign, which was dubbed “Smash & Grab,” targeting customers of JP Morgan Chase. Based on intelligence from the Phishlabs R.A.I.D. (Research, Analysis, and Intelligence Division), the “Smash & Grab” operations have been active since at least mid-June using the same phishing and malware combination tactics described in the initial report. Our analysis also indicates a possible connection to cybercriminal actors currently or previously involved in GameOver Zeus operations.
Over the last month, PhishLabs analyzed nearly 9,000 phishing kits and variants available on compromised and clandestine servers, file sharing services, underground scammer forums, and various user-generated content sites such as blogs.
The following chart displays a breakdown of phishing kits we analyzed, based on the type of brand targeted. Financial Institutions, ePayment & Money Transfer Services, Social Networking Sites, and Email Services were the brand categories most frequently targeted by phishing kits, representing a combined 77% of kits analyzed.
Last week, Check Point officially launched a new threat intelligence platform that integrates third-party intelligence feeds with Check Point technologies. Called ThreatCloud IntelliStore, it serves as a marketplace where Check Point customers can easily tap into intelligence feeds to enhance threat detection and prevention.
We're very proud and excited to be an inaugural partner in the ThreatCloud IntelliStore. Why, you ask?
Topics: Threat Intelligence
Earlier this week, law enforcement officials announced the arrest of more than 90 people for using and distributing the Blackshades RAT. In the wake of the arrests, we’ve been asked if Blackshades is a threat that banks, credit unions, and other financial institutions should be particularly concerned about.
Should financial institutions be doing anything differently to protect against Blackshades specifically? Probably not.