menu

Contact Us

1 (800) 723-1166 |

Malware

HomeMalware
HomeMalware

Security Predictions 2017 – How did we do?

Every year, Forcepoint makes security predictions for the 12 months ahead. Here, we review how well we did in our 2017 Predictions Report, released in November of 2016.

NotNotPetya - Bad Rabbit

On 24 October 2017 Bad Rabbit – the third ‘major’ ransomware outbreak of the year – made headlines as it affected large numbers of machines, predominantly in Eastern Europe.

The malware bears many similarities to the Petya - AKA NotPetya, GoldenEye, ExPetr, Petrwrap - attack from June: the ransom messages are very similar in both content and style, the ransom demand is for a similar amount (USD 300 in June versus BTC 0.05 – approximately $280 at current prices), and it attempts to move laterally once inside a network.

WannaCry Ransomware-Worm Targets Unpatched Systems

Yesterday, the world saw one of the most significant malware outbreaks for quite some time: our news feeds are full of the news of this cyber attack with institutions in many countries being impacted and reports of whole computer networks being shut down. The malware's ability to self-propagate was a significant change from what we have become used to in recent years, with possibly the most recent major outbreak of this type being the Conficker worm nearly a decade ago.

Updated Tuesday 16 May 2017.

New Variant of Geodo/Emotet Banking Malware Targets UK

Forcepoint Security Labs have recently observed a malicious email campaign delivering what appears to be a new variant of the Geodo/Emotet banking malware, predominantly to .UK TLDs across a range of sectors including addresses at major business and government departments.

Carbanak Group uses Google for Malware Command-and-Control

Forcepoint Security Labs™ recently investigated a trojanized RTF document which we tied to the Carbank criminal gang. The document contains an encoded Visual Basic Script (VBScript) typical of previous Carbanak malware. Recent samples of the malware have now included the ability to use Google services for command-and-control (C&C) communication. We have notified Google of the abuse and are working with them to share additional information.

MM Core In-Memory Backdoor Returns as "BigBoss" and "SillyGoose"

In October 2016 Forcepoint Security Labs™ discovered new versions of the MM Core backdoor being used in targeted attacks. Also known as “BaneChant”, MM Core is a file-less APT which is executed in memory by a downloader component.

The Many Evolutions of Locky

First spotted in February 2016, the Locky crypto-ransomware has become a dangerous threat to both large organisations and residential users alike. In this blog we give a brief overview of what Locky is and cover the significant aspects of its infamous history.

BITTER: A Targeted Attack Against Pakistan

Introduction

Forcepoint Security Labs™ recently encountered a strain of attacks that appear to target Pakistani nationals. We named the attack "BITTER" based on the network communication header used by the latest variant of remote access tool (RAT) used:

Pages