During a regular hunt for malware, our researchers came across an interesting malicious Android app that portrayed itself as an online app for the reputable Russian bank Sberbank, which is the largest bank in Russia and Eastern Europe. There have been various attempts made in past to attack Sberbank of Russia and due to the ubiquitous nature of mobile devices, malware developers have also tried targeting Sberbank customers on their mobile devices in past. Looking at the sample we recently saw from our malware feeds, it appears to be yet another attempt at targeting the bank users in a unique way. Overview: The malware…
Author: ISBuzz Team
A Brief Introduction to NetFlow NetFlow is data generated by network devices – routers, switches, firewalls, etc. – that contains information about the data that’s moving through the network. The term NetFlow is often used generally to refer to this type of information, but “NetFlow” is actually proprietary to Cisco. Other vendors have their own versions, such as J-Flow from Juniper, and sFlow. There are also different versions of NetFlow. The most commonly used are v5 and v9 (which includes some additional information not available in v5). IPFIX, which is also known as NetFlow v10, was created by the IETF…
Kaspersky Lab experts and Sberbank, one of Russia’s largest banks, worked closely with Russian Law Enforcement Agencies in an investigation into the Lurk gang that has now resulted in the arrest of 50 people. Those detained are suspected of involvement in the creation of infected computers networks that resulted in the theft of more than 45 million dollars (3 billion rubles) from banks, other financial institutions and businesses since 2011. This is the largest ever arrest of hackers to have taken place in Russia. In 2011, Kaspersky Lab detected the activity of an organised cybercriminal gang using the Lurk Trojan…
sFlow, which is short for “sampled flow,” provides an industry standard for exporting truncated packets with interface counters. The sFlow Agent is a software process that runs as part of the network management software within devices, such as routers or switches. The sFlow agent packages the data into sFlow datagrams that are immediately sent on the network to minimize memory and CPU requirements. According to sFlow.org – the authoritative source of the sFlow protocol specifications – sFlow offers a number of advantages: It’s an industry standard, which ensures interoperability. (You can see a list of vendors that export sFlow here.)…
Security expert John Smith commented on the news of newly discovered Irongate malware which aims to disrupt core Industrial systems. (Photo: FireEye) John Smith, Principal Solution architect at Veracode: Industrial control systems are found…
PhishMe’s Analysis of phishing campaigns in first three months of 2016, shows an intensified 789% year-over-year spike in malware and phishing threats Leesburg, (Va. USA) & London (UK) : PhishMe, a global provider of phishing-defense solutions for the enterprise, today revealed that its analysis of phishing email campaigns from the first three months of 2016 has seen a 6.3 million increase in raw numbers, due primarily to a ransomware upsurge against the last quarter of 2015. That is a staggering 789% jump. Published today, PhishMe’s Q1 2016 Malware Review identified three key trends previously recorded throughout 2015, but have come to…
U.S. business leaders are unprepared for the increased threat to information security that comes with flexible office environments, according to the 2016 Shred-it Security Tracker information security survey. The study shows that leaders are not providing the protocols and training needed to ensure customer and competitive information remains secure in a mobile work environment. With the number of mobile workers in the US expected to reach 105 million by 20201, more workers are using the tools of the modern workforce, including laptops, USBs and cloud storage to connect outside the traditional office environment. The 2016 Security Tracker shows that the majority…
Report Uncovers New Campaign Methods and Priority Industry Targets, Finds ‘Ransomware Bosses’ Make 13x Salary of the Average Russian Flashpoint, the global leader in Deep & Dark Web data and intelligence, today released the findings from a five-month study of an organized Russian ransomware campaign. The new research report, Inside an Organized Russian Ransomware Campaign delves into the details of how cybercriminals are using Ransomware as a Service (RaaS) to successfully target victims, with the healthcare industry being identified as a priority target. The report reveals ransomware campaign key metrics, including average salaries for various members of ransomware schemes, ransom amounts per…
Following the news that DNS hijacking vulnerability targets Google analytics. ESET provides its analysis on it. ESET has analysed a Potentially Unwanted Application (PUA), named DNS Unlocker, hijacking victims’ computers to use rogue DNS servers. When the victims’ browsers look for google-analytics.com the rogue DNS server will point to a malicious server injecting additional JavaScript. This is done so that advertisements by DNS Unlocker are inserted into web pages using Google Analytics. DNS hijackers are nothing new, nor usually even worthy of comment. What makes these recent versions of DNS Unlocker interesting is the trick they use to surreptitiously configure the victim’s computer’s…
Following the news that Russian police arresting 50 hackers. Two Russian deep web experts provide below an insight on this news. Leo Taddeo, CSO of Cryptzone and former FBI Special Agent in Charge of the NY Cybercrimes division. Vitali Kremez, Cybercrime Intelligence researcher at Flashpoint. Leo Taddeo, Chief Security Officer at Cryptzone: This operation shows what US cyber experts knew all along, that Russia is very capable of finding and stopping cybercriminals operating within their borders. The remaining question is whether Russia has changed its policy of intransigence on the cybercrime issue for the benefit of US and other victims of Russian cybercrime, or…