Cyren » Malware
69 FOLLOWERS
This category is about malware, phishing, security awareness, and more. More than 1.3 billion users around the world rely on Cyren's 100% cloud internet security solutions to protect them against cyber attacks and data loss every day. Powered by the world's largest security cloud delivering very fast time to protection, Cyren arms enterprises with award-winning security-as-a-service..
Cyren » Malware
3M ago
Cyren offers ransomware protection from cyber-attacks through powerful cloud-based email security services.
What is ransomware?
Ransomware is a cyber attack that encrypts your files until you pay. This type of attack is malware that employs encryption – holding a victim’s information at ransom. A user or organization’s data is first encrypted. This way, they cannot access their confidential files, databases, or applications. After this, a ransom is demanded so that the cybercriminal will provide access. Ransomware is typically designed to spread across networks – targeting database and file ..read more
Cyren » Malware
10M ago
The bad, worse and the horrible
by Gunnar Guðmundsson and Axel Marinho Guðmundsson
Introduction
In this article, we look at a malware payload from an exploited Microsoft Word document. With a little Python scripting and deciphering we research a single sample and gather a few more versions to view a history of active development.
Recently we received a malicious DOCX document format containing an embedded Visual Basic script designed to download a compressed .hta payload.
Figure 1 Visual Basic script
The .hta file had an obfuscated function that downloads a PowerShell script disguised as a ..read more
Cyren » Malware
10M ago
by Dexter To and Maharlito Aquino Introduction
Originally a banking Trojan that existed in the wild as early as 2007, Qakbot (or QBot) is a pioneer of malware as a service, which is continually maintained and developed to this day. While its main purpose is to steal banking credentials such as logins and passwords, it has also added functionalities to spy on financial operations, spread itself and install ransomware in compromised organizations to maximize revenue for cybercriminals.
Email Hijacking
Recently we have observed the following malware campaign exhibiting a man-in-the-middle (MITM ..read more
Cyren » Malware
10M ago
by Kervin Alintanahin
Recently, we have received an increase in the number of malicious email samples with password-protected attachments. The recent waves of attacks with Emotet use a similar approach. In this blog we describe our analysis of another set of samples that used file archives (e.g. zip file) secured with passwords.
The authors of this attack inserted the file archive file into an HTML file.
Figures 1.1 and 1.2: Emails with initial malware component, an HTML attachment
Once the HTML file is opened, it will drop a file as if that file was downloaded by the user. The HTML pa ..read more
Cyren » Malware
10M ago
by Kervin Alintanahim
Password Protected Docs
One of the most recent Emotet samples we received were emails with password protected attachments. Although the malicious document needs an extra step to be accessed compared to just being attached as it is, the additional layer of ‘security’ may cause an unsuspecting user to think that this came from a legitimate source.
Figure 1. Email sample
Same Code, Different Types
Emotet downloaders are leveraging the different file types of excel. The two examples below have the same macro code but one is an OLE format Excel file (.XLS) and the other ..read more
Cyren » Malware
10M ago
by Max Avory
Reading a complete report is not for everyone. If that includes you, here are the key takeaways from the 2022 Osterman report on Phishing, BEC, and Ransomware Threats for Microsoft 365 Customers.
“Less than half the organizations ranked their currently deployed email security solutions effective. Respondents felt least confident in their ability to prevent BEC attacks followed by mass-mailed phishing campaigns.”
It’s alarming that such a large proportion of organizations feel this way about their current solutions, considering how damaging a successful breach can be.
One would ex ..read more
Cyren » Malware
10M ago
By Floser Bacurio Jr
We have been observing that malware is being distributed via NSIS-based crypter. Malware such as FormBook, AgentTesla, GULoader, just to name a few, have been using NSIS as their loader. We have seen several ways of obfuscation implemented with the installer that decrypts and directly loads the malware into memory without dropping its file to the disk.
What is NSIS?
A quick overview of NSIS (Nullsoft Scriptable Install System): it is an open-source script-driven tool that can be used to create Windows software installers. This tool is flexible and can let you bundle sev ..read more
Cyren » Malware
10M ago
Spyware is a type of malicious software that enters your computer or mobile device without consent in order to gain access to your personal information and data and relays it to a third party. Considered a type of malware, spyware spies on the computer user, capturing keystrokes, emails, documents, or even turning on the video camera.
Spyware has been a part of the public discourse since the mid-90s and in the early 2000s the term “spyware” began being used by cybersecurity companies in much of the same way that it is used today. Today, spyware continues to be the most common threat on the int ..read more
Cyren » Malware
10M ago
by Ira Chernous
This isn’t a story of Halloween costumes and candy. It’s a story about a cyberattack in which the victim always pays for the trick. This type of story almost never has a happy ending.
What is Ransomware?
Ransomware is a type of malicious software that uses encryption to hold a targeted victim’s information at ransom. Over the last few years, this type of cyberattack has become increasingly popular despite the complexity of its implementation. To execute a ransomware attack, the fraudster needs to be proficient in many areas, from social engineering through cryptography to pro ..read more
Cyren » Malware
10M ago
Supercharging Your Enterprise Malware Detection
Organizational users rely on multiple tools and products to improve their productivity and collaboration. These enterprise tools allow companies to share a large number of files such as PDFs, documents, spreadsheets, and more. This allows for easy collaboration and communication between employees. Increased reliance on email, as well as cloud file storage and sharing platforms, has given rise to incidents that involve file-based malware and phishing attacks.
Enterprises and their employees trust organizational products and tools to provide ..read more