There have been an increasing number of headlines about breaches at retailers in which attackers have made off with credit card data after compromising point-of-sale (POS) terminals. However, what is not commonly discussed is the fact that one third of these breaches are a result of weak default passwords in the remote administration software that is typically installed on these systems. [1] While advanced exploits generate a lot of interest, sometimes it’s Read more...
Archive for 'July 2014'
BrutPOS: RDP Bruteforcing Botnet Targeting POS Systems
July 9, 2014 10:00 AM By Nart Villeneuve, Joshua Homan, Kyle WilhoitHavex, It’s Down With OPC
July 17, 2014 10:00 AM By Kyle Wilhoit
FireEye recently analyzed the capabilities of a variant of Havex (referred to by FireEye as “Fertger” or “PEACEPIPE”), the first publicized malware reported to actively scan OPC servers used for controlling SCADA (Supervisory Control and Data Acquisition) devices in critical infrastructure (e.g., water and electric utilities), energy, and manufacturing sectors. While Havex itself is a somewhat simple PHP Remote Access Trojan (RAT) that has been analyzed by other sources, none of these Read more...
Operation Tovar: The Latest Attempt to Eliminate Key Botnets
July 8, 2014 10:00 AM By Meaghan Molloy
Coordinated botnet disruptions have increased in pace and popularity over the last few years as more private companies work with international law enforcement agencies to combat malware infections on a grand scale. Operation Tovar, announced on June 2 2014, is the latest to make headlines. The target of the investigation, Evgeniy Mikhailovich Bogachev, was indicted by the Department of Justice and is wanted by the FBI for his role as alleged leader Read more...
The Little Signature That Could: The Curious Case of CZ Solution
July 18, 2014 10:00 AM By James T. Bennett, Kyle Wilhoit
Malware authors are always looking for new ways to masquerade their actions. Attackers are looking for their malware to be not only fully undetectable, but also appear valid on a system, so as not to draw attention. Digital signatures are one way malware authors keep under the radar. Digital signatures are an easy, quick way to verify the authenticity of an application utilizing the signature.Threat actors routinely steal digital signing certificates to Read more...
The Service You Can’t Refuse: A Secluded HijackRAT
July 1, 2014 1:00 PM By Jinjian Zhai, Jimmy Su
In Android world, sometimes you can’t stop malware from “serving” you, especially when the “service” is actually a malicious Android class running in the background and controlled by a remote access tool (RAT). Recently, FireEye mobile security researchers have discovered such a malware that pretends to be a “Google Service Framework” and kills an anti-virus application as well as takes other malicious actions.In the past, we’ve seen Android malware that execute privacy Read more...
Announcing the FLARE Team and The FLARE On Challenge
July 7, 2014 10:00 AM By Mike Sikorski
I would like to announce the formation of the FireEye Labs Advanced Reverse Engineering (FLARE) team. As part of FireEye Labs, the focus of this team is to support all of FireEye and Mandiant from a reverse engineering standpoint. Many FireEye groups have reversing engineering needs: Global Services discovers malware during incident response, Managed Defense constantly discovers threats on monitored client networks, and Products benefit from in-depth reversing to help improve detection Read more...
Black Hat USA 2014 - Cybersecurity Under Las Vegas’ Neon Lights
July 22, 2014 5:56 PM By Helena BritoIt's the middle of summer, and as the thermometers soar above 100°F the eyes of the security industry turn to Las Vegas for Black Hat 2014. The conference, August 2-7, brings the security industry's best and brightest together for six days of training and networking. Starting Aug. 5, join Mandiant's experts as they explore the latest security trends, incident response tactics and more!
Read more...Pacific Ring of Fire: PlugX / Kaba
July 24, 2014 9:00 PM By Geok Meng Ong, Chong Rong Hwa | Threat Intelligence, Advanced Malware, Targeted Attack
As depicted in earlier FireEye blogs, advanced cyber attacks are no strangers to the Asia Pacific region. In this blog, we take a deeper look at some of the advanced persistent threat (APT) malware that have significant presence in the APAC region, starting with PlugX (we detect it as Backdoor.APT.Kaba).The PlugX / Kaba malware is a well-known remote access tool (RAT) believed to have been around for several years that continues to Read more...
Spy of the Tiger
July 31, 2014 10:00 AM By Nart Villeneuve, Joshua Homan | Threat Intelligence
A recent report documents a group of attackers known as “PittyTiger” that appears to have been active since at least 2011; however, they may have been operating as far back as 2008. We have been monitoring the activities of this group and believe they are operating from China.This group leverages social engineering to deliver spearphishing emails, in a variety of languages including English, French and Chinese, and email phishing pages to their targets. Read more...
Sign up for email updates
Get information and insight on today's advanced threats from the leader in advanced threat prevention.
