Analyzing malware by API calls

Over the last quarter, we’ve seen an increase in malware using packers, crypters, and protectors—all methods used to obfuscate malicious code from systems or programs attempting to identify it. These packers make it very hard, or next to impossible to perform static analysis. The growing number of malware authors using these protective packers has triggered … [Read more…]

Gaza Cybergang – updated activity in 2017:

1. Summary information The Gaza cybergang is an Arabic-language, politically-motivated cybercriminal group, operating since 2012 and actively targeting the MENA (Middle East North Africa) region. The Gaza cybergang’s attacks have never slowed down and its typical targets include government entities/embassies, oil and gas, media/press, activists, politicians, and diplomats. One of the interesting new facts, uncovered … [Read more…]

Know your threats: the nine scariest malware monsters

It’s been a particularly ghoulish year in cybersecurity, from Russian hacks to ransomware outbreaks. The bad boogey man in the black hoodie has been pulling one over the collective public. It’s dark and creepy, but users refuse to stop peeking behind the door. It’s enough to make even the most grizzled IT admin run for … [Read more…]

A week in security (October 23 – October 29)

antispyware

Welcome back to “A week in security.” Last week, we took a look at how deleted files can be recovered, explored the BadRabbit ransomware plague attacking Eastern Europe (including a deep dive into the code), and talked about what it takes to work in security. One of our researchers, who is a PhD candidate in immunobiology … [Read more…]

Traditional AV solutions shown ineffective in real-time global heat map

It’s no secret that antivirus technology (AV) has faced increased scrutiny in the tech industry for quite some time. With signature-based detection methods, traditional AV solutions are simply weak against unknown malware and other malicious content. Meanwhile, consumers and businesses continue to trust AV solutions to protect their devices. So, how ineffective are they and … [Read more…]

Analyzing an exploit for СVE-2017-11826

The latest Patch Tuesday (17 October) brought patches for 62 vulnerabilities, including one that fixed СVE-2017-11826 – a critical zero-day vulnerability used to launch targeted attacks – in all versions of Microsoft Office. The exploit for this vulnerability is an RTF document containing a DOCX document that exploits СVE-2017-11826 in the Office Open XML parser. … [Read more…]

Please don’t buy this: smart locks

antispyware

We all like buying the latest and greatest tech toy. It’s fun to get new and novel features on a product that used to be boring and predictable; a draw of the original BeBox (amongst many) was a layer of “das blinkenlights” across the front. But sometimes, the latest feature is not always the greatest … [Read more…]

Our computers, ourselves: digital vs. biological security

antispyware

Though by night I fight malware alongside the rest of the Malwarebytes research team, by day I work as a doctoral student in Immunobiology at Yale University, where I study the development of the immune system in your bone marrow. This grants me a unique perspective, as I’ve studied both the evolution of malware over … [Read more…]

When cybersecurity isn’t all cyber: What does it really take to work in cybersecurity?

antispyware

With the multitude of breaches and outbreaks already witnessed in 2017, it’s become clear that industries across all verticals are challenged by cybersecurity. This is a serious business problem that needs to be addressed ASAP. As much talk as there is about organizations getting hacked, scores of customers getting affected, and companies struggling to get … [Read more…]

Bad Rabbit ransomware

bad rabbit

What happened? On October 24th we observed notifications of mass attacks with ransomware called Bad Rabbit. It has been targeting organizations and consumers, mostly in Russia but there have also been reports of victims in Ukraine. Here’s what a ransom message looks like for the unlucky victims: What is bad rabbit? Bad Rabbit is a … [Read more…]