Tag: Defeating | SpinSafe

Blocking Macros Is Only the First Step in Defeating Malware

August 1, 2022/in Computer Security

Microsoft’s decision to block macros will rob threat actors of this popular means for distributing malware.
However, researchers note that cybercriminals have already changed tacks and significantly reduced using macros in recent malware campaigns.
Blocking macros is a step in the right direction, but at the end of the day, people need to be more vigilant to avoid getting infected, suggest experts.

Ed Hardie / Unsplash.

While Microsoft took its own sweet time deciding to block macros by default in Microsoft Office, threat actors were quick to work around this limitation and devise new attack vectors.

According to new research by security vendor Proofpoint, macros are no longer the favorite means of distributing malware. The use of common macros decreased by approximately 66% between October 2021 to June 2022. On the other hand, the use of ISO files (a disc image) registered an increase of over 150%, while the use of LNK (Windows File Shortcut) files increased a staggering 1,675% in the same timeframe. These file types can bypass Microsoft’s macro blocking protections.

“Threat actors pivoting away from directly distributing macro-based attachments in email represents a significant shift in the threat landscape,” Sherrod DeGrippo, Vice President, Threat Research and Detection at Proofpoint, said in a press release. “Threat actors are now adopting new tactics to deliver malware, and the increased use of files such as ISO, LNK, and RAR is expected to continue.”

Moving With the Times

In an email exchange with Lifewire, Harman Singh, Director at cybersecurity service provider Cyphere, described macros as small programs that can be used to automate tasks in Microsoft Office, with XL4 and VBA macros being the most commonly used macros by Office users.

From a cybercrime perspective, Singh said threat actors can use macros for some pretty nasty attack campaigns. For instance, macros can execute malicious lines of code on a victim’s computer with the same privileges as the logged-in person. Threat actors can abuse this access to exfiltrate data from a compromised computer or to even grab additional malicious content from the malware’s servers to pull in even more…

Source…

Hackers Are Getting Better and Better At Defeating Your 2FA Security

December 28, 2021/in Computer Security

Two-factor authentication, or 2FA, has been sold to web users as one of the most important and trustworthy tools for securing your digital life. You probably know how it works: By supplying an account with not just your password but also a secondary piece of information (typically an automated code texted to your phone or device of choice), companies can verify that whoever signs into your account is definitely you and not just some goon who’s managed to get their hands on your personal information.

However, according to new research, said goons have unfortunately found a number of effective ways to get around your 2FA protections — and they’re using these methods more and more.

The study, put out by academic researchers with Stony Brook University and cybersecurity firm Palo Alto Networks, shows the recent discovery of phishing toolkits that are being used to sneak past authentication protections. Toolkits are malicious software programs that are designed to aid in cyberattacks. They are engineered by criminals and typically sold and distributed on dark web forums, where any digital malcontent can buy and use them. The Stony Brook study, which was originally reported on by The Record, shows that these malicious programs are being used to phish and steal 2FA login data from users of major online websites. They’re also exploding in use — with researchers finding a total of at least 1,200 different toolkits floating around in the digital netherworld.

Granted, cyberattacks that can defeat 2FA are not new, but the distribution of these malicious programs shows that they are becoming both more sophisticated and more widely used.

The toolkits defeat 2FA by stealing something arguably more valuable than your password: your 2FA authentication cookies, which are files that are saved on your web browser when the authentication process takes place.

According to the study, said cookies can be stolen one of two ways: A hacker can infect a victim’s computer with data-stealing malware, or, they can steal the cookies in-transit — along with your password — before they ever reach the site that is trying to authenticate you. This is done by phishing the victim and capturing…

Source…

How-to Guide: Defeating an Android Packer with FRIDA

November 3, 2018/in Mobile Security

How-to Guide: Defeating an Android Packer with FRIDA Security Boulevard

Full coverage

android security news – read more

Gauss, Flame Highlight Problem of Defeating High-End Malware – Threatpost (blog)

September 7, 2012/in Computer Security

V3.co.uk

Gauss, Flame Highlight Problem of Defeating High-End Malware
Threatpost (blog)
But, as the discovery of tools such as Flame and Gauss suggests, there's a lot of stuff bubbling under the surface that mostly goes unseen. Malware obviously is not one of those unknowns. It's been an issue for 25 years and it's not going anywhere …
Kaspersky pleads for crypto help to probe Gauss malwareComputerworld
Gauss Cyber-Spy Trojan Gives Rise to Many Theories, No AnswerseWeek
Bitdefender releases tool for removing Gauss financial malwareZDNet (blog)
Wired News –PC Magazine –GCN.com
all 84 news articles »

flame malware – read more

Tag Archive for: Defeating

Moving With the Times