Tag Archive for: kaspersky

Kaspersky Discloses Apple Zero-Click Malware

/in


Endpoint Security

Russian Government Claims It Uncovered ‘Several Thousand’ Infections

Akshaya Asokan (asokan_akshaya) •
June 1, 2023    

Kaspersky Discloses Apple Zero-Click Malware
iPhones for sale in St. Petersburg, Russia, in August 2021 (Image: Shutterstock)

Russian cybersecurity firm Kaspersky said it uncovered zero-click malware infecting staffers’ iPhones on the same day the Kremlin claimed it had uncovered a “reconnaissance operation by American intelligence agencies.”

See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm

Kaspersky, in a Thursday blog post, said the malware has been active at least since 2019 and infects devices with an iMessage attachment that automatically triggers code execution. Kaspersky calls the campaign behind the malware Operation Triangulation.

Russian domestic intelligence agency the Federal Security Service said it had uncovered several thousand iPhones infected with the same malware and accused Apple of collaborating with the U.S. National Security Agency.

The malware exfiltrates data including microphone recordings, photos from instant messaging apps, geolocation and other sensitive data. The Russian National Coordination Center for Computer Incidents issued a bulletin listing the same set of 15 malware command-and-control domains that Kaspersky identified.

Apple, which has a well-documented history of defying U.S. government attempts to weaken its security, issued a terse statement.

“We have never worked with any government to insert a backdoor into any Apple product and never will,” an Apple spokesperson said.

The smartphone giant also said that Kaspersky had reported the malware doesn’t work past the iOS 15.7 iPhone operating system. Apple introduced iOS 16 to the public last September.

A Kaspersky spokesperson said the company determined one of the vulnerabilities used by the malware was CVE-2022-46690, an out-of-bounds…

Source…

Kaspersky says attackers hacked staff iPhones with unknown malware

/in


Image Credits: Wong Yu Liang / Getty Images

The Russian cybersecurity company Kaspersky said that hackers working for a government targeted its employees’ iPhones with unknown malware.

On Monday, Kaspersky announced the alleged cyberattack, and published a technical report analyzing it, where the company admitted its analysis is not yet complete. The company said that the hackers, whom at this point are unknown, delivered the malware with a zero-click exploit via an iMessage attachment, and that all the events happened within a one to three minute timeframe. At this point, it’s unclear if the hackers exploited new vulnerabilities that were unpatched at the time, meaning they were so-called zero-days.

Kaspersky researchers said that they discovered the attack when they noticed “suspicious activity that originated from several iOS-based phones,” while monitoring their own corporate Wi-Fi network.

The company called this alleged hack against its own employees “Operation Triangulation,” and created a logo for it. Neither Kaspersky nor Apple immediately responded to requests for comment.

Kaspersky researchers said they created offline backups of the targeted iPhones and inspected them with a tool developed by Amnesty International called the Mobile Verification Toolkit, or MVT, which allowed them to discover “traces of compromise.” The researchers did not say when they discovered the attack, and said that they found traces of it going as far back as 2019, and that “attack is ongoing, and the most recent version of the devices successfully targeted is iOS 15.7.”

While the malware was designed to clean up the infected devices and remove traces of itself, “it is possible to reliably identify if the device was compromised,” the researchers wrote.

In the report, the researchers explained step by step how they analyzed the compromised devices, outlining how others can do the same. They did not, however, include many details of what they found using this process.

The researchers said that the presence of “data usage lines mentioning the process named ‘BackupAgent’,” was the most reliable sign that an iPhone was hacked, and that another one of…

Source…

Ransomware Attacks Adapt With New Techniques: Kaspersky Report

/in


Attackers are employing more sophisticated ransomware attack methods and incorporating key attributes from defunct criminal groups to target individuals, according to the latest report from Kaspersky.

The changes underscore evolving concerns in the cybersecurity landscape.

The report, New ransomware trends in 2023, was published today ahead of Anti-Ransomware Day 2023 on Friday.

According to the report, the top five ransomware groups that have the most impact and produce the most attacks have undergone significant changes in the past year.

In the first half of 2022, REvil and Conti were ranked second and third respectively, in terms of attacks. However, in Q1 2023, these groups were replaced by Vice Society and BlackCat. The remaining ransomware groups in the top five for Q1 2023 are Clop and Royal.

Read more on Vice Society threat actors: Vice Society Claims Ransomware Attack Against University of Duisburg-Essen

Kaspersky added that, according to their review of last year’s ransomware trends, all of these groups persisted. The researchers have taken notice of some significant cross-platform ransomware variations, such as Luna and Black Basta.

As for 2023, Kaspersky experts highlighted three key ransomware trends. Firstly, ransomware groups are incorporating self-spreading functionality or imitations into their malware, as seen with examples like Black Basta, LockBit and Play.

Secondly, cybercriminals are exploiting vulnerabilities in antivirus drivers, even targeting industries like gaming. 

Finally, large ransomware gangs are adopting capabilities from leaked or purchased code, strengthening their offensive capabilities.

“Ransomware gangs continually surprise us and never stop developing their techniques and procedures,” said Dmitry Galov, a senior security researcher at Kaspersky’s Global Research and Analysis Team.

Further, over the past 18 months, the executive said the company observed that ransomware gangs are transitioning their operations into fully-fledged businesses.

“This fact makes even amateur attackers quite dangerous. So, to make your business and your personal data safe, it’s very important to keep your cybersecurity services…

Source…

Bullguard Internet Security 2012 Test.

/in