Posts

Kuwait sees large spike in malware attacks … up 64% – ARAB TIMES






Cyber threats against ICS systems most prominent

Emad Haffar, Head of Technical Experts — Kaspersky

At GITEX Technology Week 2021, which opened Sunday October 17 at the World Trade Center in Dubai, Kaspersky research highlights that malware is widespread across the Middle East. Accounting for 161 million of attacks and growing by 17% when compared to the last year figure – 138 million. “Kuwait has seen a large spike in malware attacks increasing by 64%,” said Emad Haffar, Head of Technical Experts for the Middle East, Turkey and Africa at Kaspersky. Cyber threats against ICS systems stand out as the most prominent.

The UAE experienced a 4% increase in attacks against ICS computers during the first half of 2021 when compared to the same period last year. This stands higher than the global average which only increased by 1.2% for the same period. Industrial control system (ICS) security oversees the safeguarding and protection of control systems used for monitoring industrial processes. Such systems are critical in keeping essential infrastructure functioning and they are increasingly under attack. The potential for critical system breakdown, production accidents, and even city-wide or national impact is increasing. In Kaspersky’s “Threat Landscape for Industrial Automation Systems Report”, spyware, which is mostly deployed to steal money and information, are up by 0.6 percentage points in UAE. Simultaneously, malicious scripts grew by 2.7 percentage points. Threat actors use such scripts on various websites hosting pirated content to redirect users to sites that distribute spyware or malware designed to mine cryptocurrency without the user’s knowledge. “The global trajectory is to move to digital services across the board. This also includes Industrial Control systems which today are increasingly connected. For many, this has translated in increased convenience and efficiency, but it also exposes them to cyberattacks. A worst-case scenario can result in total disruption of industrial processes.

Depending on the criticality of an industrial object, the results can mean a loss of…

Source…

Former Microsoft Security Analyst Claims Office 365 Knowingly Hosted Malware For Years


microsoft hosting malware on office365 and onedrive

Malware on Windows devices has become a real problem in the last few years, specifically with a recent uptick in ransomware. It appears that Microsoft has been trying to combat this issue, though, with updates to Microsoft Defender, so it has more teeth than ever before. However, what if Microsoft is part of the problem too?

On Friday, cybersecurity researcher TheAnalyst explained on Twitter how BazarLoader malware leads to ransomware that can severely affect healthcare, among other industries. He then called out Microsoft, asking if the company has “any responsibility in this when they KNOWINGLY are hosting hundreds of files leading to this,” alongside an image of what appears to be malicious files being hosted in OneDrive.

bazar microsoft hosting malware on office365 and onedrive

To back this up, former Microsoft security analyst Kevin Beaumont replied, saying that Microsoft cannot call itself a security leader due to Office365 and OneDrive abuse happening for years. He continued, explaining that getting things taken down from OneDrive is a nightmare process with rather slow reaction times, making Microsoft the “world’s best malware hoster for about a decade, due to O365.”

response microsoft hosting malware on office365 and onedrive

However, this is not a Microsoft-exclusive problem nor a new issue, as we have seen malware hosted on other platforms in the past. According to research by the Bern University of Applied Sciences, Google and Cloudflare are currently among the top online malware hosting networks.  As such, the entire tech industry needs to be better about finding malicious content hosted on its servers before looking elsewhere for problems. 

top list microsoft hosting malware on office365 and onedrive

In any event, hopefully, this incident will drive Microsoft to decisive action that can help protect millions of people and thousands of organizations from debilitating malware attacks. However, let us know what you make of this entire situation in the comments below.  

Source…

Had Some Random Clicking Issues and Want to Be Sure It’s Not Malware


Hey there!

 

I’ve experienced some iffy-ness earlier with my computer this morning- there were random clicks in a program, which seemed to have subsided when I turned my wireless mouse on and off again. I just want to be sure this is not a malware infection, as I have dealt with those (particularly Trojans/RATs) in the past. 

 

I’ve attached the necessary scan logs, and help for my peace of mind would be appreciated.

 

Thanks! :)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-10-2021

Ran by Sabertooth (administrator) on VIRGINKILLER (Gigabyte Technology Co., Ltd. X470 AORUS ULTRA GAMING) (16-10-2021 21:51:07)

Running from E:PC Downloads

Loaded Profiles: Sabertooth

Platform: Microsoft Windows 10 Home Single Language Version 21H1 19043.1288 (X64) Language: English (United States)

Default browser: Chrome

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Adobe Inc. -> Adobe Inc.) C:Program Files (x86)Common FilesAdobeAdobe Desktop CommonElevationManagerAdobeUpdateService.exe

(Adobe Inc. -> Adobe Inc.) C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe

(Adobe Inc. -> Adobe Systems Inc.) I:AdobeAcrobat DCAcrobatacrotray.exe

(Adobe Inc. -> Adobe Systems, Incorporated) C:Program Files (x86)Common FilesAdobeAdobeGCClientAGMService.exe

(Adobe Inc. -> Adobe Systems, Incorporated) C:Program Files (x86)Common FilesAdobeAdobeGCClientAGSService.exe

(Corsair Memory, Inc. -> Corsair Memory, Inc) C:Program FilesElgatoWaveLinkWaveLink.exe

(Corsair Memory, Inc. -> Elgato Systems) C:Program FilesElgatoWaveLinkAudioRoutingHelper.exe

(Discord Inc. -> Discord Inc.) C:UsersSabertoothAppDataLocalDiscordapp-1.0.9003Discord.exe <6>

(Dropbox, Inc -> Dropbox, Inc.) C:Program Files (x86)DropboxUpdateDropboxUpdate.exe

(Dropbox, Inc -> Dropbox, Inc.) C:WindowsSystem32DbxSvc.exe

(Electronic Arts, Inc. -> Electronic Arts) C:Program FilesElectronic ArtsEA DesktopEA DesktopEABackgroundService.exe

(Even Balance, Inc. -> ) C:WindowsSystem32PnkBstrA.exe

(GlassWire -> SecureMix LLC) C:Program Files…

Source…

GMER Scan – csrss.exe? – Virus, Trojan, Spyware, and Malware Removal Help


Hello, Welcome to BleepingComputer.

I’m nasdaq and will be helping you.

 

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.

===

 

No malware was found in your logs.

 

Why did you execute the GMER program?

This program is no longer supported and should not be used.

<<<>>>

 

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.

Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to the a new file.

 

start
 
CreateRestorePoint:
CloseProcesses:
 
HKLMSOFTWAREPoliciesMicrosoftWindows Defender: Restriction <==== ATTENTION
Policies: C:ProgramDataNTUSER.pol: Restriction <==== ATTENTION
FF Plugin: adobe.com/AdobeAAMDetect -> C:Program Files (x86)AdobeAdobe Creative CloudUtilsnpAdobeAAMDetect64.dll [No File]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:Program Files (x86)AdobeAdobe Creative CloudUtilsnpAdobeAAMDetect32.dll [No File]
U3 kfrdyaob; C:UsersindexAppDataLocalTempkfrdyaob.sys [56584 2021-10-15] (GMEREK Systemy Komputerowe Przemyslaw Gmerek -> GMER) [File not signed] <==== ATTENTION
S3 MpKsl96d46665; ??C:ProgramDataMicrosoftWindows DefenderDefinition Updates{D2831937-169C-46CA-A77A-68594282892B}MpKslDrv.sys [X]
 
CustomCLSID: HKUS-1-5-21-3647044211-270998057-1447843332-1001_ClassesCLSID{2F81B25E-7507-4844-BFF2-77D2CC24CED4}localserver32 -> "C:Program FilesAdobeAdobe Creative CloudACCCreative Cloud.exe" -ToastActivated => No File
CustomCLSID: HKUS-1-5-21-3647044211-270998057-1447843332-1001_ClassesCLSID{e8c77137-e224-5791-b6e9-ff0305797a13}InprocServer32 -> C:Program Files (x86)AdobeAdobe Creative CloudUtilsnpAdobeAAMDetect64.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers6: [Library Location] -> -{3dad6c5d-2167-4cae-9914-f99e41c12cfa} =>  -> No File
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: Off)
FirewallRules: [TCP Query User{CE16DF46-9FF3-49BB-B546-E322DD674AD5}C:program files (x86)tilted phoquesharborharbor.exe] => (Allow) C:program...

Source…