SophosLabs research uncovers new developments in PlugX APT malware

SophosLabsThe notorious PlugX APT group is continuing to evolve and launch campaigns, most recently a five-month-long campaign targeting organizations in India.

PlugX now uses a new backdoor technique – hiding the payload in the Windows registry instead of writing it as a file on disk – according to a new technical paper from SophosLabs Principal Researcher Gabor Szappanos.

Although not unique to PlugX, this backdoor approach is still uncommon and limited to a few relatively sophisticated malware families.

Continue reading

SophosLabs: Elite APT hackers aren’t always elite coders

SophosLabsMany highly effective hacking groups associated with malware and advanced persistent threats (APTs) appear to lack an understanding of the technical exploits they use. They also fail to adequately test their exploits for effectiveness before unleashing them on their victims.

Gabor Szappanos of SophosLabs evaluated the malware and APT campaigns of several groups that all leveraged a particular exploit — a sophisticated attack against a specific version of Microsoft Office.

In a just-published technical paper, Gabor details how none of the groups he analyzed were able to modify the attack enough to infect other versions of Office, even though several versions were theoretically vulnerable to the same type of attack.

Continue reading

Have a drink on Data Privacy Day at your nearest IAPP event

privacy-after-hours-150As part of Data Privacy Day on Wednesday, January 28th, the IAPP will be hosting casual “Privacy After Hours” social meetings at cities in Brazil, Canada, Columbia, Finland, Germany, Netherlands, Slovakia, UK and USA, to discuss an issue that’s on a lot of people’s minds these days — privacy.

Whether as part of business or personal life, information privacy and security is now an aspect of day-to-day life. So if you have any concerns or interests in privacy matters, then please feel welcome to come along for discussion, or simply to relax and get to know other people with practical or personal involvements in privacy issues.

Continue reading

SophosLabs research spotlights rising threat of Vawtrak financial malware

SophosLabsA type of data-stealing malware called Vawtrak is spreading in countries around the world, controlling thousands of computers while silently draining the bank accounts of its victims.

Analysis of the malware by James Wyke, Senior Threat Researcher with SophosLabs UK, indicates that the people behind Vawtrak are targeting banks and other companies in a very methodical way in a number of countries, including some that aren’t commonly targeted by banking malware.

In his fascinating new research paper on the subject, Vawtrak – International Crimeware-as-a-Service, James enlightens us about the mechanics of this cybercriminal enterprise, and the steps taken by this crafty and deceptive malware as it steals account details and transaction tokens directly from victims when they visit the websites of their financial institutions.

Continue reading

Our top 10 predictions for security threats in 2015 and beyond

After a year of big data breaches like Home Depot and Sony, and widespread security vulnerabilities in our shared software, which spawned the likes of Heartbleed and Shellshock, it’s easy to predict that cybersecurity will be a hot topic in 2015.

Our new Security Threat Trends 2015 report investigates the biggest security risks on the horizon and explains the real-world impact of evolving threats on businesses and consumers.

Here are the 10 things we believe will have the biggest impact on security in 2015 and beyond.

Continue reading

Snowshoe Spam is on the Rise – What can be done about it?

snowshoes02In our 2014 Threat Report, we noted that snowshoe spam was gaining popularity amongst spammers using new techniques to evade detection and sneak through loopholes in anti-spam laws. Over the last several months, we’ve noticed the volume of snowshoe spam continuing to build at a tremendous pace.

Snowshoe spam is essentially unsolicited bulk email. And it’s been effective, because like a snowshoe, it spreads the load across a large area. In this case, distributing spam across a huge range of IP addresses many of which are used briefly, and only once, sending out massive volumes of spam in very short bursts. The temporary aspect of these campaigns has also given rise to the term ‘hit-and-run’ spam. Naturally, this technique makes it challenging for filters to determine spam based on reputation.

Continue reading

Sophos Warbiking exposes Wi-Fi hotspot dangers in San Diego

warbiking-san-diegoWe took our Warbiking tour to San Diego to raise awareness about wireless security, and we discovered that people in this high-tech city are connecting to thousands of unprotected wireless networks.

San Diego is a very technology-focused place, with lots of people connecting their mobiles and laptops to Wi-Fi hotspots around the city. And much like other cities we’ve visited such as New York and London, people may be unaware of the worrisome lack of security on many of these hotspots.

Chester Wisniewski, Sophos Senior Security Advisor, toured the city on his specially-equipped bike, picking up the signals of 8,048 Wi-Fi networks, to find out what kind of security they were using.

Continue reading