RSA 2017: how the hackers and rogue states use exploits to bypass security

screen-shot-2017-02-09-at-12-42-39Ahead of his talk at RSA Conference 2017 next week, we chatted to Mark Loman, Sophos’s Director of Engineering for next-generation tech.

Mark gave us a preview of his talk, which you can catch on Tuesday, February 14 from 3:45-4:30 pm in room 132, Moscone North.

He will be delving into how nation-state attackers craft their attack code to evade the most advanced security products.

Continue reading

Why malware authors keep using the same old Microsoft Office exploits

Office exploitsSophosLabs Principal Malware Researcher Gabor Szappanos has closely studied Microsoft Office exploits for the past few years. We’ve previously covered his investigation of the Microsoft Word Intruder exploit creation kit, and his recent paper exploring the most popular Office exploit kits.

In a new research report, Gabor takes a closer look at the top four Office exploit kits used in the last quarter of 2015. He also reports which exploits were most commonly used in malicious documents, and shows us what families of malware were distributed by the studied samples.

As Gabor explains, malware authors are increasingly attracted to document exploits as the initial entry point for their attacks. The attackers spread their booby-trapped Office documents through phishing emails spammed out to large numbers of random recipients (cybercrime groups), or to a more select list of targets (APT groups).

Notably, the majority of Office exploits malware authors have been using in malicious documents are now several years old. The most popular exploit, CVE-2012-0158, has been around for well over three years now.

Continue reading

SophosLabs investigates the most popular Microsoft Office exploit kits

SophosLabs Office exploitsMalware authors have been using Microsoft Office document exploits for quite some time, but in the past couple of years, document malware has experienced a resurgence.

Typically, exploited documents are attached to email messages and sent out to large numbers of random recipients (in the case of cybercrime groups) or a smaller number of selected targets (in the case of APT groups).

Office exploit generators play a crucial role in making Office exploitation available to common cybercriminals. However, despite their significance, most Office exploit kits have not been covered in detail.

In a new research paper, SophosLabs Principal Malware Researcher Gabor Szappanos analyzes some of the most impactful Office exploit generators.

Continue reading

IP EXPO Europe: Sophos experts talk EU data rules, Android security, highly effective cybercriminals

IP EXPO EuropeIP EXPO Europe is billed as Europe’s “number one” IT exhibition, with 15,000 visitors over two days, hundreds of vendors, and hundreds of free seminars across six major technology areas. It’s one of the few must-attend events on the IT exhibition calendar.

Naturally, we’re expecting the cybersecurity event will draw huge crowds – IT security is the most talked-about and highest-demand industry segment in technology today.

This is the first year Sophos is attending IP EXPO, taking place 7-8 October at ExCel London, and our UK team members are really excited about what’s happening at our stand (AA22 in the Cyber Security Zone), where we have fun giveaways (and beer and snacks!) ready for our visitors.

In the seminar sessions, our experts are giving fascinating presentations about hot topics including EU data protection regulations and mobile security, and some live hacking demonstrations too.

Continue reading

A closer look at the Angler exploit kit

SophosLabsOver the past few years exploit kits have been widely adopted by criminals looking to infect users with malware. They are used in a process known as a drive-by download, which invisibly directs a user’s browser to a malicious website that hosts an exploit kit.

The exploit kit then proceeds to exploit security holes, known as vulnerabilities, in order to infect the user with malware. The entire process can occur completely invisibly, requiring no user action.

In this research article we will take a closer look at one of the more notorious exploit kits used to facilitate drive-by downloads – a kit known as Angler exploit kit (Angler hereafter).

Continue reading