ThreatSTOP

Subscribe to ThreatSTOP feed
Updated: 2 hours 49 min ago

Winnti Aims to Win the Game

Fri, 07/14/2017 - 00:23

The Winnti group is a Chinese-linked cybercriminal group that is most well-known for its 2011 attacks against online video game producers.

A Rough Time for Web-browsing: The RoughTed Campaign

Wed, 07/12/2017 - 18:42

One family of malware that even the most vigilant of users has to be careful of is malvertising. Malvertising's dangers come from the fact that malware infection can occur from visiting a common legitimate website, as the malware is embedded within the ads on the website, rather than the website itself.

RIG Exploit Kit Takedown: Operation Shadowfall

Tue, 07/11/2017 - 18:01

Similar to Terror EK, the RIG EK gained a lot of footing in the EK market after the downfall of the Angler, Neutrino, and Nuclear exploit kits.

BankBot and BankBotAlpha – Banking Android Malware

Mon, 07/10/2017 - 21:32

BankBot is a malware targeting Android OS, and has appeared in the Google Play Store in different forms, often impersonating well-known application icons or names.

Bi-Weekly Security Update 7/7/2017

Fri, 07/07/2017 - 23:14

WildFire Locker – Ransomware Disguised as Missed Delivery

Wed, 07/05/2017 - 18:20

Ransomware operators do not usually target specific victims as a source of money, but this campaign might change that.

Adylkuzz - Quietly Mining Cryptocurrency

Fri, 06/30/2017 - 22:07

In May 2017, the WannaCry Ransomware Attack was all over the news being, what some will say, is the biggest cyberattack to date.

DiamondFox Jumps over the Competition

Thu, 06/29/2017 - 19:11

DiamondFox, also known as Gorynych, is a modular malware that highlights the growth of the malware-as-a-service industry. With accessible how-to videos on YouTube showing aspiring cybercriminals how to set up DiamondFox and a user-friendly interface, it’s easy to see how this malware allows even the least sophisticated attacker to potentially compromise victims.

NotPetya Ransomware Attack Hits Europe Moving On To U.S.

Tue, 06/27/2017 - 19:56

This post will update as the situation develops – check back for more information.

NotPetya ransomware, also known at PetrWrap, is a new virus currently ripping through Europe and is showing signs of moving onto the U.S. So far over 2,000 targets have been hit. These include Russia’s top oil producer, and Ukrainian Banks and Power Grid. Attacks have also been noted on the German Metro system, Denmark, France, Spain, and more. The name itself is derived from the original belief that this was a subset of the Petya malware on closer inspection, Kaspersky Labs has declared that this was incorrect and redubbed the new virus NotPetya.

Bi-Weekly Security Update 6/22/2017

Thu, 06/22/2017 - 22:11

Terror EK Fails to Scare

Tue, 06/20/2017 - 18:14

After the fall of the popular Angler and Neutrino exploit kits, several different exploit kits have been vying for dominance in the resulting power vacuum.

Jaff Ransomware Is Nothing to Laugh About

Thu, 06/15/2017 - 20:42
Jaff ransomware is very similar to other "standard" ransomware in its use of AES encryption to encrypt its victim's files. It’s attributed to the creators of Dridex, Locky and Bart, and has been spreading in high volume through the Necurs botnet.

Steam Stealers Game the System

Wed, 06/14/2017 - 19:54

 

Bi-Weekly Security Update 6/9/2017

Fri, 06/09/2017 - 17:00

Malicious Content Identified and Inserted:

New Botnet Targets and more

Thu, 06/08/2017 - 14:12

 

ThreatSTOP's Security team is adding multiple new cybercrime threat trackers to our expert and standard lists. These lists will better help our customers against various sources of cybercrime. 

Darktrack on Track to Success

Wed, 06/07/2017 - 21:26

Darktrack received some publicity in late 2016 for being a free Remote Access Trojan (RAT) that was comparable to some of the top commercially available RATs. Darktrack has the ability to access a victim's webcam, microphone, files, and passwords. It can also execute commands on infected machines, and make infected computers participate in DDoS attacks.

Irena Damsky Speaking About WannaCry at M3AAWG's 40th General Meeting

Wed, 06/07/2017 - 00:04

Come see our Sr. Director of Security Research, Irena Damsky, break down WannaCry's timeline and give an overview of what happened at M3AAWG's 40th General Meeting on Tuesday, June 13th, 17:30 - 18:30, in Lisbon, Portugal.

 

The Agile Mole

Mon, 06/05/2017 - 19:40

Ransomware, to this day, is one of the major threats to individual users seen on a daily basis in the form of Malspam. Recently, researcher Brad Duncan published to malware-traffic-analysis.net a report on a piece of Ransomware called Mole. Distributed by Malspam that spoofs United States Postal Service (USPS) status updates, the malware gains privilege escalation and encrypts user data.

Pages

Want to Learn More?

Request a free, 30-minute online walk-through of the ThreatSTOP Platform.

Request a Free Demo

Already in Prevention Mode?

Sign-up for a free, 14-day trial of the ThreatSTOP Platform.

Start a Free Trial

Prefer a Free Assessment?

Use any of our free assessment tools to better
understand your need for proactive defense.

Get a Real-time Assessment