Malware Mixed Into A Cyber Threat Cocktail

Cybercrime group combines Pony, Angler and CryptoWall 4.0 in a single campaign

An ongoing attack campaign combines a very effective password stealer, the most widespread exploit kit, called Angler, and the latest version of the infamous CryptoWall file-encrypting ransomware program.

The attackers first use the Pony computer Trojan to pilfer passwords from compromised computers, including FTP and SSH credentials that webmasters use to administer websites, according to researchers from Heimdal Security.

The stolen credentials are then used to inject malicious code into legitimate websites with the goal of redirecting their visitors to an installation of the Angler exploit kit. This is a Web-based attack tool that includes exploits for various vulnerabilities in Windows and browser plug-ins, such as Flash Player and Java.

Computers whose software is not up to date are specifically exposed to Angler attacks, which are known as drive-by downloads. If any of the exploits is successful, CryptoWall 4 is deployed on the computer.

CryptoWall is one of the most widespread and successful ransomware programs to date, having earned its creators millions of dollars in ransom payments. The application encrypts files using a strong cryptographic algorithm and then asks victims to pay for the encryption key.

In the absence of offline backups, many victims, including companies and government organizations, have been forced to pay in order to recover critical documents and other irreplaceable data.

This attack campaign is extensive and originates from a bulletproof hosting environment located in Ukraine, the Heimdal security researchers said in a blog post. "Because of the mechanisms involved and the attackers’ objectives, the campaign is prone to achieve large distribution and affect a big number of PCs and their users."

Computerworld:  http://bit.ly/1XNKCBO

« Cyber Warfare: An Integral Part of Modern Politics
The True Cost of Surveillance »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

TrustedIA

TrustedIA

TrustedIA is a cyber and protective security company. Our mission is to help businesses protect themselves from disruptive events that can impact their successful operation.

RSA Insurance Group

RSA Insurance Group

RSA is one of the world’s leading multinational quoted insurance groups. Commercial services include cyber risk insurance.

KELA

KELA

KELA's powerful cybercrime intelligence platform uncovers and neutralizes the most relevant cybersecurity threats coming from the hardest-to-reach places on the internet.

AAROH

AAROH

AAROH helps customers in Government, Law Enforcement, and Enterprises to identify, prevent, detect, resolve and protect from threats, crimes, breaches & fraud.

NDK InfoSec

NDK InfoSec

NDK InfoSec is a specialist Information Security and Cyber Security search firm. We're not just a security function in a larger generalist recruitment company.

ITsMine

ITsMine

ITsMine’s Beyond DLP solution is a leading Data Loss Prevention solution used by organizations to protect against internal and external threats automatically.

SHe CISO Exec

SHe CISO Exec

SHe CISO Exec is a sustainable global training and mentoring platform in information security and leadership.

GovernmentCIO

GovernmentCIO

GovernmentCIO was founded with a single purpose: to transform government IT. We are thought leaders in data analytics, machine learning, cybersecurity and IT transformation.

Fortiedge

Fortiedge

Fortiedge is an IT Security solution provider specializing in Cyber Security practices and solutions for our clients.

Cufflink

Cufflink

Cufflink makes your business more secure, compliant and trusted. We limit the likelihood and impact of a data breach by controlling exactly what can and can't be done with personal data.

PureSquare

PureSquare

PureSquare exist to empower people with simple solutions for their increasingly complex digital security & online privacy needs.

Cyber Suraksa

Cyber Suraksa

We make security simple and hassle-free by offering a sustained and secure IT environment with next-gen cybersecurity solutions through a scalable security-as-a-service model.

Google Cloud

Google Cloud

Accelerate your digital transformation. Whether your business is early in its journey or well on its way to digital transformation, Google Cloud can help solve your toughest challenges.

Technoware Solutions

Technoware Solutions

Technoware Solutions is a global company committed to helping entities navigate the digital waters of modernizing their system processes in an ever changing cybersecurity landscape.

Somos

Somos

From voice to messaging to fraud prevention and beyond, Somos are committed to developing innovative solutions that ensure that our ability to maintain trustworthy connections never stops.

CyberNut

CyberNut

CyberNut are a security awareness training solution built exclusively for schools.