Malware Mixed Into A Cyber Threat Cocktail

Cybercrime group combines Pony, Angler and CryptoWall 4.0 in a single campaign

An ongoing attack campaign combines a very effective password stealer, the most widespread exploit kit, called Angler, and the latest version of the infamous CryptoWall file-encrypting ransomware program.

The attackers first use the Pony computer Trojan to pilfer passwords from compromised computers, including FTP and SSH credentials that webmasters use to administer websites, according to researchers from Heimdal Security.

The stolen credentials are then used to inject malicious code into legitimate websites with the goal of redirecting their visitors to an installation of the Angler exploit kit. This is a Web-based attack tool that includes exploits for various vulnerabilities in Windows and browser plug-ins, such as Flash Player and Java.

Computers whose software is not up to date are specifically exposed to Angler attacks, which are known as drive-by downloads. If any of the exploits is successful, CryptoWall 4 is deployed on the computer.

CryptoWall is one of the most widespread and successful ransomware programs to date, having earned its creators millions of dollars in ransom payments. The application encrypts files using a strong cryptographic algorithm and then asks victims to pay for the encryption key.

In the absence of offline backups, many victims, including companies and government organizations, have been forced to pay in order to recover critical documents and other irreplaceable data.

This attack campaign is extensive and originates from a bulletproof hosting environment located in Ukraine, the Heimdal security researchers said in a blog post. "Because of the mechanisms involved and the attackers’ objectives, the campaign is prone to achieve large distribution and affect a big number of PCs and their users."

Computerworld:  http://bit.ly/1XNKCBO

« Cyber Warfare: An Integral Part of Modern Politics
The True Cost of Surveillance »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CEPS

CEPS

CEPS is a leading think tank and forum for debate on EU affairs, ranking among the top think tanks in Europe. Topic areas include Innovation, Digital economy and Cyber-security.

ThreatQuotient

ThreatQuotient

ThreatQuotient delivers an open and extensible threat intelligence platform to provide defenders the context, customization and collaboration needed for increased security effectiveness.

sayTEC

sayTEC

sayTEC's mission is to develop and deliver next-generation products and services in encrypted data and voice transmission.

Information System Security Directorate (ISSD) - Afghanistan

Information System Security Directorate (ISSD) - Afghanistan

Information System Security Directorate (ISSD) is the Directorate of MCIT responsible for the security of critical information infrastructures in Afghanistan.

Tenzir

Tenzir

Tenzir's primary focus lies on network forensics: the systematic investigation of cyber attacks with big data analytics.

oneM2M

oneM2M

oneM2M is a global organization creating a scalable and interoperable standard for communications of devices and services used in M2M applications and the Internet of Things.

Sergeant Laboratories

Sergeant Laboratories

Sergeant Laboratories builds advanced technologies to prove compliance in complex IT security and regulatory compliance situations.

Next Horizon

Next Horizon

In the Next Horizon incubator, new disruptive models are being developed in Industry 4.0, Automated Driving and Internet-of-Things.

Com Laude

Com Laude

Com Laude is a domain name management company that provides strategic consulting to help companies strengthen digital brand, safeguard customers & protect brand IP.

TalaTek

TalaTek

TalaTek is a full-service risk management firm providing expert services in risk management, cybersecurity, and compliance.

Scythe

Scythe

SCYTHE is a next generation red team platform for continuous and realistic enterprise risk assessments.

DataEndure

DataEndure

DataEndure helps companies build digital resilience so that their critical information assets are protected and available to the right people, at the right time.

DisruptOps

DisruptOps

Built for today’s cloud-scale enterprises, DisruptOps’ Cloud Detection and Response platform automates assessment and remediation procedures of critical cloud security issues.

E2E Technologies

E2E Technologies

E2E Technologies are a proactive, SLA-beating, managed service provider that busts the common stereotypes surrounding IT.

watchTowr

watchTowr

Continuous Attack Surface Testing, with the watchTowr Platform. The future of Attack Surface Management.

WinMagic

WinMagic

At WinMagic, we’re dedicated to making authentication and encryption solutions that protect data without causing user friction so that everyone can work freely and securely.