Banking Trojan Dropped Through Spoofed Korean CERT Bulletin

Banking Trojan Dropped Through Spoofed Korean CERT Bulletin

Cyber criminals continue to evolve tactics, sometimes going to great lengths to socially engineer people. In this recently observed sample, we find the long-standing and ever-evolving banking Trojan, Gozi using a Korean Cert to trick users into downloading malware ... Read More
Enterprise Credential Theft: How to Spot a Phish

Enterprise Credential Theft: How to Spot a Phish

Today, we are going to look at a phish that takes advantage of the massive user base of Office 365 products. It’s safe to speculate that this phish is specifically targeting enterprise employees given most users of Office 365 products are using it for business purposes ... Read More
How to Spot a Phish: Ransomware

How to Spot a Phish: Ransomware

Phishing has no limits. Everyone that uses email to communicate will at some point be the recipient of a phishing email. In the spot a phish series we'll be taking a closer look at some phishing lures to help you mentally prepare for these attacks before they hit your inbox ... Read More
Locky, Three Ways

Locky, Three Ways

Locky, one of the first and most resilient ‘mass distribution’ ransomware families has roared back after a brief break. Throughout August, Locky campaigns have filled our inboxes with fraudulent invoices that need paying, images that need opening, and voicemails that need listening. These recent campaigns are notable not only for ... Read More
Not NotPetya (An analysis of Karo Ransomware)

Not NotPetya (An analysis of Karo Ransomware)

While there was a lively running debate over whether it was Petya or NotPetya yesterday, we all can all agree that what locked up some of the world’s largest shipping companies, spread through the infamous SMB exploit, and may have been delivered as an infected update, was not Karo. However, ... Read More
From Macro To Mitigation: An Analysis of TrickBot's Lifecycle

From Macro To Mitigation: An Analysis of TrickBot’s Lifecycle

Summary Since the identification of TrickBot in late-2016, we have observed it targeting bank customers throughout the United States, United Kingdom, Germany, Australia, and Canada, following an attack pattern similar to the Trojan from which it was developed, Dyre. TrickBot enters into a victims machine and sends bank information to ... Read More