October 2, 2019
The Emissary Panda
How To Fool Your Database Admin While They Are Unaware of Your Shenanigans
Do not allow picture of the cute savage animal to give you a false level of complacency. Behind that panda is a group of individuals who are not cute and more importantly have been active for a very long time. I introduce you to Emissary Panda. This is a Chinese group that has been around for at least a decade. In the past we have known them as APT 27, but they go by other names. Groups such as Emissary Panda are not constricted to nation state activities. They go where the data is needed and there are many that follow them. The toolset used by these groups can be found and modified if one knows where to look. Care needs to be taken. This panda has a pet RAT that got loose.
August 22, 2019
This Week’s Asinine Idiosyncrasy Demystified
Texas Ransomware and the Big Lie
As you may or may not be aware of, this week it has been reported that twenty-two Texas towns were hit with a Ransomware attack. For those who are not aware of this, click here to go to the NPR site where the story is discussed. There is an issue that we at Cybercrypto have with how the news is reporting these attacks. We find it to be deceptive and we wish to at a minimum reiterate something we need people to know.
August 15, 2019
Lokibot – Gutter Thief in the Night
As you may already know from my rantings, here at Cybercrypto we have respect for good malware, and if you have not read my rantings then let me reiterate, any person that has a basic understanding of scripting can put together insidious ransomware that collapses your system therefore showing the world “LOOK AT ME!! I GOT YOU TO CLICK ON SOMETHING THAT HAS CAUSED YOU TO CEASE OPERATION AND I WILL CHARGE YOU MONEY” It takes strategy and a certain level of finesse to write something that sits on a computer sending all its data out unbeknownst to the user. Subterfuge is an art.
It is in that spirit that we are looking at Lokibot. This type of malware is an information stealer that will take credentials as well as other sensitive data from the infected host to a command and control server. Most of the time the infection vector occurs through spam. For the most part (and there are several exceptions), when the infection vector is email (which is usually characterized by phishing), the item must be clicked on and activated, so keep that in mind, the user must run the malware so it can be activated.
June 25, 2019
Let's Have An Honest Discussion About Ransomware
We have discussed the indicators that are present in ransomware and how to look for some of them. However even though there are similar traits in the bad behavior most people exhibit, sometimes an individual will have the propensity to surprise you. Occasionally you will find something that defies the rules. Such is the case with malware. I will always remind you, malware is written by a person, so it reflects who that person is and all their creativity and dysfunction., so what if the bad behavior does not exhibit the same type of traits that would be considered the norm. What do you do?
June 16, 2019
Let’s Have An Honest Discussion About Ransomware
Can you admire a disease? The most common answer would be "of course not". Malware is a disease that affects the computer, a cyber disease can be viewed differently than an organic disease. A strain of virus may attack the body of a living entity slowly crippling it until that entity expires. As malware is software, we look at the disease from a different perspective, some malware is beautiful – its method is fluid, the encryption is masterful and like most things you can tell the writer put a lot of work into it. What do we consider "masterful" malware? It's simple, if the disease sits in the computer and exhibits no visible symptoms then that is not only beautiful but strategic. Your data is valuable, when a bad entity establishes persistence on your network if he/she is effective they do not want to be found. The offending process that is doing the work of the disease should have a low footprint and not consume resources. Which now brings us to ransomware.
April 23, 2019
Malware and Behavior Analysis - Series Three
A Worm in My Garden
The words malware, virus, and worm are always used to describe some form of cyber malfeasance. Before we go into the analysis of the worm discussed in this article, let us bring some clarity to the lexicon.
April 2, 2019
Malware and Behavior Analysis - Series Two
The Rat Likes to Gossip
Why do people attempt to infect a network? Why do people attempt to move data? Your information can be monetized. As most people are not aware of the insidious nature of those who lurk underground, they do no give much thought to their data and what can be done with it. If you lurk in the sub-layers of the internet or you are tasked with retrieving information from a target you need a mechanism to deliver this information. Ransomware is a savage method to which there is no art and it will bring you nothing. A Trojan is the order of the day.
November 9, 2019
Malware and Behavior Analysis - Series One
When an event occurs most people / companies usually catch the effects of the event at the tail end. The point of discovery now becomes forensics because the damage is done. Our corpse that was riddled with disease is mutilated, violated, and ready to be incinerated. Not only does this apply to malware where most only discover the effects when the damage is done, but it also applies to behavioral analysis, a person is only aware of data theft when the consequences of the deed have become apparent to the organization.