Latest Astaroth living-off-the-land attacks are even more invisible but not less observable

Credit to Author: Eric Avena| Date: Mon, 23 Mar 2020 16:00:01 +0000

Astaroth is back sporting significant changes. The updated attack chain maintains Astaroth’s complex, multi-component nature and continues its pattern of detection evasion.

The post Latest Astaroth living-off-the-land attacks are even more invisible but not less observable appeared first on Microsoft Security.

Read more

Insights from one year of tracking a polymorphic threat

Credit to Author: Eric Avena| Date: Tue, 26 Nov 2019 17:00:56 +0000

We discovered the polymoprhic threat Dexphot in October 2018. In the months that followed, we closely tracked the threat as attackers upgraded the malware, targeted new processes, and worked around defensive measures. One year’s worth of intelligence helped us gain insight not only into the goals and motivations of Dexphot’s authors, but of cybercriminals in general.

The post Insights from one year of tracking a polymorphic threat appeared first on Microsoft Security.

Read more

Lemon_Duck PowerShell malware cryptojacks enterprise networks

Credit to Author: rajeshnataraj| Date: Tue, 01 Oct 2019 04:01:09 +0000

SophosLabs are monitoring a significant spike in crypto mining attacks, which spread quickly across enterprise networks. Starting from a single infection, these attacks use a variety of malicious scripts that, eventually, turn an enterprise&#8217;s large pool of CPU resources into efficient cryptocurrency mining slaves. The threat actors behind these campaigns have been using an array [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/jF91Bgk0dso” height=”1″ width=”1″ alt=””/>

Read more

Bring your own LOLBin: Multi-stage, fileless Nodersok campaign delivers rare Node.js-based malware

Credit to Author: Eric Avena| Date: Thu, 26 Sep 2019 17:34:41 +0000

We’ve discussed the challenges that fileless threats pose in security, and how Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) employs advanced strategies to defeat these sophisticated threats. Part of the slyness of fileless malware is their use of living-off-the-land techniques, which refer to the abuse of legitimate tools, also called living-off-the-land binaries (LOLBins), that…

The post Bring your own LOLBin: Multi-stage, fileless Nodersok campaign delivers rare Node.js-based malware appeared first on Microsoft Security.

Read more

Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack

Credit to Author: Eric Avena| Date: Mon, 08 Jul 2019 16:00:51 +0000

Advanced technologies in Microsoft Defender ATP’s Antivirus exposed and defeated a widespread fileless campaign that completely “lived off the land” throughout a complex attack chain that run the info-stealing backdoor Astaroth directly in memory

The post Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack appeared first on Microsoft Security.

Read more

Dismantling a fileless campaign: Microsoft Defender ATP next-gen protection exposes Astaroth attack

Credit to Author: Eric Avena| Date: Mon, 08 Jul 2019 16:00:51 +0000

Advanced technologies in Microsoft Defender ATP next-generation protection exposed and defeated a widespread fileless campaign that completely “lived off the land” throughout a complex attack chain that run the info-stealing backdoor Astaroth directly in memory

The post Dismantling a fileless campaign: Microsoft Defender ATP next-gen protection exposes Astaroth attack appeared first on Microsoft Security.

Read more

Detecting credential theft through memory access modelling with Microsoft Defender ATP

Credit to Author: Eric Avena| Date: Thu, 09 May 2019 17:29:45 +0000

Microsoft Defender ATP instruments memory-related function calls such as VirtualAlloc and VirtualProtect to catch in-memory attack techniques like reflective DLL loading. The same signals can also be used to generically detect malicious credential dumping activities performed by a wide range of different individual tools.

The post Detecting credential theft through memory access modelling with Microsoft Defender ATP appeared first on Microsoft Security.

Read more

New ‘Under the Radar’ report examines modern threats and future technologies

Credit to Author: Malwarebytes Labs| Date: Wed, 05 Dec 2018 13:01:44 +0000

Malwarebytes released a new report called “Under the Radar: The Future of Undetected Malware” that takes a look at current threats using next generation tricks, and how current security technologies stand up to these threats, as well as the threats to come.

Categories:

Tags:

(Read more…)

The post New ‘Under the Radar’ report examines modern threats and future technologies appeared first on Malwarebytes Labs.

Read more