You are viewing 'attack vector'
Atom Bombing Returns
In November of 2016, I wrote a blog titled “Atom Bombing: Three ways to protect yourself.” I discussed a new attack vector uncovered by security researchers at enSilo that allowed attackers to inject code directly into atom tables. Atom tables are present in all Windows operating systems and function in multiple ways across the operating system. Here is a link that can help you learn more about atom tables.
Dridex, a common banking malware, has evolved to include atom bombing into its attack vector. It doesn’t take long for criminals to adopt new attack methods and this is a clear example. The latest Dridex variant,... read more >
ImageGate allows Ransomware Infection
With so many users accessing Facebook within corporate networks, it is imperative that your security team be up to date on current threats involving social media. A well-known piece of malware, Locky Ransomware, is spreading via Facebook Messenger by pretending to be a harmless image file. Since many companies allow employees to access Facebook, this presents a potentially massive hole in security programs.
The initial reports on this piece of ransomware show a commonality among the type of infection vector and approach used by the attackers. First, the user receives an instant message containing only an image file, or what appears to be an image file. It is usually titled generically with a .svg extension. A .svg (Scalable Vector Graphics) is an XML-based vector image, which is formatted for two dimensional graphics and support for animation and interactivity. These image files can be created and edited with any text... read more >
Three ways to protect yourself
If you keep up with security news then you have probably heard about atom bombing. Atom bombing is the latest way for attackers to inject malicious code into nearly any Windows operating system and it uses an inherent Windows mechanism known as “atom tables.” The jury is still out on just how dangerous this technique is, but anything that would allow an attacker to run malicious code on your machine should be considered a bad thing.
Atom tables are system-defined tables that store strings and corresponding identifiers. Windows uses these tables for a variety of purposes, everything from Dynamic Data Exchange (DDE) to applications. If you are interested in learning more about atom tables, you can go to https://msdn.microsoft.com/en-us/library/windows/desktop/ms649053(v=vs.85).aspx for more details.
For the purposes of this blog, I am... read more >
Understanding the How and Why Ransomware Targets are Identified and Pursued
Welcome back to our discussion about the Second Victim. You’ll recall that these are the unknown victims in a ransomware campaign. These are the servers used to deliver a message or accept payment, completely under someone else’s control and all without your knowledge. Today we are exploring some of the aspects that elevates a server from unknown, to target, and finally a victim. Whether its contents are being held for ransom, or they are a pawn in the actor’s nefarious game.
A researcher that I follow recently issued a “Heads Up” warning that new ransomware is targeting servers. At the time of the reporting there were at least 400 affected servers. After doing some digging, I confirmed that at least 40 servers are victims of ransomware and at least two dozen others may be affected, but are taking steps to remediate the problem. But how did this happen? What was it about these servers that made them vulnerable? Plagued by these questions, I... read more >
Why Your Website May be Hacked Once Google Indexes It
The attack methodology usually follows these lines:
- Identify SQL input locations.
- Determine capability of injection.
- Use SQLi to exfiltrate data/install backdoor.
How do attackers identify vulnerable targets?