You are viewing 'attack vector'

New and Improved Dridex

Atom Bombing Returns

David Biser

April 06, 2017 - Posted by David Biser to Security News

Atom Bombing

In November of 2016, I wrote a blog titled “Atom Bombing: Three ways to protect yourself.”  I discussed a new attack vector uncovered by security researchers at enSilo that allowed attackers to inject code directly into atom tables. Atom tables are present in all Windows operating systems and function in multiple ways across the operating system. Here is a link that can help you learn more about atom tables.

Dridex, a common banking malware, has evolved to include atom bombing into its attack vector. It doesn’t take long for criminals to adopt new attack methods and this is a clear example. The latest Dridex variant,... read more >

Facebook isn’t Safebook!

ImageGate allows Ransomware Infection

David Biser

November 29, 2016 - Posted by David Biser to Security News

Facebook

With so many users accessing Facebook within corporate networks, it is imperative that your security team be up to date on current threats involving social media. A well-known piece of malware, Locky Ransomware, is spreading via Facebook Messenger by pretending to be a harmless image file. Since many companies allow employees to access Facebook, this presents a potentially massive hole in security programs.

The initial reports on this piece of ransomware show a commonality among the type of infection vector and approach used by the attackers. First, the user receives an instant message containing only an image file, or what appears to be an image file. It is usually titled generically with a .svg extension. A .svg (Scalable Vector Graphics) is an XML-based vector image, which is formatted for two dimensional graphics and support for animation and interactivity. These image files can be created and edited with any text... read more >

Atom Bombing

Three ways to protect yourself

David Biser

November 10, 2016 - Posted by David Biser to Security News

Atom Bombing

If you keep up with security news then you have probably heard about atom bombing. Atom bombing is the latest way for attackers to inject malicious code into nearly any Windows operating system and it uses an inherent Windows mechanism known as “atom tables.” The jury is still out on just how dangerous this technique is, but anything that would allow an attacker to run malicious code on your machine should be considered a bad thing.

Atom tables are system-defined tables that store strings and corresponding identifiers. Windows uses these tables for a variety of purposes, everything from Dynamic Data Exchange (DDE) to applications. If you are interested in learning more about atom tables, you can go to https://msdn.microsoft.com/en-us/library/windows/desktop/ms649053(v=vs.85).aspx for more details. 

For the purposes of this blog, I am... read more >

Server Victimology

Understanding the How and Why Ransomware Targets are Identified and Pursued

Ramece Cave

June 16, 2016 - Posted by Ramece Cave to Security Insight

Server Victimology - What Makes a Server a Target?

Welcome back to our discussion about the Second Victim. You’ll recall that these are the unknown victims in a ransomware campaign. These are the servers used to deliver a message or accept payment, completely under someone else’s control and all without your knowledge. Today we are exploring some of the aspects that elevates a server from unknown, to target, and finally a victim. Whether its contents are being held for ransom, or they are a pawn in the actor’s nefarious game.

A researcher that I follow recently issued a “Heads Up” warning that new ransomware is targeting servers. At the time of the reporting there were at least 400 affected servers. After doing some digging, I confirmed that at least 40 servers are victims of ransomware and at least two dozen others may be affected, but are taking steps to remediate the problem. But how did this happen? What was it about these servers that made them vulnerable? Plagued by these questions, I... read more >

Protecting your Website from SQL Injection Attacks

Why Your Website May be Hacked Once Google Indexes It

Jacob Faires

November 18, 2014 - Posted by Jacob Faires to Security Insight

SQL Injection

SQL injection (SQLi) vulnerability on a website is a big fear for a web developer, a bigger fear for a business and one of the biggest fears for anyone involved with finance or point-of-sale (POS).

The attack methodology usually follows these lines:

  1. Identify SQL input locations.
  2. Determine capability of injection.
  3. Use SQLi to exfiltrate data/install backdoor.

How do attackers identify vulnerable targets?

Tools with SQL scanning capabilities, like Burp Suite, Havij and Acunetix, are able to discover vulnerabilities in websites, but they are not the most common way to... read more >

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)

LATEST TWEETS