McAfee Labs is one of the leading sources for threat research, threat intelligence, and cybersecurity thought leadership. See our blog for more information.
McAfee Labs Blog FeedMore from McAfee Labs
REvil Ransomware Uses DLL Sideloading
This blog was written byVaradharajan Krishnasamy, Karthickkumar, Sakshi Jaiswal Introduction Ransomware attacks are one of the most common cyber-attacks among organizations; due to an increase in Ransomware-as-a-service (RaaS) on the black market. RaaS provides readily available ransomware to cyber criminals and is an effective way for attackers to deploy a ...
Hancitor Making Use of Cookies to Prevent URL Scraping
This blog was written by Vallabh Chole & Oliver Devane Over the years, the cybersecurity industry has seen many threats get taken down, such as the Emotet takedown in January 2021. It doesn’t usually take long for another threat to attempt to fill the gap left by the takedown. Hancitor ...
Zloader With a New Infection Technique
This blog was written by Kiran Raj & Kishan N. Introduction In the last few years, Microsoft Office macro malware using social engineering as a means for malware infection has been a dominant part of the threat landscape. Malware authors continue to evolve their techniques to evade detection. These techniques ...
Operation (노스 스타) North Star A Job Offer That’s Too Good to be True?
Executive Summary We are in the midst of an economic slump [1], with more candidates than there are jobs, something that has been leveraged by malicious actors to lure unwitting victims into opening documents laden with malware. While the prevalence of attacks during this unprecedented time has been largely carried ...
What CVE-2020-0601 Teaches Us About Microsoft’s TLS Certificate Verification Process
By: Jan Schnellbächer and Martin Stecher, McAfee Germany GmbH This week security researches around the world were very busy working on Microsoft’s major crypto-spoofing vulnerability (CVE-2020-0601) otherwise known as Curveball. The majority of research went into attacks with malicious binaries that are signed with a spoofed Certificate Authority (CA) which ...
McAfee Labs 2020 Threats Predictions Report
With 2019’s headlines of ransomware, malware, and RDP attacks almost behind us, we shift our focus to the cybercrime threats ahead. Cybercriminals are increasing the complexity and volume of their attacks and campaigns, always looking for ways to stay one step ahead of cybersecurity practices – and more often using ...
McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – What The Code Tells Us
Episode 1: What the Code Tells Us McAfee’s Advanced Threat Research team (ATR) observed a new ransomware family in the wild, dubbed Sodinokibi (or REvil), at the end of April 2019. Around this same time, the GandCrab ransomware crew announced they would shut down their operations. Coincidence? Or is there ...
Previsioni McAfee Labs sulle minacce 2019
Queste previsioni sono state redatte da Eoin Carroll, Taylor Dunton, John Fokker, German Lancioni, Lee Munson, Yukihiro Okutomi, Thomas Roccia, Raj Samani, Sekhar Sarukkai, Dan Sommer e Carl Woodward. Con l’avvicinarsi della fine del 2018, dovremmo forse essere grati che l’annata non sia stata dominata completamente dal ransomware, anche se ...
McAfee Labs 2019 年威胁预测
以下内容是对 2019 年安全威胁的预测分析,由 Eoin Carroll、Taylor Dunton、John Fokker、German Lancioni、Lee Munson、Yukihiro Okutomi、Thomas Roccia、Raj Samani、Sekhar Sarukkai、Dan Sommer 和 Carl Woodward 共同撰写。 2018 年即将进入尾声,在这一年,尽管 GandCrab 和 SamSam 勒索软件的新型变种不断兴风作浪,各种威胁恣意猖獗,但是勒索软件并没有呈现出横行泛滥的气候,或许,我们应该对此心存感激。在预测分析 2019 年的安全威胁时,我们的作法一改过去只评估某种特定威胁的兴起或衰败,取而代之,我们更加关注从当前的网络犯罪中观察到的种种迹象,这些迹象可能会逐渐形成趋势,若不严加防范,势必会演变成实质性的威胁。 根据我们的观察,网络犯罪分子越来越倾向于利用地下市场实施抱团作案,以此来提高其产品的效能。多年来,网络犯罪分子一直以这种方式联合作案;预计在 2019 年,这种地下市场经济必将扩张。有鉴于此,安全行业与勒索软件开发者之间的猫鼠游戏也会愈演愈烈,安全行业需要采取比以往更快、更有效的应对措施。 社交媒体进入我们的日常生活已十年有余。最近,一些民族国家罔顾声誉,利用社交媒体传播虚假信息。2019 年,我们预计犯罪分子将会开始借用这样的手段来谋取私利。同样,随着物联网逐渐走进千家万户,犯罪分子会将这些家庭中的设备作为攻击对象,借此收敛钱财。 有一点是可以肯定的:我们对技术的依赖已经渗透到生活的方方面面。有报告显示,因身份验证平台遭到破坏,多达 5000 万的用户为此而受到影响。现如今,一旦某个平台遭到入侵,受影响的决不再仅仅是这一个平台。一切皆有联系,只有当您与外界的关联越来越少时,所处的环境才会愈发安全。哪些与外界关联最弱的环境会遭受攻击?这将是我们日后面临的问题。 —Raj Samani,McAfee Advanced Threat Research 团队成员和首席科学家 Twitter @Raj_Samani 预测 地下网络犯罪分子将整合力量,建立更多联盟,以助推多种威胁的发展 未来,规避技术将应用人工智能 协同作用的威胁会成倍增长,我们需要采取综合的应对措施 虚假信息、敲诈型活动将危害企业的品牌形象 数据渗漏式攻击将瞄准云 IoT ...
Prévisions 2019 en matière de menaces — McAfee Labs
Ce rapport a été rédigé par Eoin Carroll, Taylor Dunton, John Fokker, German Lancioni, Lee Munson, Yukihiro Okutomi, Thomas Roccia, Raj Samani, Sekhar Sarukkai, Dan Sommer et Carl Woodward. Alors que 2018 touche à sa fin, nous devons sans doute nous estimer heureux que cette année n’ait pas été totalement dominée ...
