Tag Archive for: Techniques

Jupyter Malware Variant Targets Browsers, Crypto-Wallets with Sophisticated Evasion Techniques


Security researchers have identified a significant uptick in attacks by a new, more sophisticated variant of the Jupyter malware, targeting popular browsers and crypto-wallets with advanced evasion techniques. This variant, also known as Yellow Cockatoo, Solarmarker, and Polazert, has been active since at least 2020 but has seen a resurgence with enhancements that make it harder to detect.

A Persistent Data-Stealing Cyber Threat

VMware’s Carbon Black team recently observed the malware leveraging PowerShell command modifications and legitimate-looking, digitally signed payloads to infect a growing number of systems. These modifications enhance Jupyter’s evasion capabilities, allowing it to backdoor machines and harvest a variety of credential information without detection. Morphisec and BlackBerry have further detailed its capabilities, including support for command and control communications and the execution of PowerShell scripts and commands, highlighting its function as a full-fledged backdoor.

Jupyter: Getting Around Malware Detection

The recent attacks have seen the Jupyter operator using valid certificates to digitally sign the malware, making it appear legitimate to malware detection tools. VMware researchers noted the malware’s use of SEO poisoning and search engine redirects as part of its attack chain, demonstrating its sophisticated credential harvesting and encrypted communication capabilities. Abe Schneider, threat analyst lead at Carbon Black, highlighted new improvements to the infostealer, including the use of an installer called InnoSetup, which serves as the first payload delivered to victim devices.

A Troubling Increase in Infostealers

Jupyter’s resurgence is part of a broader, concerning trend in the rise of infostealers, exacerbated by the shift to remote work during the COVID-19 pandemic. Organizations like Red Canary and Uptycs have reported sharp increases in infostealer distribution, with attackers leveraging the malware to gain quick, persistent, and privileged access to enterprise networks and systems. The demand for stolen data on criminal forums remains high, underscoring the ongoing threat posed…

Source…

5 Most Dangerous New Hacking Techniques



Increasing Militarization Of The Internet

The rise of Stuxnet, Flame, Gause, the Olympic Games operations and Shamoon have all shed light on the issue of nation-state driven cyberwarfare and cyberespionage activities. Now that we are in cyberspace, we have another domain for humans to occupy and dominate, according to Ed Skoudis, founder of Counter Hack Challenges.

Skoudis told RSA Conference 2013 attendees that he worries about some of the risks of taking action over the Internet. Many of the nation-state driven activities could have a tremendous impact on the private sector, he said. “It could have a cascading impact,” he said. “It is possible that every cyberaction could cause bigger problems than people think.” Some of the techniques outlined by Skoudis and Johannes Ullrich, chief research officer at the SANS Institute are not new, but they are being ramped up by cybercriminals to become a serious problem.

Here’s a look at the five most dangerous new hacking techniques that concern top security experts Ullrich and Skoudis.


Rise Of Offensive Forensics

Anti-forensics is the process of cybercriminals getting into a targeted environment and hacking the forensics tools themselves. Offensive forensics is taking forensics techniques and analyzing file systems and memory in-depth then combing them for information assets and extracting them.


Mis-Attribuiton

The industrial processes used to build Stuxnet and other malware provides unique fingerprints for malware analysis investigators to categorize it. Coding styles down to machine level language can indicate a specific threat actor. A nation-state backed cybercriminal that doesn’t want to get noticed may place phony clues in malware to shake off investigators, Skoudis said. The catastrophic attack on Saudi Aramco via Shamoon infections on that company’s workstations had some…

Source…

Delinea report highlights switch in ransomware techniques


Delinea recently published its annual State of Ransomware report. The analysis revealed an upward trend in ransomware, signalling a shift in cybercriminal strategies. Traditional techniques of incapacitating a business and demanding a ransom have given way to stealthier methods, such as exfiltrating confidential data to sell to the top payer on the darknet or utilising it to demand substantial cyber insurance settlements.

The research, entitled ‘State of Ransomware 2024: Anticipating the Battle and Strengthening Your Defenses,’ analysed Censuswide survey data from more than 300 American IT and Security decision makers. The research sought to uncover significant shifts compared to previous year data and determine emerging trends. Primary among them is a resurgence of ransomware; even though the numbers have not yet reached the 2021 peak, the proportion of organisations citing themselves as recent victims more than doubled from 25% to 53%. Mid-sized businesses have emerged as the prime targets of cybercriminals, with 65% of these organisations noting incidents of ransomware in the last 12 months. There are also more victims paying ransoms than before, with the figure increasing from 68% to 76% since the last year.

Interestingly, the survey shed light on new motives, strategies, and tactics. There was a 39% surge in data exfiltration, shifting from 46% to 64% and becoming the motive of choice for attackers. This move towards stealing sensitive data to sell on the darknet is demonstrated in the significant decline in traditional money extortion, which dropped from 69% to 34% this year.

Rick Hanson, President at Delinea, stated, “Ransomware certainly appears to have reached a critical sea change – it’s no longer just about the quick and easy payout. Even as organisations are investing more in safety nets like cyber insurance which often have ransomware payouts included in coverage policies, cybercriminals are finding that using stealth tactics to stay under the radar and access sensitive, valuable information to sell is the better investment of their effort.”

Another notable development is the shift in cyber criminals’ tactics. The preferred method moved from email (down…

Source…

Researchers Unveal GuLoader Malware’s Latest Anti-Analysis Techniques


Dec 09, 2023NewsroomMalware / Cyberattack

Anti-Analysis Techniques

Threat hunters have unmasked the latest tricks adopted by a malware strain called GuLoader in an effort to make analysis more challenging.

“While GuLoader’s core functionality hasn’t changed drastically over the past few years, these constant updates in their obfuscation techniques make analyzing GuLoader a time-consuming and resource-intensive process,” Elastic Security Labs researcher Daniel Stepanic said in a report published this week.

First spotted in late 2019, GuLoader (aka CloudEyE) is an advanced shellcode-based malware downloader that’s used to distribute a wide range of payloads, such as information stealers, while incorporating a bevy of sophisticated anti-analysis techniques to dodge traditional security solutions.

A steady stream of open-source reporting into the malware in recent months has revealed the threat actors behind it have continued to improve its ability to bypass existing or new security features alongside other implemented features.

GuLoader is typically spread through phishing campaigns, where victims are tricked into downloading and installing the malware through emails bearing ZIP archives or links containing a Visual Basic Script (VBScript) file.

UPCOMING WEBINAR

Cracking the Code: Learn How Cyber Attackers Exploit Human Psychology

Ever wondered why social engineering is so effective? Dive deep into the psychology of cyber attackers in our upcoming webinar.

Join Now

Israeli cybersecurity company Check Point, in September 2023, revealed that “GuLoader is now sold under a new name on the same platform as Remcos and is implicitly promoted as a crypter that makes its payload fully undetectable by antiviruses.”

One of the recent changes to the malware is an improvement of an anti-analysis technique first disclosed by CrowdStroke in December 2022 and which is centered around its Vectored Exception Handling (VEH) capability.

It’s worth pointing out that the mechanism was previously detailed by both McAfee Labs and Check Point in May 2023, with the former stating that “GuLoader employs the VEH mainly for obfuscating the execution flow and to slow down the analysis.”

The method “consists of breaking the…

Source…