Recently, some individuals received emails that used Brexit to trick them into opening malicious office document attachments. The document’s authors must have been watching the news carefully because the file’s name was Brexit 15.11.2018.docx and the emails came around the same time as the release of the Brexit plan. Looking at the Document, we see the author of the document is … [Read more...]
2019 Security Predictions – Biometrics as Single-Factor Authentication Exploited by Attackers
As biometric logins become more common, hackers will take advantage of their use as a single-factor method of authentication to pull off a major attack in 2019. Biometric login methods such as face and fingerprint readers on consumer devices like smartphones and gaming consoles present a tempting target for hackers. While biometrics are more convenient than … [Read more...]
2019 Security Predictions – Fileless, Self-Propagating “Vaporworms” Attack
In 2019, a new breed of fileless malware will emerge, with wormlike properties that allow it to self-propagate through vulnerable systems and avoid detection. It has been over 15 years since the Code Red computer worm spread through hundreds of thousands of vulnerable Microsoft IIS web servers in an early example of a fileless worm. Since then, both worms and fileless … [Read more...]
Our Vaporworm Prediction Arrives Early
In one of our 2019 Security Predictions, we predicted a future where self-propagating, fileless malware “vaporworms” run rampant. This week, Trend Micro announced in a blog post that this future came earlier than we anticipated. In their write up, Trend Micro analyzes a newly discovered fileless variant of the BLADABINDI remote access trojan (RAT) that added self-propagation … [Read more...]
2019 Security Predictions – A Nation-State Launches a “Fire Sales” Attack
You may remember the fictional concept of a “fire sale” attack from the fourth Die Hard movie, in which a terrorist group planned a coordinated cyber attack against U.S. transportation, financial, and public utilities and communication systems. The terrorists meant to use the fear and confusion caused by the attack to siphon off huge sums of money and disappear without a … [Read more...]
