Articles about Malware

Just how bulletproof is your security package? Sadly, even the most reputable names are occasionally caught flat-footed by a new threat. If you’re serious about protecting your computer, you’ll leap at the chance to add a secondary layer of protection that works in tandem with your main package to catch threats that are missed (or ignored).

The good news is that Malwarebytes 4.0 stands ready and waiting to answer the call for reinforcements. And we’ve got a mouth-watering deal that will enable you to protect up to five devices -- Windows, Mac and Android -- in your household for the next two years -- all for under $30!

Continue reading →

Ransomware now accounts for 69 percent of all attacks involving malware, according to the latest threatscape report from Positive Technologies.

The researchers have also identified a growing pattern of new malware specifically designed to penetrate Unix systems.

Continue reading →

Released at the same time as the company undergoes a redesign involving a new logo, Avast One is here to help keep you protected online. This is more than just an antivirus tool -- although an AV component is present -- this is a comprehensive suite of protective tools covering various aspects of security and privacy.

Things start off with Avast One Essentials, which is the free version of the security suite. For anyone with concerns about privacy, even this free version includes a powerful VPN with a generous weekly allowance. There is also protection against spyware, password theft and identity theft. And there is even more to explore in the paid-for editions.

Continue reading →

Infecting office files has been a popular malware technique for some time but is still popular among cybercriminals as it allows them to evade many detection solutions. New research from AtlasVPN reveals that 43 percent of all malware downloads in the second quarter of this year were malicious office documents.

This is an increase from the same period in 2020 when only 14 percent of malware came in office files. In the third quarter of last year the volume jumped to 38 percent before declining to 34 percent in Q4 2020 and Q1 2021.

Continue reading →

Researchers at SophosLabs have uncovered malware being distributed by a network of websites acting as a 'dropper as a service', serving up a variety of other nasty packages.

These droppers for hire are delivering bundles of malicious and unwanted content to targets looking for cracked versions of popular business and consumer applications.

Continue reading →

After scrutinizing numerous cybersecurity strategies in this book, Tim Rains, Microsoft’s former Global Chief Security Advisor, helps you understand the efficacy of popular cybersecurity strategies and more.

Cybersecurity Threats, Malware Trends, and Strategies offers an unprecedented long-term view of the global threat landscape by examining the twenty-year trend in vulnerability disclosures and exploitation, nearly a decade of regional differences in malware infections, the socio-economic factors that underpin them, and how global malware has evolved. This will give you further perspectives into malware protection for your organization. It also examines internet-based threats that CISOs should be aware of.

Continue reading →

A new email security report from GreatHorn reveals that 30 percent of links received by email lead to malicious sites.

Spoofed email accounts or websites are the most experienced form of a business email compromise (BEC) attack as 71 percent of organizations acknowledge they have seen one over the past year. This is followed by spear phishing (69 percent) and malware (24 percent).

Continue reading →

New data from Imperva Research Labs sees the highest percentage of bad bot traffic (25.6 percent) since the company began reporting traffic in 2014.

At the same time traffic from humans fell by 5.7 percent. More than 40 percent of all web traffic requests originated from a bot last year, suggesting the growing scale and widespread impact of bots in daily life.

Continue reading →

Imagine, for a moment, that you own a small business -- say, a regional dairy farm producing milk, ice cream, yogurt, and other products. And, like so many companies in the food manufacturing sector, you get hit by ransomware. You can’t access any of the data you need to run your business -- so you don’t know which products to ship, where to ship them, what prices you’ve negotiated, who’s paid and who hasn’t… everything is locked up. And, the clock is ticking -- you can’t tolerate extended downtime or products will spoil and customers will defect to other vendors.

The ransomware threat actor wants $50,000 to give you the decryption keys for your data. Your cyber insurance company tells you to just pay the ransom and they’ll cover most of it, as long as it doesn’t violate the rules set up by the US Treasury Department’s Office of Foreign Assets Control (OFAC) against paying ransom to gangs or nation states that are under economic sanctions. But, they do some research and determine the ransomware threat actor would fall under these rules, so they rescind the recommendation and will only partially offset what would be an enormously expensive IT consulting engagement to restore the systems in an acceptable period of time.

Continue reading →

Fileless malware attacks were up nearly 900 percent in 2020 and cryptominers grew by 25 percent, but ransomware payloads dropped by 48 percent compared with 2019.

These are findings of the latest internet security report from WatchGuard Technologies which is based on endpoint threat intelligence following WatchGuard's acquisition of Panda Security in June 2020.

Continue reading →

With large numbers of new samples appearing every day the old signature-based methods of malware detection have become unwieldy.

AI can learn from millions of samples, but if it uses all samples for optimum detection that means slower learning and updates. The alternative is to use only select samples to keep up with the rate of change of malware, but this runs the risk of 'catastrophic forgetting ' of older patterns.

Continue reading →

The latest Quarterly Threat Insights Report from HP shows that 29 percent of malware captured between October and December 2020 was previously unknown, due to the widespread use of packers and obfuscation techniques by attackers seeking to evade detection.

In addition 88 percent of malware was delivered by email into users' inboxes, in many cases having bypassed gateway filters. It took 8.8 days, on average, for threats to become known by hash to antivirus engines, giving hackers over a week’s head-start on their campaigns.

Continue reading →

New research shows that the majority of all malware is now delivered via cloud applications, showing how attackers increasingly abuse popular cloud services to evade legacy security defenses, putting enterprise data at risk.

The report from Netskope reveals that 61 percent of all malware was delivered via a cloud app, up from 48 percent year-over-year.

Continue reading →

A trojanized version of OpenSSH software is being used to steal SSH credentials from high performance computing (HPC) clusters, reports security firm ESET. The Linux malware has been dubbed Kobalos, and is described as "small, yet complex" and "tricksy".

Despite its diminutive size, the Kobalos backdoor is hitting some major targets including government systems in the US, universities in Europe, and a major ISP in Asia. Security experts report that while the multiplatform backdoor works on Linux, FreeBSD and Solaris, "there are also artifacts indicating that variants of this malware may exist for AIX and even Windows".

Continue reading →

Law enforcement authorities in the Netherlands, Germany, the US, the UK, France, Lithuania, Canada and Ukraine have collaborated to disrupt Emotet, one of the most significant botnets of the past decade.

The effort, coordinated by Europol the joint European policing agency, gained control of the Emotet infrastructure and took it down from the inside. Infected machines of victims have been redirected towards this law enforcement-controlled infrastructure.

Continue reading →