OceanLotus continues its activity particularly targeting company and government networks in East-Asian countries. A few months ago, we discovered and analyzed one of their latest backdoors. Several tricks are being used to convince the user to execute the backdoor, to slow down its analysis and to avoid detection. These techniques will be discussed in detail in this white paper.

In 2017, cryptocurrencies became a booming industry, attracting the attention of not only new users, but also cybercriminals. As the fraudsters came rushing to the newly crowded cryptocurrency space, users, businesses, and exchanges have found themselves the target of various fraud schemes – from phishing scams, through hacks, to surreptitious crypto-mining on compromised devices and, as of late 2017, via browsers.

Cybercrime targeting cryptocurrency has recently become so rampant that regulators have issued multiple warnings on cryptocurrency scams; Facebook banned all cryptocurrency ads on its platform; and insurers have started to offer protection against cryptocurrency theft.

The Internet of Things (IoT) has become a globally recognized term in workplaces and homes, and in a literal sense could be used to describe anything that is connected to the internet. However, if you ask what sort of devices are included in the IoT, then you are likely to get differing answers with respondents describing the devices they have come into contact with, or know about.

Malware writers have also begun to use more sophisticated methods to spread their infected apps  To avoid the unwanted attention, attackers have started to encrypt malicious payloads, burying them deeper in the application – often moving them to the assets folder, typically used for pictures or other necessary contents

Thanks to its strong anti-analysis measures, the FinFisher spyware has gone largely unexplored. Despite being a prominent surveillance tool, only partial analyses have been published on its more recent samples. Things were put in motion in the summer of 2017 with ESET’s analysis of FinFisher surveillance campaigns that ESET had discovered in several countries.

Turla is one of the longest-known state-sponsored cyberespionage groups, with well-known victims such as the US Department of Defense in 2008. The group owns a large toolset that is generally divided into several categories: the most advanced malware is only deployed on machines that are the most interesting to the attackers. Their espionage platform is mainly used against Windows machines, but also against macOS and Linux machines with various backdoors and a rootkit.

While our writers can never say  for certain that the issues covered in the following articles will come to pass we certainly wish for a less turbulent year in the cybersecurity world. We as well hope that this report will help readers become more aware of the problems that may occur. We are optimistic that a forward-thinking exercise such as Trends 2018 will enable all those    involved with, and concerned about, cybersecurity to contemplate, discuss, and counter current challenges and those to come.

The Stuxnet saga rolls on. And while a lot of talented people have been poring over the code for a while, some questions are still unresolved at this time, despite all the coverage. This report provides an analysis of the notorious Stuxnet worm (Win32/Stuxnet) that attracted the attention of virus researchers recently. It is primarily intended to describe targeted and semi-targeted attacks, and how they are implemented, focusing mainly on the most recent one – Stuxnet. This attack is, however, compared to the Aurora attack, outlining the similarities and differences between the two attacks.

Most companies understand cybersecurity solutions bring about benefits such as better control over data and services, and higher reliability, but are less confident about its impacts on deliverables such as sales and resource savings.

The world is changing in front of our eyes. Where facts, truth and honesty were once our most valuable assets, nowadays, alternative-facts, post-truths and outright lies reign. Unfortunately, the cybersecurity industry is no exception to this trend.

To get a global view of the Stantinko ecosystem, you need a lot of the pieces of the puzzle. The more we dug and tracked Stantinko, the more we could collect those pieces and put them together.

Among other things, this paper delivers a definition of ransomware is provided; ESET’s detection telemetry is used to see the current trends for this cyberthreat; and detail on the most noteworthy Android ransomware examples since 2014 is provided.

“Our analysis of the current state and evolution of technology reveals one aspect that stands out,” notes ESET Research Laboratories in its annual trends paper. “More and more devices and technologies mean greater challenges when it comes to maintaining information security, regardless of the area of implementation.”

The full whitepaper “En Route with Sednit,” compiling parts 1-3.

In the third and final part of our whitepaper “En Route with Sednit,” we describe a special downloader named Downdelph.