News

Latest news about B2B cyber security >>> PR agencies: add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

15 years of Qakbot – a review
15 years of Qakbot – a review

Qakbot (aka QBot or Pinkslipbot) is a Trojan with a 15-year evolutionary history. From its origins as a banking Trojan, it continued to evolve into malware, which is now used for lateral distribution in a network and the deployment of ransomware. After being broken up by law enforcement authorities in August 2023, the 5th version of Qakbot was released a few months later. Zscaler analyzed the transformation of a resilient, persistent and innovative malware. Recently, the security researchers discovered that the threat actors have updated their code base to support 64-bit versions of Windows. In addition,…

Read more

Secure access through Zero Trust SD-WAN
Secure access through Zero Trust SD-WAN

A leading cloud security provider has announced a new Zero Trust SASE solution built on Zero Trust SD-WAN. It connects all branches with each other and secures data traffic. The industry's first single-vendor SASE solution is powered by Zscaler Zero Trust AI and helps organizations reduce costs and complexity while implementing zero trust security for users, devices and workloads. In addition, Zscaler announces the availability of the Zero Trust SD-WAN solution and its plug-and-play appliances. This solution enables customers to provide secure connectivity for branches, factories and data centers while…

Read more

Cyber ​​danger: HTML smuggling
Cyber ​​danger: HTML smuggling

With HTML smuggling, the malicious file is first created on the user's computer. Therefore, traditional anti-malware programs and sandboxes do not detect the attack. AI-based browser isolation provides protection. HTML smuggling is a highly efficient malware distribution technique that uses legitimate HTML5 and JavaScript functions to infect. This smuggling technique distributes Remote Access Trojans (RATs), banking malware, and other malicious payloads because HTML smuggling bypasses traditional security controls such as web proxies, email gateways, and legacy sandboxes. Attackers hide their activities in seemingly harmless web traffic, making it difficult for security tools to...

Read more

Growing threats over the last year
Growing threats over the last year

In 2023, threats have increased significantly. Attacks via encrypted channels have increased by 24 percent. Manufacturing is once again at the top of the most targeted sectors. These are the results of the annual ZsclaerTM ThreatLabz State of Encrypted Attacks Report 2023 at a glance: Threats transported over HTTPS traffic increased by 24 percent year-over-year in the Zscaler cloud, representing almost 30 billion threats blocked. Encrypted malware and malicious content are one of the biggest threats, accounting for 78 percent of attacks observed. The manufacturing sector was responsible for 32 percent of encrypted…

Read more

Phishing, vishing and quishing
Phishing, vishing and quishing

In the early days, phishing attacks were often very simple and used legitimate sources of written communication such as email to gain access to sensitive data. In the age of AI, it is tempting to consider how attackers are modernizing their phishing methods. With the growing popularity of GenAI tools, voice-based phishing attacks – also known as “vishing” – have become the new norm and the evolution of attack methods continues. Phishing as a springboard To understand the importance of phishing in the malware industry, it helps to look at the anatomy of a...

Read more

IoT malware attacks up 400 percent!
IoT malware attacks up 400 percent!

Since last year, IoT malware attacks have increased by 400 percent. This is proven by the new ZscalerTM ThreatLabz 2023 Enterprise IoT and OT Threat Report. Also important: The manufacturing and education sectors are the hardest hit. This year's ZscalerTM ThreatLabz 2023 Enterprise IoT and OT Threat Report provides a detailed look at malware activity over six months, analyzing approximately 300.000 blocked attack attempts on IoT devices blocked by the Zscaler Zero Trust Exchange™ platform. The high number of attacks on IoT devices has resulted in a 400 percent increase compared to the previous year...

Read more

Malware HijackLoader uses evasion techniques to attack
B2B Cyber ​​Security ShortNews

The HijackLoader downloader is becoming increasingly popular among threat actors, which is why analysts from the ThreatLabZ team have now examined this malware, which has been appearing since July 2023, in more detail. Due to its modular architecture, the loader is able to use a variety of modules for code injection and execution. Based on Zscaler telemetry data, it can be concluded that HijackLoader poses a high threat potential as it can be used to load various malware families such as Danabot, SystemBC and RedLine Stealer. It uses embedded modules for code injection, which enable flexibility and...

Read more

CryptNet: Ransomware-as-a-Service with obfuscation
B2B Cyber ​​Security ShortNews

The ransomware group CryptNet has been active since April 2023. Their malware, which is also offered as ransomware-as-a-service on the dark web, is simple but arguably effective and well-disguised against detections. An analyst from the Zscaler ThreatLabz team. The new group sells their ransomware-as-a-service in underground forums and recruits partners for their criminal activities there. The analysts now examined the modus operandi of the current campaign, which according to the threat actors steals data from affected companies before decryption in order to reinforce their ransom demands by publishing them on a data leak website. Ransomware including obfuscation The code of the…

Read more

New Trojan Pikabot
B2B Cyber ​​Security ShortNews

The malicious backdoor Pikabot is modular, with a loader and a core component that implements most of the functionality. A number of anti-analysis techniques are employed, making it difficult to detect malicious activity. The analysis found a similarity to Qakbot in terms of distribution mode, campaigns, and malware behavior, with no indication of whether they are the same malware authors. It is capable of receiving commands from a command-and-control server, which injects any shellcode, DLL, or executable file. Malicious Functionality After…

Read more

Fail: APT group only rudimentarily deletes telltale data
B2B Cyber ​​Security ShortNews

Members of the APT37 group have only rudimentarily deleted their collected attack data. Experts restored the data and analyzed it in detail. They found activity timelines, malicious code, and plenty of useful clues to internal workings. Even cybercriminals store data on GitHub and forget to completely delete their data. The Zscaler ThreatLabz team got a closer look at the tools, techniques, and processes (TTPs) of APT37 (aka ScarCruft or Temp.Reaper), a North Korean-based Advanced Persistent Threats threat actor. Data from APT37 shows the procedure In their research,…

Read more