Duqu 2.0 is a strain of clever, nearly undetectable malware, derived from Stuxnet, that stays resident in its hosts' memory without ever writing persistent files to the system's drives.
Kaspersky Lab is about to publish a new report about the prevalence of file-less malware in 140 known banks and other firms in 40 countries -- and since this kind of malware is so hard to detect, Kaspersky estimates that the true infection rate is much higher.
Kaspersky isn't sure how the malware spreads.
The researchers first discovered the malware late last year, when a bank's security team found a copy of Meterpreter—an in-memory component of Metasploit—residing inside the physical memory of a Microsoft domain controller. After conducting a forensic analysis, the researchers found that the Meterpreter code was downloaded and injected into memory using PowerShell commands. The infected machine also used Microsoft's NETSH networking tool to transport data to attacker-controlled servers. To obtain the administrative privileges necessary to do these things, the attackers also relied on Mimikatz. To reduce the evidence left in logs or hard drives, the attackers stashed the PowerShell commands into the Windows registry.
Fortunately, the evidence on the domain controller was intact, presumably because it hadn't been restarted before Kaspersky Lab researchers began their investigation. An analysis of the dumped memory contents and the Windows registries allowed the researchers to restore the Meterpreter and Mimikatz code. The attackers, the researchers later determined, had used the tools to collect passwords of system administrators and for the remote administration of infected host machines.
A rash of invisible, fileless malware is infecting banks around the globe
[Dan Goodin/Ars Technica]
Investigative tech journalist Joseph Menn's (previously) next book is a history of the Cult of the Dead Cow (previously) the legendary hacker/prankster group that is considered to be "America's oldest hacking group."
Using software-defined radios, researchers from Trend Micro were able to reverse-engineer the commands used to control massive industrial machines, including cranes, excavators and scrapers; most of these commands were unencrypted, but even the encrypted systems were vulnerable to "replay attacks" that allowed the researchers to bypass the encryption.
"Letterlocking" is a term coined by MIT Libraries conservator Jana Dambrogio after she discovered a trove of letters while spelunking in the conservation lab of the Vatican Secret Archives; the letters had been ingeniously folded and sealed so that they couldn't be opened and re-closed without revealing that they had been read. Some even contained […]
Big companies want automation on a big scale. Doing that means diving into the tricky world of machine learning and data science. And no matter what platform you’ll be implementing it on, you can learn how with the Machine Learning & Data Science Certification Training Bundle. In 48 hours and through eight courses, this bundle […]
Big systems need tight security – and the experts who can implement it. Cisco Networking Systems are the go-to providers for network infrastructure, but maintaining it takes a lot of up-to-date knowledge. If you want that knowledge right from the source, there’s an online course that can get you certified painlessly: The Foundational Cisco CCNA […]
Computer slowing down? There are a ton of reasons why that might be, especially if your unit has a few years on it. Junk files and programs can accumulate over time, some even left over from otherwise uninstalled software. This virtual debris can slow your PC down dramatically, but there’s a surprisingly quick fix. Lauded […]