These days, we see an increasing number of new pieces of ransomware for Android devices. They adopt new social engineering, communication and encryption techniques such as the use of Tor and advanced encryption algorithms (RSA-1024 and even elliptic…
APT campaigns are typically described with awe surrounding the technical achievements enabled by the level of resources and capacity conceivably available only to nation-state governments and intelligence agencies, often dubbed APT groups. These…
Obfuscation techniques have become increasingly prevalent in malware programs as tools to thwart reverse engineering efforts and evade signature-based detection by security products. Among the most popular methods is the use of packers, which are…
The CryptoLocker ransomware was first discovered in late 2013. Millions of computers were infected, billions of files were encrypted, and millions of dollars’ worth of ransom was collected within several months. It caught a lot of researchers’…
Win32.Virlock, with all its variations, is both a new kind of file infector and a piece of ransomware (screen-locker) at the same time. In this paper, we aim to cover the techniques used by this virus and discuss methods that can be used to detect…
Point-of-Sale (POS) e-crime fraud was of little discussion until the fall of 2013. Since then, a large number of retail stores in the US have announced major breaches. The number of infected organizations is in the thousands, with credit card…
Current malware traffic detection solutions work mostly by using static fingerprints, white and black lists and
crowd-sourced threat intelligence analytics. These methods
are useful for detecting known malware in real time, but are insufficient…
After a series of takedowns of command and control (C&C) servers related to notorious banking and ransom malware such as GameOver Zeus, CryptoLocker and Citadel, cybercriminals started to look for innovative ways to make their infrastructure…
In the past few years, not a VB conference has gone by without a talk about someone hacking the devices they have at home. Be it routers, NAS-es or ‘smart’ TVs, there has always been one thing in common: the vendors have ignored the problems and…
This paper looks at the state of the AV industry in the context of the Internet of Things (IoT) in 2015, then drills down into the specific security implications faced, as well as, the current approaches taken to address them. We examine the…
Given the rapid growth of Android applications and malware, the use of behaviour-based methods is one of the most promising approaches for malware detection. Many security researchers are struggling with how to determine malicious behaviours and…
Most malware families are capable of evading detection and ensuring long persistence on infected machines through their update mechanisms. However, if one is able to reverse engineer such a sample and simulate C&C communication, invaluable…
This paper analyses various popular multi-rotor unmanned aerial vehicle (UAV) configurations and controllers for susceptibility to known and proof-of-concept security attacks. The study includes analysis of existing malicious attack claims and their…
How do you win a game when the rules don’t let you? You change the rules! In the computer security field, one possible game-changer is aggressively fighting back. Star Trek’s fictional James T. Kirk changed the Kobayashi Maru simulation from a no-win…
Over the past few years we have seen the rise of organized, specialized cybercriminal groups directly targeting financial institutions instead of their customers. This trend has been seen in several countries, but banks in Russia seem to be targeted…
This VB2016 paper addresses a number of increasingly urgent questions about the defence of information systems against criminal hackers, the first of which is: can the world produce enough appropriately skilled human defenders of digital systems to…
This VB2016 paper focuses on the techniques used by malware to detect virtual environments, and provides detailed technical descriptions of what can be done to defeat them.
"Most of you reading this article have the technical skill but do you have the people skills?" In 2000, James Wolfe urged security experts to sell themselves and their services.
The impact of a malware infection can be increased by applying ‘lateral movement’: spreading the infection from the original infected device to other devices within the same network. This paper shares the technical details of some of the most common…
Consider the following situation: at the beginning of our research we have an empty IDA database and binary code without labels and comments in Olly. After some dynamic analysis we will name a few functions. If, for some reason, an analysis is…
All of the products in this month's VBSpam test reached the benchmark required for VBSpam certification, and six of them performed well enough to earn the VBSpam+ accolade. This month, the VB test team also reported on products' ability to block spam…
It was an all-new platform for this month’s VB100 comparative, with the test team's first look at Microsoft’s latest server‑grade operating system variant, Windows Server 2016.
